Requirements Engineering

, Volume 21, Issue 2, pp 225–249 | Cite as

Building a security reference architecture for cloud systems

  • Eduardo B. FernandezEmail author
  • Raul Monge
  • Keiko Hashizume
Original Article


Reference architectures (RAs) are useful tools to understand and build complex systems, and many cloud providers and software product vendors have developed versions of them. RAs describe at an abstract level (no implementation details) the main features of their cloud systems. Security is a fundamental concern in clouds and several cloud vendors provide security reference architectures (SRAs) to describe the security features of their services. A SRA is an abstract architecture describing a conceptual model of security for a cloud system and provides a way to specify security requirements for a wide range of concrete architectures. We propose here a method to build a SRA for clouds defined using UML models and patterns, which goes beyond existing models in providing a global view and a more precise description. We present a metamodel as well as security and misuse patterns for this purpose. We validate our approach by showing that it can describe more precisely existing models and that it has a variety of uses. We describe in detail one of these uses, a way of evaluating the security level of a SRA.


Security reference architecture Security patterns  Reference architecture Security requirements Secure software development Cloud computing IaaS security 



We thank the reviewers for their careful evaluation and their suggestions that significantly improved the paper. The work of Eduardo Fernandez was supported by the Chilean agency CONICYT, under research contract 80120008.


  1. 1.
    Clarke R (2013) Data risks in the cloud. J Theor Appl Electron Commer Res 8(3):59–73. doi: 10.4067/S0718-18762013000300005, ISSN 0718-1876CrossRefGoogle Scholar
  2. 2.
    Hashizume K, Rosado DG, Fernández-Medina E, Fernández EB (2013) An analysis of security issues for cloud computing. J Internet Serv Appl 4(1). doi: 10.1186/1869-0238-4-5
  3. 3.
    Avgeriou P (2003) Describing, instantiating and evaluating a reference architecture: a case study. Enterp Archit JGoogle Scholar
  4. 4.
    Taylor RN, Medvidovic N, Dashofy EM (2009) Software architecture: foundations, theory, and practice. Wiley, London.   ISBN 0470167742, 9780470167748Google Scholar
  5. 5.
    HP (2011) Understanding the HP CloudSystem Reference Architecture. White paper, Hewlett-Packard Development CompanyGoogle Scholar
  6. 6.
    IBM (2012) IBM SmartCloud. White paper, IBM CorporationGoogle Scholar
  7. 7.
    Microsoft Global Foundation Services (2009) Securing Microsoft’s cloud infrastructure. Technical report, MicrosoftGoogle Scholar
  8. 8.
    NIST Cloud Computing Security Working Group (2013) NIST cloud computing security reference architecture. Working document, NISTGoogle Scholar
  9. 9.
    Campbell RH, Montanari M, Farivar R (2012) A middleware for assured clouds. J Internet Serv Appl 3(1):87–94. doi: 10.1007/s13174-011-0044-9 CrossRefGoogle Scholar
  10. 10.
    Hafner M, Memon M, Breu R (2009) SeAAS—a reference architecture for security services in SOA. J UCS 15(15):2916–2936Google Scholar
  11. 11.
    Hashizume K, Fernandez EB, Larrondo-Petrie MM (2012) Cloud service model patterns. In: 19th international conference on pattern languages of programs (PLoP2012), Tucson, AZGoogle Scholar
  12. 12.
    Hashizume K, Fernandez EB, Larrondo-Petrie M (2012) Cloud infrastructure pattern. In: First international symposium on software architecture and patterns. LACCEI, Panama City, Panama, pp 23–27Google Scholar
  13. 13.
    Fernandez EB (2013) Security patterns in practice: designing secure architectures using software patterns, 1st edn. Wiley, London.   ISBN 1119998948Google Scholar
  14. 14.
    Hashizume K, Yoshioka N, Fernandez EB (2013) Three misuse patterns for cloud computing. In: Rosado DG, Mellado D, Fernandez-Medina E, Piattini MG (eds) Security engineering for cloud computing: approaches and tools. IGI Global,  Hershey, pp 36–53. doi: 10.4018/978-1-4666-2125-1.ch003 CrossRefGoogle Scholar
  15. 15.
    Angelov S, Grefen P, Greefhorst D (2012) A framework for analysis and design of software reference architectures. Inf Softw Technol 54(4):417–431. doi: 10.1016/j.infsof.2011.11.009, ISSN 0950-5849
  16. 16.
    CSA (2011) Quick guide to the reference architecture TCI (trusted cloud initiative). Technical report, Cloud Security AllianceGoogle Scholar
  17. 17.
    Warmer J, Kleppe A (2003) The object constraint language: getting your models ready for MDA, 2nd edn. Addison-Wesley Longman, Boston. ISBN 0321179366Google Scholar
  18. 18.
    Garavel H, Graf S (2013) Formal methods for safe and secure computer systems. Technical report. BSI Study 875, Federal Office for Information Security, BonnGoogle Scholar
  19. 19.
    Brown A, Apple B, Michael JB, Schumann MA (2012) Atomic-level security for web applications in a cloud environment. IEEE Comput 45(12):80–83. doi: 10.1109/MC.2012.400 CrossRefGoogle Scholar
  20. 20.
    Fernández EB, Washizaki H, Yoshioka N, VanHilst M (2011) An approach to model-based development of secure and reliable systems. In: Sixth international conference on availability, reliability and security, ARES, pp 260–265, Vienna. doi: 10.1109/ARES.2011.45
  21. 21.
    Delessy N, Fernandez EB, Larrondo-Petrie MM (2007) A pattern language for identity management. In: Proceedings of the international multi-conference on computing in the global information technology, ICCGI ’07, p 31, IEEE Computer Society, Washington, DC. doi: 10.1109/ICCGI.2007.5, ISBN 0-7695-2798-1
  22. 22.
    Braz FA, Fernández EB, VanHilst M (2008) Eliciting security requirements through misuse activities. In: 19th international workshop on database and expert systems applications (DEXA 2008), 1–5 Sept 2008, Turin, pp 328–333. doi: 10.1109/DEXA.2008.101
  23. 23.
    Fernandez EB, Yoshioka N, Washizaki H, Yoder J (2014) Abstract security patterns for requirements specification and analysis of secure systems. In: WER 2014 conference, a track of the 17th Ibero-American conference on software engineering (CIbSE 2014), Pucon, ChileGoogle Scholar
  24. 24.
    Fernandez E, Yuan X (2000) Semantic analysis patterns. In: Laender A, Liddle S, Storey V (eds) Conceptual modeling—ER 2000, vol 1920 of lecture notes in computer science. Springer, Berlin, pp 183–195. doi: 10.1007/3-540-45393-8_14, ISBN 978-3-540-41072-0
  25. 25.
    Fernandez E, Pelaez J, Larrondo-Petrie M (2007) Attack patterns: a new forensic and design tool. In: Craiger P, Shenoi S (eds) Advances in digital forensics III, vol 242 of IFIP—The International Federation for Information Processing. Springer, New York, pp 345–357. doi: 10.1007/978-0-387-73742-3_24, ISBN 978-0-387-73741-6
  26. 26.
    Fernández EB, Yoshioka N, Washizaki H (2009) Modeling misuse patterns. In: Proceedings of the fourth international conference on availability, reliability and security, ARES 2009, 16–19 March, 2009, Fukuoka, pp 566–571. doi: 10.1109/ARES.2009.139
  27. 27.
    Fowler M (2002) Patterns of enterprise application architecture. Addison-Wesley Longman, Boston. ISBN 0321127420Google Scholar
  28. 28.
    Liu F, Tong J, Mao J, Bohn R, Messina J, Badger L, Leaf D (2011) Cloud computing reference architecture. Special publication 500-292, NISTGoogle Scholar
  29. 29.
    Stricker V, Lauenroth K, Corte P, Gittler F, Panfilis SD, Pohl K (2010) Creating a reference architecture for service-based systems—a pattern-based approach. In: Towards the future internet—emerging trends from European research, pp 149–160. doi: 10.3233/978-1-60750-539-6-149
  30. 30.
    Muller G, van de Laar P (2009) Researching reference architectures and their relationships with frameworks, methods, techniques, and tools. In: Kalawsky R, O’Brien J, Goonetilleke T, Grocott C (eds) 7th annual conference on systems engineering research (CSER 2009). Research School of Systems Engineering, Loughborough University, LoughboroughGoogle Scholar
  31. 31.
    Uzunov AV, Fernandez EB, Falkner K (2012) Securing distributed systems using patterns: a survey. Comput Secur 31(5):681–703. doi: 10.1016/j.cose.2012.04.005, ISSN 0167-4048
  32. 32.
    Object Management Group (2014) Unified Modeling Language™ (UML®) Tech. rep., Object Management Group IncGoogle Scholar
  33. 33.
    Medvidovic N, Taylor R (2000) A classification and comparison framework for software architecture description languages. IEEE Trans Softw Eng 26(1):70–93. doi: 10.1109/32.825767, ISSN 0098-5589
  34. 34.
    OWASP (2013) OWASP Top 10—2013: the ten most critical web application security risks. Technical report, The OWASP FoundationGoogle Scholar
  35. 35.
    Chonka A, Xiang Y, Zhou W, Bonti A (2011) Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks. J Netw Comput Appl 34(4):1097–1107. doi: 10.1016/j.jnca.2010.06.004, ISSN 1084-8045
  36. 36.
    Fernandes D, Soares L, Gomes J, Freire M, Inácio P (2014) Security issues in cloud environments: a survey. IntJ Inf Secur 13(2):113–170. doi: 10.1007/s10207-013-0208-7, ISSN 1615-5262
  37. 37.
    Ryan MD (2013) Cloud computing security: the scientific challenge, and a survey of solutions. J Syst Softw 86(9):2263–2268. doi: 10.1016/j.jss.2012.12.025, ISSN 0164-1212
  38. 38.
    Kalloniatis C, Mouratidis H, Vassilis M, Islam S, Gritzalis S, Kavakli E (2014) Towards the design of secure and privacy-oriented information systems in the cloud: identifying the major concepts. Comput Stand Interfaces 36(4):75–759. doi: 10.1016/j.csi.2013.12.010, ISSN 0920-5489
  39. 39.
    Tsugawa M, Matsunaga A, Fortes JA (2014) Cloud computing security: what changes with software-defined networking? In: Jajodia S, Kant K, Samarati P, Singhal A, Swarup V, Wang C (eds) Secure cloud computing. Springer, New York, pp 77–93. doi: 10.1007/978-1-4614-9278-8_4, ISBN 978-1-4614-9277-1
  40. 40.
    Prolexic (2012) DDoS Denial of service protection and the cloud. White paper Prolexic Technologies IncGoogle Scholar
  41. 41.
    Modi C, Patel D, Borisaniya B, Patel H, Patel A, Rajarajan M (2013) A survey of intrusion detection techniques in Cloud. J Netw Comput Appl 36(1):42–57. doi: 10.1016/j.jnca.2012.05.003, ISSN 1084-8045
  42. 42.
    Juels A, Oprea A (2013) New approaches to security and availability for cloud data. Commun ACM 56(2):64–73. doi: 10.1145/2408776.2408793, ISSN 0001-0782
  43. 43.
    EMA (2010) Securing the administration of virtualization. Market research report, Enterprise Management AssociatesGoogle Scholar
  44. 44.
    Moscato F, Aversa R, Di Martino B, Fortis T, Munteanu V (2011) An analysis of mOSAIC ontology for Cloud resources annotation. In: 2011 federated conference on computer science and information systems (FedCSIS), pp 973–980Google Scholar
  45. 45.
    Zhang M, Ranjan r, Haller A, Georgakopoulos D, Menzel M, Nepal S (2012) An ontology-based system for cloud infrastructure services’ discovery. In: 2012 8th international conference on collaborative computing: networking, applications and worksharing (CollaborateCom), pp 524–530Google Scholar
  46. 46.
    Lombardi F, Pietro RD (2011) Secure virtualization for cloud computing. J Netw Comput Appl 34(4):1113–1122. doi: 10.1016/j.jnca.2010.06.008, ISSN 1084-8045
  47. 47.
    Malik S, Khan S, Srinivasan S (2013) Modeling and analysis of state-of-the-art VM-based cloud management platforms. IEEE Trans Cloud Comput 1(1):1–1. doi: 10.1109/TCC.2013.3, ISSN 2168-7161
  48. 48.
    Kalantari A, Esmaeli A, Ibrahim S (2012) A service-oriented security reference architecture. Int J Adv Comput Sci Inf Technol (IJACSIT) 1(1):25–31Google Scholar
  49. 49.
    Dodani M (2010) On ‘cloud nine’ through architecture. J Object Technol 9(3):31–39. doi: 10.5381/jot.2010.9.3.c3, ISSN 1660-1769
  50. 50.
    IBM (2013) IBM cloud computing reference architecture 3.0—security. Technical report, IBM Developer Works, IBM CorporationGoogle Scholar
  51. 51.
    OAuth (2014) The OAuth 2.0 authorization framework. Web page, OAuthGoogle Scholar
  52. 52.
    Okuhara M, Shiozaki T, Suzuki T (2010) Security architectures for cloud computing. Fujitsu Sci Tech J (FSTJ) 46(4):397–402Google Scholar
  53. 53.
    Amazon Web Services (2014) Amazon Web Services: overview of security processes. Technical report, Inc.Google Scholar
  54. 54.
    Cisco HyTrust, VMware, Savvis, Coalfire (2011) PCI-compliant cloud reference architecture. White paper, Payment Card Industry Security Standard Council Data Security StandardGoogle Scholar
  55. 55.
    VMWare, SAVVIS (2009) Securing the cloud: a review of cloud computing, security implications and best practices. White paper, VMware Inc.Google Scholar
  56. 56.
    Wilkins M (2011) Oracle reference architecture: cloud foundation architecture, release 3.0. Technical report E24529–01, Oracle CorporationGoogle Scholar
  57. 57.
    Cisco (2009) Cisco SAFE: a security reference Architecture. White paper, Cisco SystemsGoogle Scholar
  58. 58.
    Juniper Networks (2013) Juniper Networks metafabric architecture. White paper, Juniper Networks Inc.Google Scholar
  59. 59.
    Haletky E (2013) Trend Micro deep security reference architecture for the secure hybrid cloud. White paper, Trend MicroGoogle Scholar
  60. 60.
    E Systems (2014) Eucalyptus reference architectures. Technical report, Eucalyptus SystemsGoogle Scholar
  61. 61.
    OSA (2014) SP-011: Cloud computing pattern. Technical repoer, OSAGoogle Scholar
  62. 62.
    Beckers K, Côté I, Faßbender S, Heisel M, Hofbauer S (2013) A pattern-based method for establishing a cloud-specific information security management system. Requir Eng 18(4):343–395. doi: 10.1007/s00766-013-0174-7, ISSN 0947-3602
  63. 63.
    Uzunov AV, Fernandez EB, Falkner K (2012) Engineering security into distributed systems: a survey of methodologies. J Univers Comput Sci 18(20):2920–3006Google Scholar
  64. 64.
    Badger L, Bohn RB, Chandramouli R, Grance T, Karygiannis T, Patt-Corner R, Voas J (2010) Cloud computing use cases. Working document. NISTGoogle Scholar
  65. 65.
    Fowler M (1997) Analysis patterns: reusable objects models. Addison-Wesley Longman, Boston. ISBN 0-201-89542-0Google Scholar
  66. 66.
    Papazoglou M, van den Heuvel WJ (2007) Service oriented architectures: approaches, technologies and research issues. VLDB J 16(3):389–415. doi: 10.1007/s00778-007-0044-3, ISSN 1066-8888
  67. 67.
    Mouratidis H, Islam S, Kalloniatis C, Gritzalis S (2013) A framework to support selection of cloud providers based on security and privacy requirements. J Syst Softw 86(9):2276–2293. doi: 10.1016/j.jss.2013.03.011, ISSN 0164-1212
  68. 68.
    Chappelle D (2013) Security in depth reference architecture, release 3.0. White paper, Oracle Corporation, Redwood ShoresGoogle Scholar
  69. 69.
    Joosen W, Lagaisse B, Truyen E, Handekyn K (2012) Towards application driven security dashboards in future middleware. J Internet Serv Appl 3(1):107–115. doi: 10.1007/s13174-011-0047-6, ISSN 1867-4828
  70. 70.
    Gollmann D (2006) Computer security. Wiley,  LondonGoogle Scholar
  71. 71.
    Harrison NB, Avgeriou P (2010) How do architecture patterns and tactics interact? A model and annotation. J Syst Softw 83(10):1735–1758. doi: 10.1016/j.jss.2010.04.067, ISSN 0164-1212
  72. 72.
    Sindre G, Opdahl A (2005) Eliciting security requirements with misuse cases. Requir Eng 10(1):34–44. doi: 10.1007/s00766-004-0194-4, ISSN 0947-3602
  73. 73.
    Howard M, Lipner S (2006) The security development lifecycle. Microsoft Press, Redmond. ISBN 0735622140Google Scholar
  74. 74.
    Fernandez EB, Hashizume K, Buckley I, Larrondo-Petrie MM, VanHilst M (2010) Web services security: standards and products. In: Gutierrez C, Fernandez-Medina E, Piattini M (eds) Web services security development and architecture: theoretical and practical issues, information science reference. Imprint of: IGI Publishing, Hershey. ISBN 1605669504, 9781605669502Google Scholar
  75. 75.
    Fernández EB, Ajaj O, Buckley I, Delessy-Gassant N, Hashizume K, Larrondo-Petrie MM (2012) A survey of patterns for web services security and reliability standards. Future Internet 4(2):430–450. doi: 10.3390/fi4020430 CrossRefGoogle Scholar
  76. 76.
    Voorsluys W, Broberg J, Venugopal S, Buyya R (2009) Cost of virtual machine live migration in clouds: a performance evaluation. In: Proceedings of the 1st international conference on cloud computing, CloudCom ’09. Springer, Berlin, pp 254–265. doi: 10.1007/978-3-642-10665-1_23, ISBN 978-3-642-10664-4
  77. 77.
    Santos N, Gummadi KP, Rodrigues R (2009) Towards trusted cloud computing. In: Proceedings of the 2009 conference on hot topics in cloud computing, HotCloud’09, USENIX Association, BerkeleyGoogle Scholar
  78. 78.
    Zhang F, Huang Y, Wang H, Chen H, Zang B, (2008) PALM: security preserving VM live migration for systems with VMM-enforced protection. In: Trusted infrastructure technologies conference, 2008. APTC ’08. Third Asia-Pacific, pp 9–18. doi: 10.1109/APTC.2008.15
  79. 79.
    Danev B, Masti RJ, Karame GO, Capkun S (2011) Enabling secure VM-vTPM migration in private clouds. In: Proceedings of the 27th annual computer security applications conference, ACSAC ’11. ACM, New York, pp 187–196. doi: 10.1145/2076732.2076759, ISBN 978-1-4503-0672-0
  80. 80.
    Fernandez EB, Monge R, Hashizume K, (2013) Two patterns for cloud computing: secure virtual machine image repository and cloud policy management point. In: 20th conference on pattern languages of programs (PLoP 2013), Monticello, ILGoogle Scholar
  81. 81.
    Buschmann F, Meunier R, Rohnert H, Sommerlad P, Stal M (1996) Pattern-oriented software architecture: a system of patterns. Wiley, New York. ISBN 0-471-95869-7Google Scholar
  82. 82.
    Fernandez EB, Yoshioka N, Washizaki H (2014) Patterns for cloud firewalls. In: AsianPLoP (pattern languages of programs), TokyoGoogle Scholar
  83. 83.
    Li M, Zang W, Bai K, Yu M, Liu P (2013) MyCloud: supporting user-configured privacy protection in cloud computing. In: Proceedings of the 29th annual computer security applications conference, ACSAC ’13. ACM, New York, pp 59–68. doi: 10.1145/2523649.2523680, ISBN 978-1-4503-2015-3
  84. 84.
    Young W, Leveson NG (2014) An integrated approach to safety and security based on systems theory. Commun ACM 57(2):31–35. doi: 10.1145/2556938, ISSN 0001-0782
  85. 85.
    Hogan M, Liu F, Sokol A, Tong J (2011) NIST cloud computing standards roadmap. Special oublication 500-291, National Institute of Standards and TechnologyGoogle Scholar
  86. 86.
    Montanari M, Campbell R (2011) Attack-resilient compliance monitoring for large distributed infrastructure systems. In: 2011 5th international conference on network and system security (NSS), pp 192–199. doi: 10.1109/ICNSS.2011.6060000
  87. 87.
    Zenoss (2014) Unified monitoring and event management. Technical report, ZenossGoogle Scholar
  88. 88.
    Huang J, Nicol D (2013) Trust mechanisms for cloud computing. J Cloud Comput 2(1). doi: 10.1186/2192-113X-2-9
  89. 89.
    Montanari M, Chan E, Larson K, Yoo W, Campbell RH (2013) Distributed security policy conformance. Comput Secur 33:28–40. doi: 10.1016/j.cose.2012.11.007, ISSN 0167-4048
  90. 90.
    Bernstein D, Vij D (2010) Intercloud security considerations. In: 2010 IEEE second international conference on cloud computing technology and science (CloudCom), pp 537–544. doi: 10.1109/CloudCom.82
  91. 91.
    Buyya R, Ranjan R, Calheiros RN (2009) Modeling and simulation of scalable Cloud computing environments and the CloudSim toolkit: challenges and opportunities. In: 2009 international conference on high performance computing and simulation, HPCS 2009, Leipzig, 21–24 June 2009, pp 1–11. doi: 10.1109/HPCSIM.2009.5192685
  92. 92.
    Kretzschmar M, Golling M (2011) Security management spectrum in future multi-provider Inter-Cloud environments: method to highlight necessary further development. In: 2011 5th international DMTF academic alliance workshop on systems and virtualization Management (SVM), pp 1–8. doi: 10.1109/SVM.2011.6096462
  93. 93.
    Senk C (2013) Adoption of security as a service. J Internet Serv Appl 4(1):11. doi: 10.1186/1869-0238-4-11, ISSN 1867-4828
  94. 94.
    Uzunov AV, Fernandez EB (2014) An extensible pattern-based library and taxonomy of security threats for distributed systems. Comput Stand Interfaces 36(4):734–747. doi: 10.1016/j.csi.2013.12.008, ISSN 0920-5489
  95. 95.
    Fernandez EB, Larrondo-Petrie MM, Sorgente T, VanHilst M (2006) A methodology to develop secure systems using patterns. In: Mouratidis H, Giorgini P (eds) Integrating security and software engineering: advances and future vision. IGI Global, Hershey. ISBN 1599041472Google Scholar

Copyright information

© Springer-Verlag London 2015

Authors and Affiliations

  • Eduardo B. Fernandez
    • 1
    Email author
  • Raul Monge
    • 2
  • Keiko Hashizume
    • 1
  1. 1.Department of Computer and Electrical Engineering and Computer ScienceFlorida Atlantic UniversityBoca RatonUSA
  2. 2.Departament of InformaticsUniversidad Técnica Federico Santa MaríaValparaisoChile

Personalised recommendations