Adaptive Cloud Computing Security

Motivating Scenario

To understand the nature of the security problem we are trying to address in this research, we defined a simple, yet comprehensive, motivating scenario that most probably exit in any cloud platform hosting Software-as-a-Service applications, it still cannot be satisfied neither by the existing security management nor security engineering efforts. Here we have SwinSoft, a SaaS business applications development house, decided to develop Galactic as a SaaS ERP system. During the development of Galactic, SwinSoft did use third-party services developed and hosted on BlueCloud and GreenCloud. On the other side we have got three customers interested to use Galactic. However, each tenant has their own security requirements as well as business requirements. The current model required SwinSoft to customize their service and capture such requirements. However, these security requirement will change overtime which means that we need to revisit the service security capabilities every now and then. Thus, there is a need for a multi-tenant automated security engineering approach that could capture different tenants' requirements and enforce such requirements on the target service at runtime.

Motivating Scenario

Adaptive-security management framework architecture

The basic idea of our framework is to extend tenants' security management systems to include the cloud outsourced assets. The new framework will be deployed on the cloud platform and used by different tenants. The new platform covers defining security requirements, analysing cloud services, enforcing defined security requirements, and monitoring the security status of the cloud hosted assets. The framework is also based on the NIST-FISMA security management standard, after being revised to fit with the cloud computing model. The framework  architecture is inspired by the MAPE-K autonomic computing model introduced by IBM and discussed early in this chapter. Below we discuss the responsibilities of each of our approach.

Multi-tenant Security, Logical View

Adaptive Security management framework architecture

Alignment of NIST-FISMA Standard to Fit with the Cloud Computing Model

Management Component: This is a model-based security management component that is responsible for capturing services and security details where service provider system engineers model their services’ architecture, features and behavior and tenants’ security engineers model and verify their own security objectives, requirements, architecture, and metrics. Both models are then weaved together in a tenant secure-system model that guides the next steps of security enforcement and monitoring. This component represents the MAPE-K planning component where users define the policies or utility functions to be used to manage system adaptation.

Enforcement Component: This component is responsible for integrating specified security details, modeled by different service tenants, with the target cloud services. The existing security management efforts, discussed in the related work chapter, focus mainly on automating security controls’ configuration process. Thus, this point is out of our research scope. Actually, another reason is that these security controls may be deployed outside the cloud platform (inside tenant’s network perimeter). Thus, our focus in this component is to support flexible integration of the security controls within the target cloud services. A common security interface was developed to facilitate the integration task. This interface defines a set of functionalities to be realized by the security vendors through a common security controls’ adaptor. This enables security controls to easily integrate with our enforcement component which integrates with cloud services. This component represents the execute component in the MAPE-K model.

Monitoring Component: This component is responsible for generating required security probes according to tenants’ specified metrics (captured in the management layer). These probes are then deployed into the cloud services to capture system behavior and generate corresponding measurements/traces. Moreover, this component is responsible for collecting the measurements generated by these probes (according to metrics specified frequencies) and passing such measurements to the analysis component.

Analysis Component: The analysis component is responsible for two main tasks: performing security analysis of the cloud services including vulnerability and threat analysis. The analysis component analyses the deployed services and their architectures to identify possible flaws and existing security bugs. This helps security engineers from both sides in developing their security models. Moreover, such issues are delegated to the security management component in order to incorporate in the security status reports for tenants as well as dynamically updating the security controls deployed to block the reported security issues. The analysis component also analyses the measurements reported by the monitoring component against a set of predefined metrics’ stable ranges – e.g. number of incorrect user authentications per day should be less than 3 trials, so the analysis component should analyse the reported measures of incorrect authentications. This may also include taking corrective actions to defend against such probable attack. This represents the analysis component in the MAPE-K autonomic computing model.

Service-Security specification model

System description metamodel

Sample OCL-based architecture security analysis signatures

Publications

1.   Mohamed Almorsy, John Grundy, and Amani Ibrahim, “Adaptable, model-driven security engineering for SaaS cloud-based applications”, International Journal of Automated Software Engineering, Volume 29, September 2013...PDF

2. Mohamed Almorsy, John Grundy, and Amani Ibrahim, “Adaptive Security Management in SaaS Applications”, Security, Privacy and Trust in Cloud Systems, Springer...PDF

3. Mohamed Almorsy, John Grundy, and Amani Ibrahim, “Automated Software Architecture Security Risk Analysis Using Formalized Signatures", 2013 IEEE/ACM International Conference on Software Engineering (ICSE 2013), San Franciso, May 2013, IEEE CS Press... PDF   DOI  PPT

4. Mohamed Almorsy, John C. Grundy, Amani S. Ibrahim, “MDSE@R: Model-Driven Security Engineering at Runtime”, 4th International Symposium on Cyberspace Safety and Security (CSS 2012), Dec 12-13 2012, Melbourne, Australia... PDF

5. Mohamed Almorsy, John C. Grundy, Amani S. Ibrahim, “VAM-aaS: Online Cloud Services Security Vulnerability Analysis and Mitigation-as-a-Service”, The 13th International Conference on Web Information System Engineering (WISE 2012), Nov 28-30 2012, Paphos, Cyprus, Springer...PDF

6. Mohamed Almorsy, John C. Grundy, Amani S. Ibrahim, “Supporting Automated Vulnerability Analysis using Formalized Vulnerability Signatures", 27th IEEE/ACM International Conference on Automated Software Engineering (ASE 2012), Sept 3-7 2012, Essen, Germany, ACM Press... PDF

7. Mohamed Almorsy, John C. Grundy, Amani S. Ibrahim, “Supporting Automated Software Re-Engineering Using "Re-Aspects”, 27th IEEE/ACM International Conference on Automated Software Engineering (ASE 2012), Sept 3-7 2012, Essen, Germany, ACM Press...PDF

8. Mohamed Almorsy, John Grundy and Amani S. Ibrahim, “TOSSMA: A Tenant-Oriented SaaS Security Management Architecture", 5th IEEE Conference on Cloud Computing (CLOUD 2012), IEEE CS Press, Waikiki, Hawai, USA, June 24-29 2012...PDF

9. Mohamed Almorsy, John Grundy and Amani S. Ibrahim, “Collaboration-Based Cloud Computing Security Management Framework", In Proceedings of 2011 IEEE International Conference on Cloud Computing (CLOUD 2011), Washington DC, USA on 4 – 9 July, 2011, IEEE...PDF 

10. Mohamed Almorsy, John Grundy Ingo and Mueller, “An analysis of the cloud computing security problem", In Proceedings of the 2010 Asia Pacific Cloud Workshop 2010 (co-located with APSEC2010), Sydney, Nov 30 2010... PDF