Article Preview
Top1. Introduction
Cloud service providers control remotely available services and data, which are often connected with other services. Consequently, ensuring security and privacy (S&P) in cloud services is critical. Many of the cloud security and privacy issues are also true for any kind of distributed system; however, cloud architectures bring new attacks (Fernandez, Monge & Hashizume, 2016). Besides, clouds may store large amounts of sensitive information such as users’ personal information. Thus, the result of a successful attack could be catastrophic because an attacker may compromise data from many users (Fernandez, Monge & Hashizume, 2016).
Because software engineers are not necessarily experts in S&P, resolving S&P concerns throughout the software lifecycle is challenging. Software patterns are abstractions from recurring concrete problems and corresponding solutions that appear in non-arbitrary contexts (Riehle & Zullighoven, 1996) (Fernandez, Yoshioka & Washizaki, 2008) (Nhlabatsi, et al., 2010) (Fernandez, et al., 2014) (Fernandez, et al., 2018) (Washizaki, 2017) (Washizaki, et al., 2018). Besides the numerous cloud S&P patterns reported to date (Hashizume, Yoshioka & Fernandez, 2011) (Hashizume, Yoshioka & Fernandez, 2012) (Reimer, Abraham & Tan, 2013) (Fernandez, Yoshioka & Washizaki, 2014) (Fernandez, Yoshioka & Washizaki, 2015) (Fernandez, Yoshioka & Washizaki, 2015) (Fernandez, Yoshioka & Washizaki, 2016) (Rath, 2018), non-pattern-based knowledge (e.g., practice and principles) is used to handle S&P issues in cloud service development. The sheer volume of S&P patterns and non-pattern-based knowledge makes selecting the appropriate knowledge or combination of patterns and knowledge challenging. Although this issue is relevant to S&P patterns in general, it is more critical in cloud services. First, cloud services and their underlying mechanisms are integrated over multiple layers in a layered cloud stack. Second, a cloud system links numerous devices, and each device has its own deployment model and service. This intertwined system leads to many concerns, including S&P.
The above issues can be mitigated via reference architectures or metamodels that capture and encapsulate the essential concepts related to S&P in layered cloud stacks. Previously, we reported an earlier version of the metamodel (Washizaki, et al., 2016) (Xia, et al., 2018). This study proposes an extension called the “Cloud Security and Privacy Metamodel (CSPM)” to address S&P in cloud services. CSPM integrates and extends existing cloud security metamodels with newly added concepts. CSPM can be used for supporting cloud service development and maintenance (Figure 1). CSPM describes S&P-related knowledge over multiple layers. Besides selecting and combining the appropriate patterns to address S&P issues, CSPM can be used for designing high-level architectures of cloud service systems effectively and efficiently.
As an extension to our previous research, we conducted experiments and a case study to address the following questions:
RQ1: Can CSPM resolve S&P problems and help application of the corresponding patterns?
RQ2: Can CSPM improve the system by efficiently providing S&P solutions?
RQ3: Can CSPM and the corresponding process using CSPM be deployed in practical real-world applications?
RQs 1 and 2 evaluate CSPM from two viewpoints. RQ3 demonstrates the usability of our approach for the metamodel itself and the process we propose. The case study, which involves an application similar to a commercial one using a conventional cloud platform, suggests that CSPM has practical applications in industrial development. Tools such as this metamodel should contribute to the ubiquity of patterns to develop secure systems.
The novel contributions of this paper are as follows:
- 1.
We proposed CSPM, which is a metamodel as the basis for describing S&P-related knowledge over multiple cloud layers. To the best of our knowledge, CSPM is the first metamodel to uniformly handle security-related concepts as well as privacy-related ones over multiple layers.
- 2.
We proposed a S&P awareness process by using CSPM for developing cloud services.
- 3.
We conducted a controlled experiment and a case study based on the proposed process to evaluate the effectiveness of the problem analysis and solution design supported by CSPM.