research-article

A security reference architecture for cloud systems

Authors:

Eduardo B. Fernandez,

Raul MongeAuthors Info & Claims

WICSA '14 Companion: Proceedings of the WICSA 2014 Companion Volume

Article No.: 3, Pages 1 - 5

https://doi.org/10.1145/2578128.2578229

Published: 07 April 2014 Publication History

Abstract

Security is a fundamental concern in clouds and several cloud vendors provide Security Reference Architectures (SRAs) to describe the security level of their services. A SRA is an abstract architecture without implementation details showing a conceptual model of security for a cloud system. In general, Reference Architectures (RAs) are becoming useful tools to understand and build complex systems. We propose here a Security Reference Architecture (SRA), defined using UML models and patterns, incorporating a specific approach to build secure systems. We present a metamodel and possible patterns to conceptualize the approach. We also describe some uses for this SRA, including its value for Service Level Agreements (SLAs), service certification, monitoring, and security evaluation. We show this latter use in some detail.

References

[1]

P. Avgeriou. Describing, instantiating and evaluating a reference architecture: A case study. In Enterprise Architect Journal. Fawcette Technical Publications, June 2003.

[2]

F. A. Braz, E. B. Fernandez, and M. VanHilst. Eliciting security requirements through misuse activities. In Proceedings of the 2nd Int. Workshop on Secure Systems Methodologies using Patterns (SPattern'08), pages 328--333, Turin, Italy, September 2008.

Digital Library

[3]

E. B. Fernandez. Security Patterns in Practice: Designing Secure Architectures Using Software Patterns. Wiley Publishing, 1st edition, 2013.

Digital Library

[4]

E. B. Fernandez, M. M. Larrondo-Petrie, T. Sorgente, and M. VanHilst. A methodology to develop secure systems using patterns. In H. Mouratidis and P. Giorgini, editors, Integrating security and software engineering: Advances and future vision, pages 107--126. IDEA Press, 2006.

[5]

E. B. Fernandez, R. Monge, and K. Hashizume. Two patterns for cloud computing: Secure virtual machine image repository and cloud policy management point. In 20th Conf. on Pattern Languages of Programs (PLoP 2013), Monticello, Illinois, USA, October 2013.

[6]

E. B. Fernandez, N. Yoshioka, and H. Washizaki. Modeling misuse patterns. In International Conference on Availability, Reliability and Security (ARES '09), pages 566--571, Fukuoba, Japan, March 2009.

[7]

M. Hafner, M. Memon, and R. Breu. SeAAS - A reference architecture for security services in SOA. Journal of Universal Computer Science, 15(15):2916--2936, September 2009.

[8]

K. Hashizume, E. B. Fernandez, and M. M. Larrondo-Petrie. A reference architecture for cloud computing. sent for publication.

[9]

K. Hashizume, D. G. Rosado, E. Fernandez-Medina, and E. B. Fernandez. An analysis of security issues for cloud computing. Journal of Internet Services and Applications, 4(4), February 2013.

[10]

K. Hashizume, N. Yoshioka, and E. B. Fernandez. Three misuse patterns for cloud computing. In D. G. Rosado, D. Mellado, E. Fernandez-Medina, and M. Piattini, editors, Security Engineering for Cloud Computing: Approaches and Tools, pages 36--53. IGI Global, 2013.

[11]

J. Juerjens. Secure Systems Development with UML. Springer-Verlag, 2003.

Digital Library

[12]

F. Lombardi and R. Di Pietro. Secure virtualization for cloud computing. Journal of Network and Computer Applications, 34(4):1113--1122, July 2011.

Digital Library

[13]

Microsoft. Securing Microsoft's Cloud Infrastructure. Working document, Microsoft Global Foundation Services, May 2009.

[14]

G. Muller and P. van de Laar. Researching reference architectures and their relationships with frameworks, methods, techniques, and tools. In Procs. 7th Ann. Conf. on Systems Eng. research (CSER 2009), 2009.

[15]

NIST. NIST Cloud Computing Security Reference Architecture. NIST special publication 500-299 (draft), NIST Cloud Computing Security Working Group, 2013.

[16]

M. Okuhara, T. Shiozaki, and T. Suzuki. Security architectures for cloud computing. Fujitsu Sci. Tech. Journal, 46(4):397--402, October 2010.

[17]

A. V. Uzunov, E. B. Fernandez, and K. Falkner. Engineering security into distributed systems: A survey of methodologies. Journal of Universal Computer Science, 18(20):2920--3006, 2012.

Cited By

Poongavanam ET MV KMurugesan S(2023)Analysis of cloud services using OWASP security design2023 International Conference on Research Methodologies in Knowledge Management, Artificial Intelligence and Telecommunication Engineering (RMKMATE)10.1109/RMKMATE59243.2023.10369976(1-5)Online publication date: 1-Nov-2023
https://doi.org/10.1109/RMKMATE59243.2023.10369976
Washizaki HXia TKamata NFukazawa YKanuka HKato TYoshino MOkubo TOgata SKaiya HHazeyama ATanaka TYoshioka NPriyalakshmi G(2021)Systematic Literature Review of Security Pattern ResearchInformation10.3390/info1201003612:1(36)Online publication date: 16-Jan-2021
https://doi.org/10.3390/info12010036
Rath ASpasic BBoucart NThiran P(2019)Security Pattern for Cloud SaaS: From System and Data Security to Privacy Case Study in AWS and AzureComputers10.3390/computers80200348:2(34)Online publication date: 3-May-2019
https://doi.org/10.3390/computers8020034
Show More Cited By

Index Terms

A security reference architecture for cloud systems
1. Human-centered computing
  1. Human computer interaction (HCI)
2. Software and its engineering
  1. Software notations and tools
    1. General programming languages
      1. Language features
        Patterns
    2. System description languages
  2. Software organization and properties
    1. Software system structures
      1. Distributed systems organizing principles
        Client-server architectures
      2. Software architectures

Recommendations

A Reference Architecture for Validating Security Across Multi-Cloud Computing Systems
EASE '21: Proceedings of the 25th International Conference on Evaluation and Assessment in Software Engineering

Correlative studies carried out by different experts have cited a number of impediments to the growth of cloud computing technology; at the top of the list is security and data privacy issues. More so, a systematic mapping study which was conducted at ...
Building a security reference architecture for cloud systems

Reference architectures (RAs) are useful tools to understand and build complex systems, and many cloud providers and software product vendors have developed versions of them. RAs describe at an abstract level (no implementation details) the main ...
Two patterns for cloud computing: secure virtual machine image repository and cloud policy management point
PLoP '13: Proceedings of the 20th Conference on Pattern Languages of Programs

Two security patterns for clouds are presented: Secure Virtual Machine Image Repository, that controls the introduction or creation of malicious virtual machine images, and Cloud Policy Management Point, that defines a dashboard for the security ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

WICSA '14 Companion: Proceedings of the WICSA 2014 Companion Volume

April 2014

103 pages

ISBN:9781450325233

DOI:10.1145/2578128

General Chair:
Anna Liu
NICTA, Australia
,
Program Chairs:
John Klein
Software Engineering Institute
,
Antony Tang
Swinburne University of Technology, Australia

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

IEEE
NICTA: National Information and Communications Technology Australia

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 April 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

WICSA '14

Sponsor:

NICTA

WICSA '14: Proceedings of the WICSA 2014 Companion Volume

April 7, 2014

Sydney, Australia

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
425
Total Downloads

Downloads (Last 12 months)19
Downloads (Last 6 weeks)3

Reflects downloads up to 15 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Poongavanam ET MV KMurugesan S(2023)Analysis of cloud services using OWASP security design2023 International Conference on Research Methodologies in Knowledge Management, Artificial Intelligence and Telecommunication Engineering (RMKMATE)10.1109/RMKMATE59243.2023.10369976(1-5)Online publication date: 1-Nov-2023
https://doi.org/10.1109/RMKMATE59243.2023.10369976
Washizaki HXia TKamata NFukazawa YKanuka HKato TYoshino MOkubo TOgata SKaiya HHazeyama ATanaka TYoshioka NPriyalakshmi G(2021)Systematic Literature Review of Security Pattern ResearchInformation10.3390/info1201003612:1(36)Online publication date: 16-Jan-2021
https://doi.org/10.3390/info12010036
Rath ASpasic BBoucart NThiran P(2019)Security Pattern for Cloud SaaS: From System and Data Security to Privacy Case Study in AWS and AzureComputers10.3390/computers80200348:2(34)Online publication date: 3-May-2019
https://doi.org/10.3390/computers8020034
Rayis ODogru A(2019)Authorization Model Definition for an Adaptable Workflow within Cloud EnvironmentProceedings of the 2019 3rd International Conference on Cloud and Big Data Computing10.1145/3358505.3358526(49-53)Online publication date: 28-Aug-2019
https://dl.acm.org/doi/10.1145/3358505.3358526
Fernandez EYoshioka NWashizaki HSyed M(2016)Modeling and Security in Cloud EcosystemsFuture Internet10.3390/fi80200138:4(13)Online publication date: 20-Apr-2016
https://doi.org/10.3390/fi8020013

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents