Skip to main content
SpringerLink
Log in

Building a security reference architecture for cloud systems

  • Original Article
  • Published:
Requirements Engineering Aims and scope Submit manuscript

Abstract

Reference architectures (RAs) are useful tools to understand and build complex systems, and many cloud providers and software product vendors have developed versions of them. RAs describe at an abstract level (no implementation details) the main features of their cloud systems. Security is a fundamental concern in clouds and several cloud vendors provide security reference architectures (SRAs) to describe the security features of their services. A SRA is an abstract architecture describing a conceptual model of security for a cloud system and provides a way to specify security requirements for a wide range of concrete architectures. We propose here a method to build a SRA for clouds defined using UML models and patterns, which goes beyond existing models in providing a global view and a more precise description. We present a metamodel as well as security and misuse patterns for this purpose. We validate our approach by showing that it can describe more precisely existing models and that it has a variety of uses. We describe in detail one of these uses, a way of evaluating the security level of a SRA.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Notes

  1. with no implementation details.

  2. A pattern composed of simpler patterns.

  3. A secure architecture is a specific architecture with some security properties, while a SRA is a generic model representing the security features of any architecture.

  4. Party is also a pattern [65].

  5. Note that this is more precise than using misuse cases [72].

  6. As there is no pattern for this function, we can consider it a “best practice”.

  7. It lacks sections Example, Implementation, Known Uses, Consequences, and Related Patterns.

  8. An attack (threat) pattern describes a specific step leading to a misuse [94]; e.g., using a stolen credential to have access to a DBMS where we can perform a misuse by using SQL injection.

References

  1. Clarke R (2013) Data risks in the cloud. J Theor Appl Electron Commer Res 8(3):59–73. doi:10.4067/S0718-18762013000300005, ISSN 0718-1876

    Article  Google Scholar 

  2. Hashizume K, Rosado DG, Fernández-Medina E, Fernández EB (2013) An analysis of security issues for cloud computing. J Internet Serv Appl 4(1). doi:10.1186/1869-0238-4-5

  3. Avgeriou P (2003) Describing, instantiating and evaluating a reference architecture: a case study. Enterp Archit J

  4. Taylor RN, Medvidovic N, Dashofy EM (2009) Software architecture: foundations, theory, and practice. Wiley, London.   ISBN 0470167742, 9780470167748

  5. HP (2011) Understanding the HP CloudSystem Reference Architecture. White paper, Hewlett-Packard Development Company

  6. IBM (2012) IBM SmartCloud. White paper, IBM Corporation

  7. Microsoft Global Foundation Services (2009) Securing Microsoft’s cloud infrastructure. Technical report, Microsoft

  8. NIST Cloud Computing Security Working Group (2013) NIST cloud computing security reference architecture. Working document, NIST

  9. Campbell RH, Montanari M, Farivar R (2012) A middleware for assured clouds. J Internet Serv Appl 3(1):87–94. doi:10.1007/s13174-011-0044-9

    Article  Google Scholar 

  10. Hafner M, Memon M, Breu R (2009) SeAAS—a reference architecture for security services in SOA. J UCS 15(15):2916–2936

    Google Scholar 

  11. Hashizume K, Fernandez EB, Larrondo-Petrie MM (2012) Cloud service model patterns. In: 19th international conference on pattern languages of programs (PLoP2012), Tucson, AZ

  12. Hashizume K, Fernandez EB, Larrondo-Petrie M (2012) Cloud infrastructure pattern. In: First international symposium on software architecture and patterns. LACCEI, Panama City, Panama, pp 23–27

  13. Fernandez EB (2013) Security patterns in practice: designing secure architectures using software patterns, 1st edn. Wiley, London.   ISBN 1119998948

  14. Hashizume K, Yoshioka N, Fernandez EB (2013) Three misuse patterns for cloud computing. In: Rosado DG, Mellado D, Fernandez-Medina E, Piattini MG (eds) Security engineering for cloud computing: approaches and tools. IGI Global,  Hershey, pp 36–53. doi:10.4018/978-1-4666-2125-1.ch003

    Chapter  Google Scholar 

  15. Angelov S, Grefen P, Greefhorst D (2012) A framework for analysis and design of software reference architectures. Inf Softw Technol 54(4):417–431. doi:10.1016/j.infsof.2011.11.009, ISSN 0950-5849

  16. CSA (2011) Quick guide to the reference architecture TCI (trusted cloud initiative). Technical report, Cloud Security Alliance

  17. Warmer J, Kleppe A (2003) The object constraint language: getting your models ready for MDA, 2nd edn. Addison-Wesley Longman, Boston. ISBN 0321179366

  18. Garavel H, Graf S (2013) Formal methods for safe and secure computer systems. Technical report. BSI Study 875, Federal Office for Information Security, Bonn

  19. Brown A, Apple B, Michael JB, Schumann MA (2012) Atomic-level security for web applications in a cloud environment. IEEE Comput 45(12):80–83. doi:10.1109/MC.2012.400

    Article  Google Scholar 

  20. Fernández EB, Washizaki H, Yoshioka N, VanHilst M (2011) An approach to model-based development of secure and reliable systems. In: Sixth international conference on availability, reliability and security, ARES, pp 260–265, Vienna. doi:10.1109/ARES.2011.45

  21. Delessy N, Fernandez EB, Larrondo-Petrie MM (2007) A pattern language for identity management. In: Proceedings of the international multi-conference on computing in the global information technology, ICCGI ’07, p 31, IEEE Computer Society, Washington, DC. doi:10.1109/ICCGI.2007.5, ISBN 0-7695-2798-1

  22. Braz FA, Fernández EB, VanHilst M (2008) Eliciting security requirements through misuse activities. In: 19th international workshop on database and expert systems applications (DEXA 2008), 1–5 Sept 2008, Turin, pp 328–333. doi:10.1109/DEXA.2008.101

  23. Fernandez EB, Yoshioka N, Washizaki H, Yoder J (2014) Abstract security patterns for requirements specification and analysis of secure systems. In: WER 2014 conference, a track of the 17th Ibero-American conference on software engineering (CIbSE 2014), Pucon, Chile

  24. Fernandez E, Yuan X (2000) Semantic analysis patterns. In: Laender A, Liddle S, Storey V (eds) Conceptual modeling—ER 2000, vol 1920 of lecture notes in computer science. Springer, Berlin, pp 183–195. doi:10.1007/3-540-45393-8_14, ISBN 978-3-540-41072-0

  25. Fernandez E, Pelaez J, Larrondo-Petrie M (2007) Attack patterns: a new forensic and design tool. In: Craiger P, Shenoi S (eds) Advances in digital forensics III, vol 242 of IFIP—The International Federation for Information Processing. Springer, New York, pp 345–357. doi:10.1007/978-0-387-73742-3_24, ISBN 978-0-387-73741-6

  26. Fernández EB, Yoshioka N, Washizaki H (2009) Modeling misuse patterns. In: Proceedings of the fourth international conference on availability, reliability and security, ARES 2009, 16–19 March, 2009, Fukuoka, pp 566–571. doi:10.1109/ARES.2009.139

  27. Fowler M (2002) Patterns of enterprise application architecture. Addison-Wesley Longman, Boston. ISBN 0321127420

  28. Liu F, Tong J, Mao J, Bohn R, Messina J, Badger L, Leaf D (2011) Cloud computing reference architecture. Special publication 500-292, NIST

  29. Stricker V, Lauenroth K, Corte P, Gittler F, Panfilis SD, Pohl K (2010) Creating a reference architecture for service-based systems—a pattern-based approach. In: Towards the future internet—emerging trends from European research, pp 149–160. doi:10.3233/978-1-60750-539-6-149

  30. Muller G, van de Laar P (2009) Researching reference architectures and their relationships with frameworks, methods, techniques, and tools. In: Kalawsky R, O’Brien J, Goonetilleke T, Grocott C (eds) 7th annual conference on systems engineering research (CSER 2009). Research School of Systems Engineering, Loughborough University, Loughborough

    Google Scholar 

  31. Uzunov AV, Fernandez EB, Falkner K (2012) Securing distributed systems using patterns: a survey. Comput Secur 31(5):681–703. doi:10.1016/j.cose.2012.04.005, ISSN 0167-4048

  32. Object Management Group (2014) Unified Modeling Language™ (UML®) Tech. rep., Object Management Group Inc

  33. Medvidovic N, Taylor R (2000) A classification and comparison framework for software architecture description languages. IEEE Trans Softw Eng 26(1):70–93. doi:10.1109/32.825767, ISSN 0098-5589

  34. OWASP (2013) OWASP Top 10—2013: the ten most critical web application security risks. Technical report, The OWASP Foundation

  35. Chonka A, Xiang Y, Zhou W, Bonti A (2011) Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks. J Netw Comput Appl 34(4):1097–1107. doi:10.1016/j.jnca.2010.06.004, ISSN 1084-8045

  36. Fernandes D, Soares L, Gomes J, Freire M, Inácio P (2014) Security issues in cloud environments: a survey. IntJ Inf Secur 13(2):113–170. doi:10.1007/s10207-013-0208-7, ISSN 1615-5262

  37. Ryan MD (2013) Cloud computing security: the scientific challenge, and a survey of solutions. J Syst Softw 86(9):2263–2268. doi:10.1016/j.jss.2012.12.025, ISSN 0164-1212

  38. Kalloniatis C, Mouratidis H, Vassilis M, Islam S, Gritzalis S, Kavakli E (2014) Towards the design of secure and privacy-oriented information systems in the cloud: identifying the major concepts. Comput Stand Interfaces 36(4):75–759. doi:10.1016/j.csi.2013.12.010, ISSN 0920-5489

  39. Tsugawa M, Matsunaga A, Fortes JA (2014) Cloud computing security: what changes with software-defined networking? In: Jajodia S, Kant K, Samarati P, Singhal A, Swarup V, Wang C (eds) Secure cloud computing. Springer, New York, pp 77–93. doi:10.1007/978-1-4614-9278-8_4, ISBN 978-1-4614-9277-1

  40. Prolexic (2012) DDoS Denial of service protection and the cloud. White paper Prolexic Technologies Inc

  41. Modi C, Patel D, Borisaniya B, Patel H, Patel A, Rajarajan M (2013) A survey of intrusion detection techniques in Cloud. J Netw Comput Appl 36(1):42–57. doi:10.1016/j.jnca.2012.05.003, ISSN 1084-8045

  42. Juels A, Oprea A (2013) New approaches to security and availability for cloud data. Commun ACM 56(2):64–73. doi:10.1145/2408776.2408793, ISSN 0001-0782

  43. EMA (2010) Securing the administration of virtualization. Market research report, Enterprise Management Associates

  44. Moscato F, Aversa R, Di Martino B, Fortis T, Munteanu V (2011) An analysis of mOSAIC ontology for Cloud resources annotation. In: 2011 federated conference on computer science and information systems (FedCSIS), pp 973–980

  45. Zhang M, Ranjan r, Haller A, Georgakopoulos D, Menzel M, Nepal S (2012) An ontology-based system for cloud infrastructure services’ discovery. In: 2012 8th international conference on collaborative computing: networking, applications and worksharing (CollaborateCom), pp 524–530

  46. Lombardi F, Pietro RD (2011) Secure virtualization for cloud computing. J Netw Comput Appl 34(4):1113–1122. doi:10.1016/j.jnca.2010.06.008, ISSN 1084-8045

  47. Malik S, Khan S, Srinivasan S (2013) Modeling and analysis of state-of-the-art VM-based cloud management platforms. IEEE Trans Cloud Comput 1(1):1–1. doi:10.1109/TCC.2013.3, ISSN 2168-7161

  48. Kalantari A, Esmaeli A, Ibrahim S (2012) A service-oriented security reference architecture. Int J Adv Comput Sci Inf Technol (IJACSIT) 1(1):25–31

    Google Scholar 

  49. Dodani M (2010) On ‘cloud nine’ through architecture. J Object Technol 9(3):31–39. doi:10.5381/jot.2010.9.3.c3, ISSN 1660-1769

  50. IBM (2013) IBM cloud computing reference architecture 3.0—security. Technical report, IBM Developer Works, IBM Corporation

  51. OAuth (2014) The OAuth 2.0 authorization framework. Web page, OAuth

  52. Okuhara M, Shiozaki T, Suzuki T (2010) Security architectures for cloud computing. Fujitsu Sci Tech J (FSTJ) 46(4):397–402

    Google Scholar 

  53. Amazon Web Services (2014) Amazon Web Services: overview of security processes. Technical report, Amazon.com Inc.

  54. Cisco HyTrust, VMware, Savvis, Coalfire (2011) PCI-compliant cloud reference architecture. White paper, Payment Card Industry Security Standard Council Data Security Standard

  55. VMWare, SAVVIS (2009) Securing the cloud: a review of cloud computing, security implications and best practices. White paper, VMware Inc.

  56. Wilkins M (2011) Oracle reference architecture: cloud foundation architecture, release 3.0. Technical report E24529–01, Oracle Corporation

  57. Cisco (2009) Cisco SAFE: a security reference Architecture. White paper, Cisco Systems

  58. Juniper Networks (2013) Juniper Networks metafabric architecture. White paper, Juniper Networks Inc.

  59. Haletky E (2013) Trend Micro deep security reference architecture for the secure hybrid cloud. White paper, Trend Micro

  60. E Systems (2014) Eucalyptus reference architectures. Technical report, Eucalyptus Systems

  61. OSA (2014) SP-011: Cloud computing pattern. Technical repoer, OSA

  62. Beckers K, Côté I, Faßbender S, Heisel M, Hofbauer S (2013) A pattern-based method for establishing a cloud-specific information security management system. Requir Eng 18(4):343–395. doi:10.1007/s00766-013-0174-7, ISSN 0947-3602

  63. Uzunov AV, Fernandez EB, Falkner K (2012) Engineering security into distributed systems: a survey of methodologies. J Univers Comput Sci 18(20):2920–3006

    Google Scholar 

  64. Badger L, Bohn RB, Chandramouli R, Grance T, Karygiannis T, Patt-Corner R, Voas J (2010) Cloud computing use cases. Working document. NIST

  65. Fowler M (1997) Analysis patterns: reusable objects models. Addison-Wesley Longman, Boston. ISBN 0-201-89542-0

  66. Papazoglou M, van den Heuvel WJ (2007) Service oriented architectures: approaches, technologies and research issues. VLDB J 16(3):389–415. doi:10.1007/s00778-007-0044-3, ISSN 1066-8888

  67. Mouratidis H, Islam S, Kalloniatis C, Gritzalis S (2013) A framework to support selection of cloud providers based on security and privacy requirements. J Syst Softw 86(9):2276–2293. doi:10.1016/j.jss.2013.03.011, ISSN 0164-1212

  68. Chappelle D (2013) Security in depth reference architecture, release 3.0. White paper, Oracle Corporation, Redwood Shores

    Google Scholar 

  69. Joosen W, Lagaisse B, Truyen E, Handekyn K (2012) Towards application driven security dashboards in future middleware. J Internet Serv Appl 3(1):107–115. doi:10.1007/s13174-011-0047-6, ISSN 1867-4828

  70. Gollmann D (2006) Computer security. Wiley,  London

    Google Scholar 

  71. Harrison NB, Avgeriou P (2010) How do architecture patterns and tactics interact? A model and annotation. J Syst Softw 83(10):1735–1758. doi:10.1016/j.jss.2010.04.067, ISSN 0164-1212

  72. Sindre G, Opdahl A (2005) Eliciting security requirements with misuse cases. Requir Eng 10(1):34–44. doi:10.1007/s00766-004-0194-4, ISSN 0947-3602

  73. Howard M, Lipner S (2006) The security development lifecycle. Microsoft Press, Redmond. ISBN 0735622140

  74. Fernandez EB, Hashizume K, Buckley I, Larrondo-Petrie MM, VanHilst M (2010) Web services security: standards and products. In: Gutierrez C, Fernandez-Medina E, Piattini M (eds) Web services security development and architecture: theoretical and practical issues, information science reference. Imprint of: IGI Publishing, Hershey. ISBN 1605669504, 9781605669502

  75. Fernández EB, Ajaj O, Buckley I, Delessy-Gassant N, Hashizume K, Larrondo-Petrie MM (2012) A survey of patterns for web services security and reliability standards. Future Internet 4(2):430–450. doi:10.3390/fi4020430

    Article  Google Scholar 

  76. Voorsluys W, Broberg J, Venugopal S, Buyya R (2009) Cost of virtual machine live migration in clouds: a performance evaluation. In: Proceedings of the 1st international conference on cloud computing, CloudCom ’09. Springer, Berlin, pp 254–265. doi:10.1007/978-3-642-10665-1_23, ISBN 978-3-642-10664-4

  77. Santos N, Gummadi KP, Rodrigues R (2009) Towards trusted cloud computing. In: Proceedings of the 2009 conference on hot topics in cloud computing, HotCloud’09, USENIX Association, Berkeley

  78. Zhang F, Huang Y, Wang H, Chen H, Zang B, (2008) PALM: security preserving VM live migration for systems with VMM-enforced protection. In: Trusted infrastructure technologies conference, 2008. APTC ’08. Third Asia-Pacific, pp 9–18. doi:10.1109/APTC.2008.15

  79. Danev B, Masti RJ, Karame GO, Capkun S (2011) Enabling secure VM-vTPM migration in private clouds. In: Proceedings of the 27th annual computer security applications conference, ACSAC ’11. ACM, New York, pp 187–196. doi:10.1145/2076732.2076759, ISBN 978-1-4503-0672-0

  80. Fernandez EB, Monge R, Hashizume K, (2013) Two patterns for cloud computing: secure virtual machine image repository and cloud policy management point. In: 20th conference on pattern languages of programs (PLoP 2013), Monticello, IL

  81. Buschmann F, Meunier R, Rohnert H, Sommerlad P, Stal M (1996) Pattern-oriented software architecture: a system of patterns. Wiley, New York. ISBN 0-471-95869-7

  82. Fernandez EB, Yoshioka N, Washizaki H (2014) Patterns for cloud firewalls. In: AsianPLoP (pattern languages of programs), Tokyo

  83. Li M, Zang W, Bai K, Yu M, Liu P (2013) MyCloud: supporting user-configured privacy protection in cloud computing. In: Proceedings of the 29th annual computer security applications conference, ACSAC ’13. ACM, New York, pp 59–68. doi:10.1145/2523649.2523680, ISBN 978-1-4503-2015-3

  84. Young W, Leveson NG (2014) An integrated approach to safety and security based on systems theory. Commun ACM 57(2):31–35. doi:10.1145/2556938, ISSN 0001-0782

  85. Hogan M, Liu F, Sokol A, Tong J (2011) NIST cloud computing standards roadmap. Special oublication 500-291, National Institute of Standards and Technology

  86. Montanari M, Campbell R (2011) Attack-resilient compliance monitoring for large distributed infrastructure systems. In: 2011 5th international conference on network and system security (NSS), pp 192–199. doi:10.1109/ICNSS.2011.6060000

  87. Zenoss (2014) Unified monitoring and event management. Technical report, Zenoss

  88. Huang J, Nicol D (2013) Trust mechanisms for cloud computing. J Cloud Comput 2(1). doi:10.1186/2192-113X-2-9

  89. Montanari M, Chan E, Larson K, Yoo W, Campbell RH (2013) Distributed security policy conformance. Comput Secur 33:28–40. doi:10.1016/j.cose.2012.11.007, ISSN 0167-4048

  90. Bernstein D, Vij D (2010) Intercloud security considerations. In: 2010 IEEE second international conference on cloud computing technology and science (CloudCom), pp 537–544. doi:10.1109/CloudCom.82

  91. Buyya R, Ranjan R, Calheiros RN (2009) Modeling and simulation of scalable Cloud computing environments and the CloudSim toolkit: challenges and opportunities. In: 2009 international conference on high performance computing and simulation, HPCS 2009, Leipzig, 21–24 June 2009, pp 1–11. doi:10.1109/HPCSIM.2009.5192685

  92. Kretzschmar M, Golling M (2011) Security management spectrum in future multi-provider Inter-Cloud environments: method to highlight necessary further development. In: 2011 5th international DMTF academic alliance workshop on systems and virtualization Management (SVM), pp 1–8. doi:10.1109/SVM.2011.6096462

  93. Senk C (2013) Adoption of security as a service. J Internet Serv Appl 4(1):11. doi:10.1186/1869-0238-4-11, ISSN 1867-4828

  94. Uzunov AV, Fernandez EB (2014) An extensible pattern-based library and taxonomy of security threats for distributed systems. Comput Stand Interfaces 36(4):734–747. doi:10.1016/j.csi.2013.12.008, ISSN 0920-5489

  95. Fernandez EB, Larrondo-Petrie MM, Sorgente T, VanHilst M (2006) A methodology to develop secure systems using patterns. In: Mouratidis H, Giorgini P (eds) Integrating security and software engineering: advances and future vision. IGI Global, Hershey. ISBN 1599041472

Download references

Acknowledgements

We thank the reviewers for their careful evaluation and their suggestions that significantly improved the paper. The work of Eduardo Fernandez was supported by the Chilean agency CONICYT, under research contract 80120008.

Author information

Authors and Affiliations

  1. Department of Computer and Electrical Engineering and Computer Science, Florida Atlantic University, Boca Raton, FL, USA

    Eduardo B. Fernandez & Keiko Hashizume

  2. Departament of Informatics, Universidad Técnica Federico Santa María, Valparaiso, Chile

    Raul Monge

Authors
  1. Eduardo B. Fernandez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Raul Monge
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Keiko Hashizume
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eduardo B. Fernandez.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Fernandez, E.B., Monge, R. & Hashizume, K. Building a security reference architecture for cloud systems. Requirements Eng 21, 225–249 (2016). https://doi.org/10.1007/s00766-014-0218-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00766-014-0218-7

Keywords

Search

Navigation