Abstract
Software-as-a-service (SaaS) multi-tenancy in cloud-based applications helps service providers to save cost, improve resource utilization, and reduce service customization and maintenance time. This is achieved by sharing of resources and service instances among multiple “tenants” of the cloud-hosted application. However, supporting multi-tenancy adds more complexity to SaaS applications required capabilities. Security is one of these key requirements that must be addressed when engineering multi-tenant SaaS applications. The sharing of resources among tenants—i.e. multi-tenancy—increases tenants’ concerns about the security of their cloud-hosted assets. Compounding this, existing traditional security engineering approaches do not fit well with the multi-tenancy application model where tenants and their security requirements often emerge after the applications and services were first developed. The resultant applications do not usually support diverse security capabilities based on different tenants’ needs, some of which may change at run-time i.e. after cloud application deployment. We introduce a novel model-driven security engineering approach for multi-tenant, cloud-hosted SaaS applications. Our approach is based on externalizing security from the underlying SaaS application, allowing both application/service and security to evolve at runtime. Multiple security sets can be enforced on the same application instance based on different tenants’ security requirements. We use abstract models to capture service provider and multiple tenants’ security requirements and then generate security integration and configurations at runtime. We use dependency injection and dynamic weaving via Aspect-Oriented Programming (AOP) to integrate security within critical application/service entities at runtime. We explain our approach, architecture and implementation details, discuss a usage example, and present an evaluation of our approach on a set of open source web applications.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Akai, S., Chiba, S.: Extending AspectJ for Separating Regions. ACM, New York (2009)
Almorsy, M., Grundy, J., Mueller, I.: An analysis of the cloud computing security problem. In: Proc. of 2010 Asia Pacific Cloud Workshop, Colocated with APSEC, Sydney, Australia (2010)
Almorsy, M., Grundy, J., Ibrahim, A.S.: Supporting automated software re-engineering using re-aspects. In: Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering ASE 2012, New York, NY, USA, 2012, pp. 230–233. ACM, New York (2012)
Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, New York (2001)
Bauer, A., Jürjens, J.: Security protocols, properties, and their monitoring. In: Proceedings of the Fourth International Workshop on Software Engineering for Secure Systems, SESS ’08. New York, NY, USA, 2008. pp. 33–40. ACM, New York (2008)
Blair, G., Bencomo, N., Frame, R.B.: Models@run.time. IEEE Comput., 22–27 (2009)
Brock, M., Goscinski, A.: Toward a framework for cloud security algorithms and architectures for parallel processing. In: Lecture Notes in Computer Science, vol. 6082, pp. 254–263. Springer, Berlin (2010)
Cai, H., Zhang, K., Zhou, M.J., Gong, W., Cai, J.J., Mao, X.S.: An end-to-end methodology and toolkit for fine granularity SaaS-ization. In: 2009 IEEE International Conference on Cloud Computing, 21–25 Sept. 2009, pp. 101–108 (2009)
Cai, H., Wang, N., Zhou, M.J.: A transparent approach of enabling SaaS multi-tenancy in the cloud. In: 2010 6th World Congress on Services, 5–10 July 2010, pp. 40–47 (2010)
Chinchani, R., Iyer, A., Ngo, H., Upadhyaya, S.: A target-centric formal model for insider threat and more. Technical Report 2004-16, University of Buffalo, US (2004)
Elkhodary, A., Whittle, J.: A survey of approaches to adaptive application security. In: International Workshop on Software Engineering for Adaptive and Self-Managing Systems, pp. 1–16 (2007)
Guo, C.J., Sun, W., Huang, Y., Wang, Z.H., Gao, B.: A framework for native multi-tenancy application development and management. In: The 9th IEEE International Conference on E-Commerce Technology and 4th IEEE International Conference on Enterprise Computing, E-Commerce, and E-Services, 2007. CEC/EEE 2007, 23–26 July 2007, pp. 551–558 (2007)
Hafner, M., Memon, M., Breu, R.: Seaas—a reference architecture for security services in soa. J. Univers. Comput. Sci. 15, 2916–2936 (2009)
Hashii, B., Malabarba, S., Pandey, R., Bishop, M.: Supporting Reconfigurable Security Policies for Mobile Programs. North-Holland Publishing Co., Amsterdam (2000)
Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering dac, mac and rbac. In: Proceedings of the 26th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, pp. 41–55 (2012)
Johansen, R., Stephan, S., Peter, S.: Yiihaw .net aspect weaver usage guide. http://www.itu.dk/~sestoft/papers/yiihaw-usage-guide.pdf (2007)
Jürjens, J.: Towards development of secure systems using UMLsec. In: Fundamental Approaches to Software Engineering. Lecture Notes in Computer Science, vol. 2029, pp. 187–200. Springer, Berlin (2001)
Jürjens, J., Wimmel, G.: Formally testing fail-safety of electronic purse protocols. In: Proceedings. 16th Annual International Conference on Automated Software Engineering, Nov. 2001, pp. 408–411 (2001)
Lamsweerde, A., Brohez, S., et al.: System goals to intruder anti-goals: attack generation and resolution for security requirements engineering. In: Proc. of the 3rd Workshop on Requirements for High Assurance Systems, Monterey, 2003, pp. 49–56. ACM, New York (2003)
Liu, L., Yu, E., Mylopoulos, J.: Secure i∗: engineering secure software systems through social analysis. Int. J. Softw. Inf. 3, 89–120 (2009)
Lodderstedt, T., Basin, D., Doser, J.: Secureuml: a uml-based modeling language for model-driven security. In: The 5th International Conference on the Unified Modeling Language, Dresden, Germany, 2002, vol. 2460, pp. 426–441. Springer, Berlin (2002)
Mead, N., Stehney, T.: Security Quality Requirements Engineering (Square) Methodology. ACM, New York (2005)
Mellado, D., Fernández-Medina, E., Piattini, M.: Applying a security requirements engineering process. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) Computer Security—ESORICS 2006. Lecture Notes in Computer Science, vol. 4189, pp. 192–206. Springer, Berlin (2006)
Menzel, M., Warschofsky, R., Thomas, I., Willems, C., Meinel, C.: The service security lab: a model-driven platform to compose and explore service security in the cloud. In: 2010 6th World Congress on Services, 5–10 July 2010, pp. 115–122 (2010)
Mietzner, R., Leymann, F., Papazoglou, M.P.: Defining composite configurable SaaS application packages using sca, variability descriptors and multi-tenancy patterns. In: Third International Conference on Internet and Web Applications and Services, 2008. ICIW ’08, 8–13 June 2008, pp. 156–161 (2008)
Montrieux, L., Jürjens, J., Haley, C.B., Yu, Y., Schobbens, P.-Y., Toussaint, H.: Tool support for code generation from a UMLsec property. In: Proceedings of the IEEE/ACM International Conference on Automated Software Engineering, ASE ’10, New York, NY, USA, 2010, pp. 357–358. ACM, New York (2010)
Morin, B., Barais, O., Nain, G., et al.: Taming dynamically adaptive systems using models and aspects. In: IEEE 31st Int. Conf. on Software Engineering, Vancouver, BC, 2009, pp. 122–132. IEEE Computer Society, Washington (2009)
Morin, B., Mouelhi, T., Fleurey, F., Traon, Y., Barais, O., Jézéquelet, J.: Security-Driven Model-Based Dynamic Adaptation. ACM, New York (2010)
Mouelhi, T., Fleurey, F., Baudry, B., Traon, Y.: A model-based framework for security policy specification, deployment and testing. In: Proceedings of the 11th Int. Conf. on Model Driven Engineering Languages and Systems, France, 2008. Springer, Berlin (2008)
Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. (2007)
Pervez, Z., Lee, S., Lee, Y.-K.: Multi-tenant, secure, load disseminated SaaS architecture. In: 2010 the 12th International Conference on Advanced Communication Technology, 7–10 Feb. 2010, vol. 1, pp. 214–219 (2010)
Pervez, Z., Lee, S., Lee, Y.-K.: Multi-tenant, secure, load disseminated SaaS architecture. In: Proceedings of the 12th International Conference on Advanced Communication Technology, Gangwon-Do, South Korea, pp. 214–219. IEEE Press, New York (2010)
Sanchez-Cid, F., Mana, A.: Serenity pattern-based software development life-cycle. In: 19th International Workshop on Database and Expert Systems Application, pp. 305–309 (2008)
Scott, K., Kumar, N., Velusamy, S., et al.: Retargetable and Reconfigurable Software Dynamic Translation. IEEE Computer Society, Washington (2003)
Sindre, G., Opdahl, A.: Eliciting security requirements with misuse cases. Requir. Eng. 10(1), 34–44 (2005)
Vogel, T., Seibel, A., Giese, H.: The role of models and megamodels at runtime. In: Proceedings of the 2010 International Conference on Models in Software Engineering, pp. 224–238 (2010)
Wang, D., Zhang, Y., Zhang, B., Liu, Y.: Research and implementation of a new SaaS service execution mechanism with multi-tenancy support. In: Proceedings of the 2009 First IEEE International Conference on Information Science and Engineering, pp. 336–339. IEEE Computer Society, Washington (2009)
Xu, J., Jinglei, T., Dongjian, H., Linsen, Z., Lin, C., Fang, N.: Research and implementation on access control of management-type SaaS. In: 2010 the 2nd IEEE International Conference on Information Management and Engineering (ICIME), 16–18 April 2010, pp. 388–392 (2010)
Zhang, X., Shen, B., Tang, X., Chen, W.: From isolated tenancy hosted application to multi-tenancy: toward a systematic migration method for web application. In: 2010 IEEE International Conference on Software Engineering and Service Sciences (ICSESS), 16–18 July 2010, pp. 209–212 (2010)
Zhong, C., Zhang, J., Xia, Y., Yu, H.: Construction of a trusted SaaS platform. In: 2010 Fifth IEEE International Symposium on Service Oriented System Engineering (SOSE), 4–5 June 2010, pp. 244–251 (2010)
Acknowledgements
Funding provided for this research by Swinburne University of Technology and FRST SPPI project is gratefully acknowledged. We also thank Swinburne University of Technology for their scholarship support for the first and third authors.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Almorsy, M., Grundy, J. & Ibrahim, A.S. Adaptable, model-driven security engineering for SaaS cloud-based applications. Autom Softw Eng 21, 187–224 (2014). https://doi.org/10.1007/s10515-013-0133-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10515-013-0133-z