Title :
Evaluating Security Properties of Architectures in Unpredictable Environments: A Case for Cloud
Author :
Faniyi, Funmilade ; Bahsoon, Rami ; Evans, Andy ; Kazman, Rick
Author_Institution :
Univ. of Birmingham, Birmingham, UK
Abstract :
The continuous evolution and unpredictability underlying service-based systems leads to difficulties in making exact QoS claims about the dependability of architectures interfacing with them. Hence, there is a growing need for new methods to evaluate the dependability of architectures interfacing with such environments. This paper presents a method for evaluating the security quality attribute of architectures in service-based systems. The proposed method combines some properties of the Architectural Tradeoff Analysis Method (ATAM) and security testing using Implied Scenario. In particular, the scenario elicitation process of ATAM is improved by utilising Implied Scenario technique to generate scenarios which may be undetected using plain ATAM. An industrial case study of a problem related to securing data at the Software-as-a-Service layer on Force.com Cloud platform is adopted to validate the new method. The results indicate that our method found four additional security scenarios beyond the plain ATAM, resulting in four new risks and two new tradeoff points.
Keywords :
cloud computing; program testing; quality of service; security of data; software architecture; software reliability; Force.com cloud platform; architectural tradeoff analysis method; architecture dependability; implied scenario technique; quality of service; scenario elicitation process; security testing; software-as-a-service layer; Cloud computing; Computer architecture; Encryption; Sensitivity; Testing; ATAM; Cloud Architectures; Dynamic Architectures; Implied Scenario; Security;
Conference_Titel :
Software Architecture (WICSA), 2011 9th Working IEEE/IFIP Conference on
Conference_Location :
Boulder, CO
Print_ISBN :
978-1-61284-399-5
Electronic_ISBN :
978-0-7695-4351-2
DOI :
10.1109/WICSA.2011.25
