Skip to main content
SpringerLink
Log in

Contextualised Security Operation Deployment Through MDS@run.time Architecture

  • Conference paper
  • First Online:
Book cover Service-Oriented Computing - ICSOC 2014 Workshops

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 8954))

  • 995 Accesses

Abstract

The fast development of Cloud-based services and applications have a significant impact on Service Oriented Computing as it provides an efficient support to share data and processes. The de-perimeterised vision involved by these Intelligent Service Clouds lead to new security challenges: providing a consistent protection depending on the business environment conditions and on the deployment platform specific threats and vulnerabilities. To fit this context aware protection deployment challenge, we propose a MDS@run.time architecture, coupling Model Driven Security (MDS) and Models@run.time approaches. By this way, security policies (that can be generated via a MDS process) are interpreted at runtime by a security mediator depending on the context. This proposition is illustrated thanks to a proof of concept prototype plugged on top of the FraSCAti middleware.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.enisa.europa.eu/activities/risk-management/current-risk/risk-management-inventory/rm-isms.

  2. 2.

    http://docs.oasis-open.org/soa-rm/v1.0/soa-rm.html.

  3. 3.

    http://frascati.ow2.org.

  4. 4.

    http://www.oasis-opencsa.org/sca.

  5. 5.

    http://cxf.apache.org.

  6. 6.

    An SCA composite is an SCA component containing a set of SCA components.

  7. 7.

    http://www.cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf.

References

  1. Acher, M., Cleve, A., Collet, P., Merle, P., Duchien, L., Lahire, P.: Reverse engineering architectural feature models. In: Crnkovic, I., Gruhn, V., Book, M. (eds.) ECSA 2011. LNCS, vol. 6903, pp. 220–235. Springer, Heidelberg (2011). http://hal.inria.fr/inria-00614984

    Chapter  Google Scholar 

  2. Alam, M., Hafner, M., Breu, R.: Constraint based role based access control in the SECTET-framework a model-driven approach. J. Comput. Secur. 16(2), 223–260 (2008)

    Article  Google Scholar 

  3. Avgerinos, T., Cha, S.K., Rebert, A., Schwartz, E.J., Woo, M., Brumley, D.: Automatic exploit generation. Commun. ACM 57(2), 74–84 (2014). http://doi.acm.org/10.1145/2560217.2560219

    Article  Google Scholar 

  4. Lang, U.: OpenPMF SCaaS: authorization as a service for cloud SOA applications. In: 2010 IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom), pp. 634–643, November 2010

    Google Scholar 

  5. Lucio, L., Zhang, Q., Nguyen, P.H., Amrani, M., Klein, J., Vangheluwe, H., Traon, Y.L.: Chapter 3 - advances in model-driven security. In: Memon, A. (ed.) Advances in Computers, vol. 93, pp. 103–152. Elsevier, Newyork (2014). http://www.sciencedirect.com/science/article/pii/B9780128001622000038

    Google Scholar 

  6. Modi, C., Patel, D., Borisanya, B., Patel, A., Rajarajan, M.: A novel framework for intrusion detection in cloud. In: Proceedings of the Fifth International Conference on Security of Information and Networks (SIN 2012), pp. 67–74. ACM, New York (2012). http://doi.acm.org/10.1145/2388576.2388585

  7. Ouedraogo, W.F., Biennier, F., Ghodous, P.: Adaptive security policy model to deploy business process in cloud infrastructure. In: 2nd International Conference on Cloud Computing and Services Science (CLOSER 2012), pp. 287–290 (2012)

    Google Scholar 

  8. Paraiso, F., Haderer, N., Merle, P., Rouvoy, R., Seinturier, L.: A federated multi-cloud paas infrastructure. In: 5th International Conference on Cloud Computing (CLOUD 2012), pp. 392–399. IEEE (2012)

    Google Scholar 

  9. Paraiso, F., Merle, P., Seinturier, L.: soCloud: A service-oriented component-based PaaS for managing portability, provisioning, elasticity and high availability across multiple clouds. Special Issue on Cloud Computing, Computing Journal, Springer (To appear) (2015)

    Google Scholar 

  10. Seinturier, L., Merle, P., Fournier, D., Dolet, N., Schiavoni, V., Stefani, J.B.: Reconfigurable SCA applications with the FraSCAti platform. In: IEEE International Conference on Services Computing (SCC 2009), pp. 268–275. IEEE (2009)

    Google Scholar 

  11. Seinturier, L., Merle, P., Rouvoy, R., Romero, D., Schiavoni, V., Stefani, J.B.: A component-based middleware platform for reconfigurable service-oriented architectures. Softw. Pract. Exp. 42(5), 559–583 (2012)

    Article  Google Scholar 

  12. Wolter, C., Menzel, M., Schaad, A., Miseldine, P., Meinel, C.: Model-driven business process security requirement specification. J. Sys. Archit. (JSA) 55(4), 211–223 (2009)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Université de Lyon, CNRS INSA-Lyon, LIRIS UMR 5205, 20 avenue Albert Einstein, 69621, Villeurbanne Cedex, France

    Wendpanga Francis Ouedraogo & Frédérique Biennier

  2. Inria Lille - Nord Europe, Parc Scientifique de la Haute Borne, 40 avenue Halley, 59650, Villeneuve d’Ascq, France

    Philippe Merle

Authors
  1. Wendpanga Francis Ouedraogo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Frédérique Biennier
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Philippe Merle
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wendpanga Francis Ouedraogo .

Editor information

Editors and Affiliations

  1. Blaise Pascal University, Aubiere, France

    Farouk Toumani

  2. Politecnico di Milano, Milano, Italy

    Barbara Pernici

  3. Université Paris Dauphine, Paris, France

    Daniela Grigori

  4. Université Claude Bernard Lyon 1, Villeurbanne, France

    Djamal Benslimane

  5. Vienna University of Economics, Vienna, Austria

    Jan Mendling

  6. National Engineering School of Tunis, Tunis, Tunisia

    Nejib Ben Hadj-Alouane

  7. University of Miami, Coral Gables, Florida, USA

    Brian Blake

  8. University Lorraine, Nancy, France

    Olivier Perrin

  9. University of Miami, Coral Gables, Florida, USA

    Iman Saleh Moustafa

  10. Telecom SudParis, Evry, France

    Sami Bhiri

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Ouedraogo, W.F., Biennier, F., Merle, P. (2015). Contextualised Security Operation Deployment Through MDS@run.time Architecture. In: Toumani, F., et al. Service-Oriented Computing - ICSOC 2014 Workshops. Lecture Notes in Computer Science(), vol 8954. Springer, Cham. https://doi.org/10.1007/978-3-319-22885-3_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-22885-3_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-22884-6

  • Online ISBN: 978-3-319-22885-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation