Towards Model-Based Security Assessment of Cloud Applications
作者: Valentina Casola , Alessandra De Benedictis , Roberto Nardone
DOI: 10.1007/978-3-319-57186-7_56
关键词:
摘要: Security issues are still posing limitations to the full exploitation of potential cloud computing paradigm, and developers more required take security into account from very beginning development process. Unfortunately, application classical best practices may be not enough due involvement services provided by third-parties out control developer. In this paper, overcome issue, we introduce discuss a model-based process for assessment applications. particular, suggest complete that can executed within lifecycle application, requirement elicitation up validation (both static dynamic through generation execution suitable test cases) final deployment against requirements. work, sketch main phases illustrate high-level modelling languages have been defined describe an at different levels abstraction formalize both requirements applications features offered existing services. A running example involving simple yet realistic is used throughout paper better proposal demonstrate its feasibility effectiveness.
springer.com
core.ac.uk
sci-hub.se 参考文章(13)
Jan Jürjens, UMLsec: Extending UML for Secure Systems Development Lecture Notes in Computer Science. pp. 412- 425 ,(2002) , 10.1007/3-540-45800-X_32
Ricardo J. Rodríguez, José Merseguer, Simona Bernardi, Modelling Security of Critical Infrastructures: A Survivability Assessment The Computer Journal. ,vol. 58, pp. 2313- 2327 ,(2015) , 10.1093/COMJNL/BXU096
Nicolas Ferry, Hui Song, Alessandro Rossini, Franck Chauvel, Arnor Solberg, Cloud MF: Applying MDE to Tame the Complexity of Managing Multi-cloud Applications ieee acm international conference utility and cloud computing. pp. 269- 277 ,(2014) , 10.1109/UCC.2014.36
Yu Liu, Hong Man, Network vulnerability assessment using Bayesian networks Data mining, intrusion detection, information assurance, and data networks security. Conference. ,vol. 5812, pp. 61- 71 ,(2005) , 10.1117/12.604240
Paul Ammann, Duminda Wijesekera, Saket Kaushik, Scalable, graph-based network vulnerability analysis Proceedings of the 9th ACM conference on Computer and communications security - CCS '02. pp. 217- 224 ,(2002) , 10.1145/586110.586140
Shahriar Bijani, David Robertson, A review of attacks and security approaches in open multi-agent systems Artificial Intelligence Review. ,vol. 42, pp. 607- 636 ,(2014) , 10.1007/S10462-012-9343-1
Igor Kotenko, Mikhail Stepashkin, None, Attack graph based evaluation of network security international conference on communications. pp. 216- 227 ,(2006) , 10.1007/11909033_20
D.M. Nicol, W.H. Sanders, K.S. Trivedi, Model-based evaluation: from dependability to security IEEE Transactions on Dependable and Secure Computing. ,vol. 1, pp. 48- 65 ,(2004) , 10.1109/TDSC.2004.11