Improving Tenants' Trust in SaaS Applications Using Dynamic Security Monitors
作者: Mohamed Almorsy Abdelrazek , John Grundy , Amani S. Ibrahim
关键词:
摘要: It is almost impossible to prove that a given software system achieves an absolute security level. This becomes more complicated when addressing multi-tenant cloud-based SaaS applications. Developing practical properties and metrics monitor, verify, assess the behavior of such systems feasible alternative problem. However, existing efforts focus either on verifying or but not both. Moreover, they are hard adopt, in terms usability, require design-time preparation support monitoring which for In this paper, we introduce, best our knowledge, first unified platform enables application tenants specify, at run-time, without hence increases tenants' trust their cloud-assets security. The automatically converts specifications into probes integrates them with target run-time. Probes-generated measurements fed analysis component verifies specified calculates metrics' values using aggregation functions. then reported cloud engineers. We evaluated expressiveness soundness, performance overhead.
sci-hub.se 参考文章(40)
Christian Colombo, Adrian Francalanza, Ruth Mizzi, Gordon J. Pace, polyLarva: Runtime Verification with Configurable Resource-Aware Monitoring Boundaries Software Engineering and Formal Methods. pp. 218- 232 ,(2012) , 10.1007/978-3-642-33826-7_15
George Spanoudakis, Christos Kloukinas, Khaled Mahbub, The SERENITY Runtime Monitoring Framework ambient intelligence. ,vol. 45, pp. 213- 237 ,(2009) , 10.1007/978-0-387-88775-3_13
Bartosz Baliś, Marian Bubak, Włodzimierz Funika, Roland Wismüller, Marcin Radecki, Tomasz Szepieniec, Tomasz Arodź, Marcin Kurdziel, Performance Evaluation and Monitoring of Interactive Grid Applications Lecture Notes in Computer Science. pp. 345- 352 ,(2004) , 10.1007/978-3-540-30218-6_48
Mohamed Almorsy, John Grundy, Amani S. Ibrahim, VAM-aaS: online cloud services security vulnerability analysis and mitigation-as-a-service web information systems engineering. pp. 411- 425 ,(2012) , 10.1007/978-3-642-35063-4_30
Schahram Dustdar, Fei Li, Ta’id Holmes, Emmanuel Mulo, Uwe Zdun, Schahram Dustdar, Model-aware Monitoring of SOAs for Compliance Service Engineering. pp. 117- 136 ,(2011) , 10.1007/978-3-7091-0415-6_5
Mohamed Almorsy, John Grundy, Amani S. Ibrahim, MDSE@R: model-driven security engineering at runtime CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security. ,vol. 7672, pp. 279- 295 ,(2012) , 10.1007/978-3-642-35362-8_22
Andreas Vogelsang, Ansgar Fehnker, Ralf Huuck, Wolfgang Reif, Software metrics in static program analysis international conference on formal engineering methods. pp. 485- 500 ,(2010) , 10.1007/978-3-642-16901-4_32
Ayman Amin, Lars Grunske, Alan Colman, An automated approach to forecasting QoS attributes based on linear and non-linear time series modeling Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering - ASE 2012. pp. 130- 139 ,(2012) , 10.1145/2351676.2351695
Roland Wismüller, Marian Bubak, Włodzimierz Funika, High-level application-specific performance analysis using the G-PM tool Future Generation Computer Systems. ,vol. 24, pp. 121- 132 ,(2008) , 10.1016/J.FUTURE.2007.03.008
María Victoria Cengarle, Alexander Knapp, OCL 1.4/5 vs. 2.0 Expressions Formal semantics and expressiveness Software and Systems Modeling. ,vol. 3, pp. 9- 30 ,(2004) , 10.1007/S10270-003-0035-9