A security reference architecture for cloud systems

Fernández, Eduardo B.; Monge, Raúl

doi:10.1145/2578128.2578229

Cited by 6 publications

(3 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, Hamid et al (Hamid et al, 2013) have used S&D patterns because their research is focused on embedded systems. Another example is the work of Fernandez and Monge (Fernandez and Monge, 2014) in which they use cloudspecific patterns when discussing a security reference architecture for cloud systems. Attempting to research the usage of security patterns by limiting the scope to a specific environment or a specific set of patterns might have some drawbacks.…”

Section: Research Efforts Towards Security Pattern Usage (Rq10 Rq11mentioning

confidence: 99%

Security patterns: A systematic mapping study

Jafari

Rasoolzadegan

2020

Journal of Computer Languages

View full text Add to dashboard Cite

Security patterns are a means to encapsulate and communicate proven security solutions. They are wellestablished approaches for introducing security into the software development process. Our objective is to explore the research efforts on security patterns and discuss the current state of the art. This study will serve as a guideline for researchers, practitioners, and teachers interested in this field. We have conducted a systematic mapping study of relevant literature from 1997 until the end of 2017 and identified 403 relevant papers, 274 of which were selected for analysis based on quality criteria. This study derives a customized research strategy from established systematic approaches in the literature. We have utilized an exhaustive 3-tier search strategy to ensure a high degree of completeness during the study collection and used a test set to evaluate our search. The first 3 research questions address the demographics of security pattern research such as topic classification, trends, and distribution between academia and industry, along with prominent researchers and venues. The next 9 research questions focus on more indepth analyses such as pattern presentation notations and classification criteria, pattern evaluation techniques, and pattern usage environments. The results and discussions of this study have significant implications for researchers, practitioners, and teachers in software engineering and information security. to the end of 2017 Security pattern related research (Development, Evaluation, Usage)TABLE 1 COMPARISON BETWEEN OUR WORK AND OTHER REVIEWSpattern research and instead, attempted to cover the entire research spectrum in this field. We initially planned to utilize only two search strategies (manual search and backward snowballing), but we found that these two approaches were lacking in a few specific instances. The issue with backward snowballing and manual search is that they rely on the cross-reference relationship between research papers. Papers referenced from multiple other papers, or published in commonly occurring venues are easily discovered, whereas isolated papers in unexpected venues have a chance of never being found. Another issue with backward snowballing stems from its backward nature. The search period for our study was up to the end of 2017, but to find 2017 papers through backward snowballing, we had to analyze papers published after that period (2018 and up) which was out of our scope. Similarly, newer papers with fewer citations are hard to discover through backward snowballing. Adding a database search proved beneficial as we discovered 97 new papers, 64 of which were included.The time period for the study of Uzunov et al. (Uzunov et al., 2012) and Yoshioka et al. (Yoshioka et al., 2008) in Table 1 are not explicitly stated, but are extracted based on the references list. In the work of Bunke et al. (Bunke et al., 2012), the mentioned number of studies consists of other non-primary studies (e.g. tech reports, books, surveys). This work utilizes three search strat...

show abstract

Section: Research Efforts Towards Security Pattern Usage (Rq10 Rq11mentioning

confidence: 99%

Security patterns: A systematic mapping study

Jafari

Rasoolzadegan

2020

Journal of Computer Languages

View full text Add to dashboard Cite

show abstract

“…There is a significant number of security pattern research in software engineering [8,9,[70][71][72][73][74][75]. However, that research focused on general topic and not particularly on the Cloud.…”

Section: Related Workmentioning

confidence: 99%

“…In order to realise this requirement, the Cloud SaaS community is in overwhelming need for structured information about best security practices and security knowledge, to help them design and develop secure Cloud SaaS. So far, there is some research [4][5][6][7][8][9][10][11][12][13][14] on security patterns, and they tend to address a specific security area (e.g., OWASP [11,14] web development security guideline where the focus is only on how to develop a secure code and how to prevent cyber attacks) and do not cover many important aspects, such as privacy and governance. Moreover, there is a lack of structured and united information about security best practices and security knowledge that SaaS developer can use as a guideline for developing Cloud SaaS application from the ground up.…”

Section: Introductionmentioning

confidence: 99%

Security Pattern for Cloud SaaS: From System and Data Security to Privacy Case Study in AWS and Azure

et al. 2019

View full text Add to dashboard Cite

The Cloud is fast becoming a popular platform for SaaS, a popular software delivery model. This is because the Cloud has many advantages over the traditional private infrastructure, such as increased flexibility, no maintenance, less management burden, easy access and easy to share information. However, there are many concerns around issues like system security, communication security, data security, privacy, latency and availability. In addition, when designing and developing Cloud SaaS application, these security issues need to be addressed in order to ensure regulatory compliance, security and trusted environment for Cloud SaaS users. In this paper, we explore the security patterns for Cloud SaaS. We work on the patterns covering different security aspects from system and data security to privacy. Our goal is to produce the security best practices and security knowledge documentation that SaaS developer can use as a guideline for developing Cloud SaaS applications from the ground up. In addition to that, we also provide a case study of security patterns and solutions in AWS and Azure.

show abstract

Analysis of cloud services using OWASP security design

Poongavanam,

et al. 2023

2023 International Conference on Research Methodologies in Knowledge Management, Artificial Intelligence and Telecommunication

View full text Add to dashboard Cite

A security reference architecture for cloud systems

Cited by 6 publications

References 4 publications

Security patterns: A systematic mapping study

Security patterns: A systematic mapping study

Security Pattern for Cloud SaaS: From System and Data Security to Privacy Case Study in AWS and Azure

Analysis of cloud services using OWASP security design

Contact Info

Product

Resources

About