Adaptable, model-driven security engineering for SaaS cloud-based applications

Software-as-a-service (SaaS) multi-tenancy in cloud-based applications helps service providers to save cost, improve resource utilization, and reduce service customization and maintenance time. This is achieved by sharing of resources and service instances among multiple “tenants” of the cloud-hosted application. However, supporting multi-tenancy adds more complexity to SaaS applications required capabilities. Security is one of these key requirements that must be addressed when engineering multi-tenant SaaS applications. The sharing of resources among tenants—i.e. multi-tenancy—increases tenants’ concerns about the security of their cloud-hosted assets. Compounding this, existing traditional security engineering approaches do not fit well with the multi-tenancy application model where tenants and their security requirements often emerge after the applications and services were first developed. The resultant applications do not usually support diverse security capabilities based on different tenants’ needs, some of which may change at run-time i.e. after cloud application deployment. We introduce a novel model-driven security engineering approach for multi-tenant, cloud-hosted SaaS applications. Our approach is based on externalizing security from the underlying SaaS application, allowing both application/service and security to evolve at runtime. Multiple security sets can be enforced on the same application instance based on different tenants’ security requirements. We use abstract models to capture service provider and multiple tenants’ security requirements and then generate security integration and configurations at runtime. We use dependency injection and dynamic weaving via Aspect-Oriented Programming (AOP) to integrate security within critical application/service entities at runtime. We explain our approach, architecture and implementation details, discuss a usage example, and present an evaluation of our approach on a set of open source web applications.

[1]  Ning Wang,et al.  A Transparent Approach of Enabling SaaS Multi-tenancy in the Cloud , 2010, 2010 6th World Congress on Services.

[2]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[3]  Jun Zhang,et al.  Construction of a Trusted SaaS Platform , 2010, 2010 Fifth IEEE International Symposium on Service Oriented System Engineering.

[4]  Mario Piattini,et al.  Applying a Security Requirements Engineering Process , 2006, ESORICS.

[5]  Jan Jürjens,et al.  Security protocols, properties, and their monitoring , 2008, SESS '08.

[6]  Bin Zhang,et al.  Research and Implementation of a New SaaS Service Execution Mechanism with Multi-Tenancy Support , 2009, 2009 First International Conference on Information Science and Engineering.

[7]  Young-Koo Lee,et al.  Multi-Tenant, Secure, Load Disseminated SaaS Architecture , 2010, 2010 The 12th International Conference on Advanced Communication Technology (ICACT).

[8]  Thorsten von Eicken,et al.  技術解説 IEEE Computer , 1999 .

[9]  Romain Robbes,et al.  Recovering inter-project dependencies in software ecosystems , 2010, ASE.

[10]  Nancy R. Mead,et al.  Security quality requirements engineering (SQUARE) methodology , 2005, SESS@ICSE.

[11]  Ninghui Li,et al.  Denial of service attacks and defenses in decentralized trust management , 2006, 2006 Securecomm and Workshops.

[12]  Beijun Shen,et al.  From isolated tenancy hosted application to multi-tenancy: Toward a systematic migration method for web application , 2010, 2010 IEEE International Conference on Software Engineering and Service Sciences.

[13]  Ke Zhang,et al.  An End-to-End Methodology and Toolkit for Fine Granularity SaaS-ization , 2009, 2009 IEEE International Conference on Cloud Computing.

[14]  Yves Le Traon,et al.  A Model-Based Framework for Security Policy Specification, Deployment and Testing , 2008, MoDELS.

[15]  Perdita Stevens,et al.  Modelling Recursive Calls with UML State Diagrams , 2003, FASE.

[16]  Matt Bishop,et al.  Supporting reconfigurable security policies for mobile programs , 2000, Comput. Networks.

[17]  Andrzej M. Goscinski,et al.  Toward a Framework for Cloud Security , 2010, ICA3PP.

[18]  Eugene Miya,et al.  On "Software engineering" , 1985, SOEN.

[19]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[20]  Gordon S. Blair,et al.  Models@ run.time , 2009, Computer.

[21]  Brice Morin,et al.  Security-driven model-based dynamic adaptation , 2010, ASE '10.

[22]  Jan Jürjens,et al.  Formally testing fail-safety of electronic purse protocols , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[23]  Ruth Breu,et al.  SeAAS - A Reference Architecture for Security Services in SOA , 2009, J. Univers. Comput. Sci..

[24]  Dieter Gollmann,et al.  Computer Security - ESORICS 2006, 11th European Symposium on Research in Computer Security, Hamburg, Germany, September 18-20, 2006, Proceedings , 2006, ESORICS.

[25]  John Mylopoulos,et al.  Secure-I*: Engineering Secure Software Systems through Social Analysis , 2009, Int. J. Softw. Informatics.

[26]  John Grundy,et al.  Supporting automated software re-engineering using re-aspects , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[27]  Antonio Maña,et al.  SERENITY Pattern-Based Software Development Life-Cycle , 2008, 2008 19th International Workshop on Database and Expert Systems Applications.

[28]  Axel van Lamsweerde,et al.  From system goals to intruder anti-goals: attack generation and resolution for security requirements engineering , 2003 .

[29]  Mary Lou Soffa,et al.  Retargetable and reconfigurable software dynamic translation , 2003, International Symposium on Code Generation and Optimization, 2003. CGO 2003..

[30]  Bo Gao,et al.  A Framework for Native Multi-Tenancy Application Development and Management , 2007, The 9th IEEE International Conference on E-Commerce Technology and The 4th IEEE International Conference on Enterprise Computing, E-Commerce and E-Services (CEC-EEE 2007).

[31]  John C. Grundy,et al.  An Analysis of the Cloud Computing Security Problem , 2016, APSEC 2010.

[32]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[33]  Haralambos Mouratidis,et al.  Secure Tropos: a Security-Oriented Extension of the Tropos Methodology , 2007, Int. J. Softw. Eng. Knowl. Eng..

[34]  Jon Whittle,et al.  A Survey of Approaches to Adaptive Application Security , 2007, International Workshop on Software Engineering for Adaptive and Self-Managing Systems (SEAMS '07).

[35]  Shigeru Chiba,et al.  Extending AspectJ for separating regions , 2009, GPCE '09.

[36]  Thomas Vogel,et al.  The Role of Models and Megamodels at Runtime , 2010, MoDELS.

[37]  Jing Xu,et al.  Research and implementation on access control of management-type SaaS , 2010, 2010 2nd IEEE International Conference on Information Management and Engineering.

[38]  Frank Leymann,et al.  Defining Composite Configurable SaaS Application Packages Using SCA, Variability Descriptors and Multi-tenancy Patterns , 2008, 2008 Third International Conference on Internet and Web Applications and Services.

[39]  Christoph Meinel,et al.  The Service Security Lab: A Model-Driven Platform to Compose and Explore Service Security in the Cloud , 2010, 2010 6th World Congress on Services.

[40]  Xin Jin,et al.  A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC , 2012, DBSec.

[41]  Brice Morin,et al.  Taming Dynamically Adaptive Systems using models and aspects , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[42]  Pierre-Yves Schobbens,et al.  Tool support for code generation from a UMLsec property , 2010, ASE.

[43]  Jan Jürjens,et al.  Towards Development of Secure Systems Using UMLsec , 2001, FASE.

[44]  Shambhu Upadhyaya,et al.  Target-Centric Formal Model For Insider Threat And More , 2004 .