Automated Software Engineering

, Volume 21, Issue 2, pp 187–224 | Cite as

Adaptable, model-driven security engineering for SaaS cloud-based applications

  • Mohamed AlmorsyEmail author
  • John Grundy
  • Amani S. Ibrahim


Software-as-a-service (SaaS) multi-tenancy in cloud-based applications helps service providers to save cost, improve resource utilization, and reduce service customization and maintenance time. This is achieved by sharing of resources and service instances among multiple “tenants” of the cloud-hosted application. However, supporting multi-tenancy adds more complexity to SaaS applications required capabilities. Security is one of these key requirements that must be addressed when engineering multi-tenant SaaS applications. The sharing of resources among tenants—i.e. multi-tenancy—increases tenants’ concerns about the security of their cloud-hosted assets. Compounding this, existing traditional security engineering approaches do not fit well with the multi-tenancy application model where tenants and their security requirements often emerge after the applications and services were first developed. The resultant applications do not usually support diverse security capabilities based on different tenants’ needs, some of which may change at run-time i.e. after cloud application deployment. We introduce a novel model-driven security engineering approach for multi-tenant, cloud-hosted SaaS applications. Our approach is based on externalizing security from the underlying SaaS application, allowing both application/service and security to evolve at runtime. Multiple security sets can be enforced on the same application instance based on different tenants’ security requirements. We use abstract models to capture service provider and multiple tenants’ security requirements and then generate security integration and configurations at runtime. We use dependency injection and dynamic weaving via Aspect-Oriented Programming (AOP) to integrate security within critical application/service entities at runtime. We explain our approach, architecture and implementation details, discuss a usage example, and present an evaluation of our approach on a set of open source web applications.


Software-as-a-service Model-driven engineering Adaptive-security Security engineering Tenant-oriented security 



Funding provided for this research by Swinburne University of Technology and FRST SPPI project is gratefully acknowledged. We also thank Swinburne University of Technology for their scholarship support for the first and third authors.


  1. Akai, S., Chiba, S.: Extending AspectJ for Separating Regions. ACM, New York (2009) Google Scholar
  2. Almorsy, M., Grundy, J., Mueller, I.: An analysis of the cloud computing security problem. In: Proc. of 2010 Asia Pacific Cloud Workshop, Colocated with APSEC, Sydney, Australia (2010) Google Scholar
  3. Almorsy, M., Grundy, J., Ibrahim, A.S.: Supporting automated software re-engineering using re-aspects. In: Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering ASE 2012, New York, NY, USA, 2012, pp. 230–233. ACM, New York (2012) Google Scholar
  4. Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, New York (2001) Google Scholar
  5. Bauer, A., Jürjens, J.: Security protocols, properties, and their monitoring. In: Proceedings of the Fourth International Workshop on Software Engineering for Secure Systems, SESS ’08. New York, NY, USA, 2008. pp. 33–40. ACM, New York (2008) CrossRefGoogle Scholar
  6. Blair, G., Bencomo, N., Frame, R.B.: Models@run.time. IEEE Comput., 22–27 (2009) Google Scholar
  7. Brock, M., Goscinski, A.: Toward a framework for cloud security algorithms and architectures for parallel processing. In: Lecture Notes in Computer Science, vol. 6082, pp. 254–263. Springer, Berlin (2010) Google Scholar
  8. Cai, H., Zhang, K., Zhou, M.J., Gong, W., Cai, J.J., Mao, X.S.: An end-to-end methodology and toolkit for fine granularity SaaS-ization. In: 2009 IEEE International Conference on Cloud Computing, 21–25 Sept. 2009, pp. 101–108 (2009) CrossRefGoogle Scholar
  9. Cai, H., Wang, N., Zhou, M.J.: A transparent approach of enabling SaaS multi-tenancy in the cloud. In: 2010 6th World Congress on Services, 5–10 July 2010, pp. 40–47 (2010) CrossRefGoogle Scholar
  10. Chinchani, R., Iyer, A., Ngo, H., Upadhyaya, S.: A target-centric formal model for insider threat and more. Technical Report 2004-16, University of Buffalo, US (2004) Google Scholar
  11. Elkhodary, A., Whittle, J.: A survey of approaches to adaptive application security. In: International Workshop on Software Engineering for Adaptive and Self-Managing Systems, pp. 1–16 (2007) Google Scholar
  12. Guo, C.J., Sun, W., Huang, Y., Wang, Z.H., Gao, B.: A framework for native multi-tenancy application development and management. In: The 9th IEEE International Conference on E-Commerce Technology and 4th IEEE International Conference on Enterprise Computing, E-Commerce, and E-Services, 2007. CEC/EEE 2007, 23–26 July 2007, pp. 551–558 (2007) Google Scholar
  13. Hafner, M., Memon, M., Breu, R.: Seaas—a reference architecture for security services in soa. J. Univers. Comput. Sci. 15, 2916–2936 (2009) Google Scholar
  14. Hashii, B., Malabarba, S., Pandey, R., Bishop, M.: Supporting Reconfigurable Security Policies for Mobile Programs. North-Holland Publishing Co., Amsterdam (2000) Google Scholar
  15. Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering dac, mac and rbac. In: Proceedings of the 26th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, pp. 41–55 (2012) Google Scholar
  16. Johansen, R., Stephan, S., Peter, S.: Yiihaw .net aspect weaver usage guide. (2007)
  17. Jürjens, J.: Towards development of secure systems using UMLsec. In: Fundamental Approaches to Software Engineering. Lecture Notes in Computer Science, vol. 2029, pp. 187–200. Springer, Berlin (2001) CrossRefGoogle Scholar
  18. Jürjens, J., Wimmel, G.: Formally testing fail-safety of electronic purse protocols. In: Proceedings. 16th Annual International Conference on Automated Software Engineering, Nov. 2001, pp. 408–411 (2001) CrossRefGoogle Scholar
  19. Lamsweerde, A., Brohez, S., et al.: System goals to intruder anti-goals: attack generation and resolution for security requirements engineering. In: Proc. of the 3rd Workshop on Requirements for High Assurance Systems, Monterey, 2003, pp. 49–56. ACM, New York (2003) Google Scholar
  20. Liu, L., Yu, E., Mylopoulos, J.: Secure i: engineering secure software systems through social analysis. Int. J. Softw. Inf. 3, 89–120 (2009) CrossRefGoogle Scholar
  21. Lodderstedt, T., Basin, D., Doser, J.: Secureuml: a uml-based modeling language for model-driven security. In: The 5th International Conference on the Unified Modeling Language, Dresden, Germany, 2002, vol. 2460, pp. 426–441. Springer, Berlin (2002) Google Scholar
  22. Mead, N., Stehney, T.: Security Quality Requirements Engineering (Square) Methodology. ACM, New York (2005) Google Scholar
  23. Mellado, D., Fernández-Medina, E., Piattini, M.: Applying a security requirements engineering process. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) Computer Security—ESORICS 2006. Lecture Notes in Computer Science, vol. 4189, pp. 192–206. Springer, Berlin (2006) CrossRefGoogle Scholar
  24. Menzel, M., Warschofsky, R., Thomas, I., Willems, C., Meinel, C.: The service security lab: a model-driven platform to compose and explore service security in the cloud. In: 2010 6th World Congress on Services, 5–10 July 2010, pp. 115–122 (2010) CrossRefGoogle Scholar
  25. Mietzner, R., Leymann, F., Papazoglou, M.P.: Defining composite configurable SaaS application packages using sca, variability descriptors and multi-tenancy patterns. In: Third International Conference on Internet and Web Applications and Services, 2008. ICIW ’08, 8–13 June 2008, pp. 156–161 (2008) CrossRefGoogle Scholar
  26. Montrieux, L., Jürjens, J., Haley, C.B., Yu, Y., Schobbens, P.-Y., Toussaint, H.: Tool support for code generation from a UMLsec property. In: Proceedings of the IEEE/ACM International Conference on Automated Software Engineering, ASE ’10, New York, NY, USA, 2010, pp. 357–358. ACM, New York (2010) CrossRefGoogle Scholar
  27. Morin, B., Barais, O., Nain, G., et al.: Taming dynamically adaptive systems using models and aspects. In: IEEE 31st Int. Conf. on Software Engineering, Vancouver, BC, 2009, pp. 122–132. IEEE Computer Society, Washington (2009) Google Scholar
  28. Morin, B., Mouelhi, T., Fleurey, F., Traon, Y., Barais, O., Jézéquelet, J.: Security-Driven Model-Based Dynamic Adaptation. ACM, New York (2010) Google Scholar
  29. Mouelhi, T., Fleurey, F., Baudry, B., Traon, Y.: A model-based framework for security policy specification, deployment and testing. In: Proceedings of the 11th Int. Conf. on Model Driven Engineering Languages and Systems, France, 2008. Springer, Berlin (2008) Google Scholar
  30. Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. (2007) Google Scholar
  31. Pervez, Z., Lee, S., Lee, Y.-K.: Multi-tenant, secure, load disseminated SaaS architecture. In: 2010 the 12th International Conference on Advanced Communication Technology, 7–10 Feb. 2010, vol. 1, pp. 214–219 (2010) Google Scholar
  32. Pervez, Z., Lee, S., Lee, Y.-K.: Multi-tenant, secure, load disseminated SaaS architecture. In: Proceedings of the 12th International Conference on Advanced Communication Technology, Gangwon-Do, South Korea, pp. 214–219. IEEE Press, New York (2010) Google Scholar
  33. Sanchez-Cid, F., Mana, A.: Serenity pattern-based software development life-cycle. In: 19th International Workshop on Database and Expert Systems Application, pp. 305–309 (2008) Google Scholar
  34. Scott, K., Kumar, N., Velusamy, S., et al.: Retargetable and Reconfigurable Software Dynamic Translation. IEEE Computer Society, Washington (2003) Google Scholar
  35. Sindre, G., Opdahl, A.: Eliciting security requirements with misuse cases. Requir. Eng. 10(1), 34–44 (2005) CrossRefGoogle Scholar
  36. Vogel, T., Seibel, A., Giese, H.: The role of models and megamodels at runtime. In: Proceedings of the 2010 International Conference on Models in Software Engineering, pp. 224–238 (2010) Google Scholar
  37. Wang, D., Zhang, Y., Zhang, B., Liu, Y.: Research and implementation of a new SaaS service execution mechanism with multi-tenancy support. In: Proceedings of the 2009 First IEEE International Conference on Information Science and Engineering, pp. 336–339. IEEE Computer Society, Washington (2009) CrossRefGoogle Scholar
  38. Xu, J., Jinglei, T., Dongjian, H., Linsen, Z., Lin, C., Fang, N.: Research and implementation on access control of management-type SaaS. In: 2010 the 2nd IEEE International Conference on Information Management and Engineering (ICIME), 16–18 April 2010, pp. 388–392 (2010) CrossRefGoogle Scholar
  39. Zhang, X., Shen, B., Tang, X., Chen, W.: From isolated tenancy hosted application to multi-tenancy: toward a systematic migration method for web application. In: 2010 IEEE International Conference on Software Engineering and Service Sciences (ICSESS), 16–18 July 2010, pp. 209–212 (2010) CrossRefGoogle Scholar
  40. Zhong, C., Zhang, J., Xia, Y., Yu, H.: Construction of a trusted SaaS platform. In: 2010 Fifth IEEE International Symposium on Service Oriented System Engineering (SOSE), 4–5 June 2010, pp. 244–251 (2010) CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  • Mohamed Almorsy
    • 1
    Email author
  • John Grundy
    • 1
  • Amani S. Ibrahim
    • 1
  1. 1.Centre for Computing & Engineering Software SystemsSwinburne University of TechnologyMelbourneAustralia

Personalised recommendations