Adaptable, model-driven security engineering for SaaS cloud-based applications

Almorsy, Mohamed, Grundy, John and Ibrahim, Amani S. 2014, Adaptable, model-driven security engineering for SaaS cloud-based applications, Automated software engineering, vol. 21, no. 2, pp. 187-224, doi: 10.1007/s10515-013-0133-z.

Attached Files
Name Description MIMEType Size Downloads

Title Adaptable, model-driven security engineering for SaaS cloud-based applications
Author(s) Almorsy, Mohamed
Grundy, John
Ibrahim, Amani S.
Journal name Automated software engineering
Volume number 21
Issue number 2
Start page 187
End page 224
Total pages 38
Publisher Springer
Place of publication Berlin, Germany
Publication date 2014-04
ISSN 0928-8910
Keyword(s) Science & Technology
Computer Science, Software Engineering
Computer Science
Model-driven engineering
Security engineering
Tenant-oriented security
Summary Software-as-a-service (SaaS) multi-tenancy in cloud-based applications helps service providers to save cost, improve resource utilization, and reduce service customization and maintenance time. This is achieved by sharing of resources and service instances among multiple "tenants" of the cloud-hosted application. However, supporting multi-tenancy adds more complexity to SaaS applications required capabilities. Security is one of these key requirements that must be addressed when engineering multi-tenant SaaS applications. The sharing of resources among tenants - i.e. multi-tenancy - increases tenants' concerns about the security of their cloud-hosted assets. Compounding this, existing traditional security engineering approaches do not fit well with the multi-tenancy application model where tenants and their security requirements often emerge after the applications and services were first developed. The resultant applications do not usually support diverse security capabilities based on different tenants' needs, some of which may change at run-time i.e. after cloud application deployment. We introduce a novel model-driven security engineering approach for multi-tenant, cloud-hosted SaaS applications. Our approach is based on externalizing security from the underlying SaaS application, allowing both application/service and security to evolve at runtime. Multiple security sets can be enforced on the same application instance based on different tenants' security requirements. We use abstract models to capture service provider and multiple tenants' security requirements and then generate security integration and configurations at runtime. We use dependency injection and dynamic weaving via Aspect-Oriented Programming (AOP) to integrate security within critical application/service entities at runtime. We explain our approach, architecture and implementation details, discuss a usage example, and present an evaluation of our approach on a set of open source web applications.
Language eng
DOI 10.1007/s10515-013-0133-z
Field of Research 080309 Software Engineering
Socio Economic Objective 890202 Application Tools and System Utilities
HERDC Research category C1.1 Refereed article in a scholarly journal
ERA Research output type C Journal article
Copyright notice ©2014, Springer
Persistent URL

Connect to link resolver
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 30 times in TR Web of Science
Scopus Citation Count Cited 34 times in Scopus
Google Scholar Search Google Scholar
Access Statistics: 564 Abstract Views, 3 File Downloads  -  Detailed Statistics
Created: Thu, 25 Feb 2016, 11:42:08 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact