DOCSLIB.ORG

Adaptive, Model-Based Cloud Computing Security Management

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Adaptive, Model-Based Cloud Computing Security Management Adaptive, Model-based Cloud Computing Security Management By Mohamed Almorsy A thesis submitted in fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science 2014 Abstract The cloud computing model introduces a new paradigm shift in computing platforms with highly scalable, distributed, and shared computing resources. However, despite the potential cost savings and revenues reaped by adopting the cloud model, it still has a set of open issues that impacts its wide adoption. Security is at the top of these issues. In addition to the traditional technology-related problems, the cloud model introduces a set of new and critical security problems including loss-of-control, lack-of-trust, data isolation, and tenants’ security controls’ integration. These security problems are not mitigated yet by the existing cloud platforms. Cloud security solutions should take into consideration that it is hard to get cloud tenants and service providers to manually customize their shared cloud services’ security. Moreover, the set of a cloud service tenants usually emerges at real-time. Each service tenant usually has a set of security requirements which changes over time to reflect new risks and business objectives. In this research, we have successfully invented a new cloud computing security management platform addressing these security problems. The invented security platform depends on capturing cloud platform, services and security specification details using a set of novel system and security mega-models. Cloud stakeholders use these models to specify their assets-security requirements. Then, our platform automates the integration of these requirements within target services at runtime. Identifying security requirements that need to be satisfied requires deep experience with system and security to pinpoint possible threats, vulnerabilities, and attacks. This is even worse when adopting the cloud model where services are publicly accessible to malicious users who could exploit services’ vulnerabilities and flaws to breach tenants’ security. Our platform delivers a novel, extensible, and online signature-based security analysis service that automates services’ security analysis. The outcomes of the analysis service are feed into our security- patching component. Furthermore, given that tenants do not have direct control on their outsource shared cloud- services, our platform provides a new security monitoring service that automatically realizes tenants’ security metrics, used in assessing services’ security status, into security probes and automatically deploys, collects, and analyzes probes’ generated measurements. We evaluated each component of our platform using a set of benchmark applications. Then, we conducted three case studies using our platform in mitigating three key cloud security problems. The evaluation results are very supportive and demonstrate that our platform successfully automated the security management of the shared, multi-tenant cloud services. ii Acknowledgement I am deeply grateful to my lovely wife Amani Ibrahim, for her love, understanding, encouragement, sacrifice and help. I am also grateful for my parents for raising me up, teaching me to be a good person, and supporting me throughout my studies. I sincerely express my deepest gratitude to my coordinate supervisor, Professor John Grundy, for his supervision and continuous encouragement throughout my PhD study. Without his consistent support, I would not have been able to complete this research project. The first year was really tough and I got many rejections. He kept encouraging and supporting me until I succeed to come up with a good stuff that easily got accepted. He is indeed “a good mentor and a helpful friend”. I thank Prof. Jun Han for his sincere advices and feedback whenever I ask him for this. He is really a very helpful and supportive supervisor. Finally, I thank Swinburne University of Technology and the Faculty of Information and Communication Technologies for offering me a full research scholarship throughout my doctoral program. I also thank the Research Committee of the Faculty of Information and Communication Technologies for research publication funding support and for providing me with financial support to attend conferences. iii Declaration This thesis contains no material which has been accepted for the award of any other degree or diploma, except where due reference is made in the text of the thesis. To the best of my knowledge, this thesis contains no material previously published or written by another person except where due reference is made in the text of the thesis. Mohamed Almorsy iv List of Publications During my PhD project, I have managed to publish a bunch of peer-reviewed conference and journal papers as well as a book chapter that support our analysis, findings and contributions. [1] Mohamed Almorsy, John Grundy, and Amani Ibrahim, “Adaptable, model-driven security engineering for SaaS cloud-based applications”, International Journal of Automated Software Engineering, Volume 29, September 2013. [2] Mohamed Almorsy, John Grundy, and Amani Ibrahim, “Adaptive Security Management in SaaS Applications”, Security, Privacy and Trust in Cloud Systems, Springer. [3] Mohamed Almorsy, John Grundy, and Amani Ibrahim, “Automated Software Architecture Security Risk Analysis Using Formalized Signatures", 2013 IEEE/ACM International Conference on Software Engineering (ICSE 2013), San Franciso, May 2013, IEEE CS Press. [4] Mohamed Almorsy, John C. Grundy, Amani S. Ibrahim, “MDSE@R: Model-Driven Security Engineering at Runtime”, 4th International Symposium on Cyberspace Safety and Security (CSS 2012), Dec 12-13 2012, Melbourne, Australia. [5] Mohamed Almorsy, John C. Grundy, Amani S. Ibrahim, “VAM-aaS: Online Cloud Services Security Vulnerability Analysis and Mitigation-as-a-Service”, The 13th International Conference on Web Information System Engineering (WISE 2012), Nov 28-30 2012, Paphos, Cyprus, Springer. [6] Mohamed Almorsy, John C. Grundy, Amani S. Ibrahim, “Supporting Automated Vulnerability Analysis using Formalized Vulnerability Signatures", 27th IEEE/ACM International Conference on Automated Software Engineering (ASE 2012), Sept 3-7 2012, Essen, Germany, ACM Press. [7] Mohamed Almorsy, John C. Grundy, Amani S. Ibrahim, “Supporting Automated Software Re-Engineering Using "Re-Aspects”, 27th IEEE/ACM International Conference on Automated Software Engineering (ASE 2012), Sept 3-7 2012, Essen, Germany, ACM Press. [8] Mohamed Almorsy, John Grundy and Amani S. Ibrahim, “TOSSMA: A Tenant- Oriented SaaS Security Management Architecture", 5th IEEE Conference on Cloud Computing (CLOUD 2012), IEEE CS Press, Waikiki, Hawai, USA, June 24-29 2012. [9] Mohamed Almorsy, John Grundy and Amani S. Ibrahim, “SMURF: Supporting Multi-tenancy Using Re-Aspects Framework", 17th IEEE International Conference on v Engineering of Complex Computer Systems (ICECCS 2012), Paris, France, July 2012, IEEE CS Press. [10] Mohamed Almorsy, John Grundy and Amani S. Ibrahim, “Collaboration-Based Cloud Computing Security Management Framework", In Proceedings of 2011 IEEE International Conference on Cloud Computing (CLOUD 2011), Washington DC, USA on 4 – 9 July, 2011, IEEE. [11] Mohamed Almorsy, John Grundy Ingo and Mueller, “An analysis of the cloud computing security problem", In Proceedings of the 2010 Asia Pacific Cloud Workshop 2010 (co-located with APSEC2010), Sydney, Nov 30 2010. The following publications, which I am a co-author, have been published during my candidature as a part of my collaboration with colleagues in our research group. [1] Amani S. Ibrahim, John C. Grundy, James Hamlyn-Harris, Mohamed Almorsy, “DIGGER: Identifying Operating System Dynamic Kernel Objects for Run-time Security Analysis", International Journal on Internet and Distributed Computing Systems (IJIDCS). [2] Amani S. Ibrahim, John C. Grundy, James Hamlyn-Harris, Mohamed Almorsy, “Identifying OS Kernel Runtime Objects for Run-time Security Analysis", 6th International Conference on Network and System Security (NSS 2012), Nov 21-23 2012, Wu Yi Shan, Fujian, China, Springer. [3] Amani S. Ibrahim, John C. Grundy, James Hamlyn-Harris, Mohamed Almorsy, “Operating System Kernel Data Disambiguation to Support Security Analysis", 6th International Conference on Network and System Security (NSS 2012), Nov 21-23 2012, Wu Yi Shan, Fujian, China, Springer. [4] Amani S. Ibrahim, John C. Grundy, James Hamlyn-Harris, Mohamed Almorsy, “Supporting Operating System Kernel Data Disambiguation using Points-to Analysis", 27th IEEE/ACM International Conference on Automated Software Engineering (ASE 2012), Sept 3-7 2012, Essen, Germany, ACM Press. [5] Amani S. Ibrahim, James Hamlyn-Harris, John Grundy and Mohamed Almorsy, “Supporting Virtualizaion-Aware Security Solutions using a Systematic Approach to Overcome the Semantic Gap", 5th IEEE Conference on Cloud Computing (CLOUD 2012), IEEE CS Press, Waikiki, Hawai, USA, June 24-29 2012. [6] Amani S. Ibrahim, James Hamlyn-Harris, John Grundy and Mohamed Almorsy, “CloudSec: A Security Monitoring Appliance for Virtual Machines in the IaaS Cloud Model", 5th International Conference on Network and System Security (NSS 2011), Milan, Italy on 6 – 8 September, 2011. vi Table of Contents ABSTRACT ........................................................................................................................................ II ACKNOWLEDGEMENT ....................................................................................................................
Load more

Recommended publications
  • A Survey of Architectural Styles.V4
    Survey of Architectural Styles Alexander Bird, Bianca Esguerra, Jack Li Liu, Vergil Marana, Jack Kha Nguyen, Neil Oluwagbeminiyi Okikiolu, Navid Pourmantaz Department of Software Engineering University of Calgary Calgary, Canada Abstract— In software engineering, an architectural style is a and implementation; the capabilities and experience of highest-level description of an accepted solution to a common developers; and the infrastructure and organizational software problem. This paper describes and compares a selection constraints [30]. These styles are not presented as out-of-the- of nine accepted architectural styles selected by the authors and box solutions, but rather a framework within which a specific applicable in various domains. Each pattern is presented in a software design may be made. If one were to say “that cannot general sense and with a domain example, and then evaluated in be called a layered architecture because the such and such a terms of benefits and drawbacks. Then, the styles are compared layer must communicate with an object other than the layer in a condensed table of advantages and disadvantages which is above and below it” then one would have missed the point of useful both as a summary of the architectural styles as well as a architectural styles and design patterns. They are not intended tool for selecting a style to apply to a particular project. The to be definitive and final, but rather suggestive and a starting paper is written to accomplish the following purposes: (1) to give readers a general sense of several architectural styles and when point, not to be used as a rule book but rather a source of and when not to apply them, (2) to facilitate software system inspiration.
    [Show full text]
  • Diplomarbeit Im Fachbereich Elektrotechnik & Informatik an Der
    Bachelor Thesis Prannoy Mulmi Design and Implementation of an Archive Microservice solution for the Multi-Agent Research and Simulation Distributed System Fakultät Technik und Informatik Faculty of Engineering and Computer Science Department Informations- und Department of Information and Elektrotechnik Electrical Engineering Prannoy Mulmi Design and Implementation of an Archive Microservice solution for the Multi-Agent Research and Simulation Distributed System Bachelor Thesis based on the study regulations for the Bachelor of Engineering degree programme Information Engineering at the Department of Information and Electrical Engineering of the Faculty of Engineering and Computer Science of the Hamburg University of Applied Sciences Supervising examiner : Prof. Dr. rer. nat. Henning Dierks Second Examiner : Prof. Dr. rer. nat. Thomas Clemen Day of delivery 23. Juli 2018 Prannoy Mulmi Title of the Bachelor Thesis Design and Implementation of an Archive Microservice solution for the Multi-Agent Research and Simulation Distributed System Keywords Distributed System, Microservice, Two-Phase commit protocol, Archive, Decentrali- zed data, Multi-Agent Research and Simulation (MARS) Abstract This thesis introduces the design and implementation of an Archive Microservice in the Multi-Agent Research and Simulation (MARS) framework. Due to the distributed architecture of the system, the process of the archive and restore is complex to imple- ment and maintain as there multiple possibilities of failure. This thesis uses different strategies to
    [Show full text]
  • Methods & Tools
    METHODS & TOOLS Practical knowledge for the software developer, tester and project manager ISSN 1661-402X Spring 2011 (Volume 19 - number 1) www.methodsandtools.com The Salesmen/Developers Ratio at Software Vendors Many of us might think that software is a technological industry. Maybe. But maybe not. If you consider Oracle or Microsoft, I suppose that few of us would consider them as technology leaders, but we will all recognize their financial strength and marketing power. Long lasting organizations in the software industry might have more financial strength than technological capabilities. The recent conflict between Oracle and the creator of Hudson, an open source continuous integration server, is just another episode in the opposition between developers- and salesmen-driven software companies. On one side you have Oracle, for which Hudson is just small project inherited from the Sun buyout and that owns the "Hudson" brand. On the other side, you find Kohsuke Kawaguchi, who created Hudson and wants keep some control on its development. Hudson has been "forked", the open source code being used to start another project. You now have a Jenkins CI project that includes most of the active Hudson contributors and a Hudson CI project backed by Oracle and Sonatype, the commercial company behind the Maven project. Everything is however not black and white. Kohsuke Kawaguchi has joined Cloudbees, a company that has some management and financing coming from ex-JBoss managers, people that know how to make money with open source software. These people are not working hard for the only sake of technology evolution. You can judge the main orientation of a company looking at its salesmen/developers ratios.
    [Show full text]
  • Mutable Class Design Pattern Nikolay Malitsky Nova Southeastern University, [email protected]
    Nova Southeastern University NSUWorks CEC Theses and Dissertations College of Engineering and Computing 2016 Mutable Class Design Pattern Nikolay Malitsky Nova Southeastern University, [email protected] This document is a product of extensive research conducted at the Nova Southeastern University College of Engineering and Computing. For more information on research and degree programs at the NSU College of Engineering and Computing, please click here. Follow this and additional works at: https://nsuworks.nova.edu/gscis_etd Part of the Other Computer Sciences Commons, and the Theory and Algorithms Commons Share Feedback About This Item NSUWorks Citation Nikolay Malitsky. 2016. Mutable Class Design Pattern. Doctoral dissertation. Nova Southeastern University. Retrieved from NSUWorks, College of Engineering and Computing. (956) https://nsuworks.nova.edu/gscis_etd/956. This Dissertation is brought to you by the College of Engineering and Computing at NSUWorks. It has been accepted for inclusion in CEC Theses and Dissertations by an authorized administrator of NSUWorks. For more information, please contact [email protected]. Mutable Class Design Pattern by Nikolay Malitsky A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science Graduate School of Computer and Information Sciences Nova Southeastern University 2016 We hereby certify that this dissertation, submitted by Nikolay Malitsky, conforms to acceptable standards and is fully adequate in scope and quality to fulfill the dissertation requirements for the degree of Doctor of Philosophy. _____________________________________________ ________________ Michael J. Laszlo, Ph.D. Date Chairperson of Dissertation Committee _____________________________________________ ________________ Francisco J. Mitropoulos, Ph.D. Date Dissertation Committee Member _____________________________________________ ________________ Amon B.
    [Show full text]
  • Security Pattern Validation and Recognition
    Security-Pattern Recognition and Validation Dissertation Submitted by Michaela Bunke on 12th December 2018 to the Universit¨atBremen Faculty of Mathematics and Computer Science in partial fulfillment of the requirements for the degree of Doktor der Ingenieurwissenschaften { Dr.-Ing. { Reviewed by Prof. Dr. Hans-J¨orgKreowski Universit¨atBremen, Germany and Dr. Karsten Sohr Universit¨atBremen, Germany In Memorial of Ilse Schlamilch Karl Schlamilch Manfred Friedrichs 21 November 1924 03 March 1927 29 August 1935 09 June 2017 19 June 2018 3 July 2017 ABSTRACT The increasing and diverse number of technologies that are connected to the Internet, such as distributed enterprise systems or small electronic devices like smartphones, brings the topic IT security to the foreground. We interact daily with these technologies and spend much trust on a well-established software development process. However, security vulnerabilities appear in software on all kinds of PC(- like) platforms, and more and more vulnerabilities are published, which compromise systems and their users. Thus, software has also to be modified due to changing requirements, bugs, and security flaws and software engineers must more and more face security issues during the software design; especially maintenance programmers must deal with such use cases after a software has been released. In the domain of software development, design patterns have been proposed as the best-known solutions for recurring problems in software design. Analogously, security patterns are best practices aiming at ensuring security. This thesis develops a deeper understanding of the nature of security patterns. It focuses on their validation and detection regarding the support of reviews and maintenance activities.
    [Show full text]
  • A CASE STUDY by Siegfried Steiner ([email protected])
    BIG DATA PROCESSING THE LEAN WAY – A CASE STUDY by Siegfried Steiner ([email protected]) 19/08/14 – 17/01/21 2 Content 1.Preface.............................................................................................................3 2.Abstract...........................................................................................................3 3.The mission.....................................................................................................4 4.Terminology.....................................................................................................5 5.Constraints......................................................................................................6 6.Approach.........................................................................................................7 7.Technology stack.............................................................................................8 8.Development process....................................................................................10 Excursus: Scrum.....................................................................................10 Excursus: Test-driven development........................................................11 9.Into the cloud: Scalability..............................................................................12 Excursus: IPO Model...............................................................................13 1.Input - Receive requests (and process output)..........................................14 Excursus: Front
    [Show full text]
  • Architectural Styles and Patterns
    Architectural Styles and Patterns Wednesday 13 February 13 Architectural Patterns & Styles Consensus Controversy • Established • Philosophy (context- Solutions problem-solution vs components- Common • connections) vocabulary Granularity (vs Document • • Design patterns) Reason over quality • • Categorization Wednesday 13 February 13 Architectural Patterns (Wikipedia) • Presentation- abstraction- • Peer-to-peer control • Service-oriented • Three-tier architecture • Pipeline • Naked Objects Implicit Invocation • Model-View • Controller • Blackboard Wednesday 13 February 13 Architectural Patterns (Shaw & Garland) • Dataflow Systems -- Batch, Pipes and Filters • Call-and-return systems -- Main program and subroutines, OO systems, Hierarchical Layers • Independent components -- Communicating processes, Event systems • Virtual Machines -- Interpreters, Rule-based systems • Data-Centered Systems -- Databases, Hypertext systems Blackboards Wednesday 13 February 13 Elements of Architecture (Shaw & Garland) Components Connectors • Clients • Procedure calls • Servers • Events broadcast • Filters • Database protocols • Layers • Pipes • Databases - What are the structural patterns permitted? - What is the underlying computational model? - What are the invariants of the style? BUT ... - What are examples of its use? - What are the tradeoffs? - ... Wednesday 13 February 13 Architectural Patterns (Baas, Clements & Kazman) • Dataflow Systems -- Batch, Pipes and Filters • Data-Centered -- Repository, Blackboard • Virtual machine -- Interpreter, Rule-based
    [Show full text]
  • Microservices Antipatterns and Pitfalls
    Microservices AntiPatterns and Pitfalls Mark Richards Beijing Boston Farnham Sebastopol Tokyo Microservices Antipatterns and Pitfalls by Mark Richards Copyright © 2016 O’Reilly Media, Inc. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://safaribooksonline.com). For more information, contact our corporate/institutional sales department: 800-998-9938 or [email protected]. Editor: Brian Foster Interior Designer: David Futato Production Editor: Melanie Yarbrough Cover Designer: Karen Montgomery Copyeditor: Christina Edwards Illustrator: Rebecca Demarest Proofreader: Amanda Kersey July 2016: First Edition Revision History for the First Edition 2016-07-06: First Release The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Microservices AntiPatterns and Pitfalls, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc. While the publisher and the author have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the author disclaim all responsibility for errors or omissions, including without limi‐ tation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsi‐ bility to ensure that your use thereof complies with such licenses and/or rights.
    [Show full text]
  • Conceptual Architecture Patterns
    HASSO - PLATTNER - INSTITUT für Softwaresystemtechnik an der Universität Potsdam Conceptual Architecture Patterns Technische Berichte des Hasso-Plattner-Instituts für Softwaresystemtechnik an der Universität Potsdam Technische Berichte des Hasso-Plattner-Instituts für Softwaresystemtechnik an der Universität Potsdam 2 Conceptual Architecture Patterns: FMC-based Representations Bernhard Gröne and Frank Keller (eds.) April 2004 Bibliografische Information Der Deutschen Bibliothek Die Deutsche Bibliothek verzeichnet diese Publikation in der Deutschen Nationalbibliografie; detaillierte bibliografische Daten sind im Internet über http://dnb.ddb.de abrufbar. Die Reihe Technische Berichte des Hasso-Plattner-Instituts für Softwaresystemtechnik an der Universität Potsdam erscheint aperiodisch. Herausgeber: Professoren des Hasso-Plattner-Instituts für Softwaresystemtechnik an der Universität Potsdam Redaktion Bernhard Gröne und Frank Keller EMail {bernhard.groene, frank.keller}@hpi.uni-potsdam.de Vertrieb: Universitätsverlag Potsdam Postfach 60 15 53 14415 Potsdam Fon +49 (0) 331 977 4517 Fax +49 (0) 331 977 4625 e-mail: [email protected] http://info.ub.uni-potsdam.de/verlag.htm Druck allprintmedia gmbH Blomberger Weg 6a 13437 Berlin email: [email protected] © Hasso-Plattner-Institut für Softwaresystemtechnik an der Universität Potsdam, 2004 Dieses Manuskript ist urheberrechtlich geschützt. Es darf ohne vorherige Genehmigung der Herausgeber nicht vervielfältigt werden. Heft 2 (2004) ISBN 3-935024-98-3 ISSN 1613-5652 Conceptual Architecture Patterns: FMC–based Representations Bernhard Gröne and Frank Keller (editors) Research assistants of the chair “Modeling of Software–intensive Systems” Hasso–Plattner–Institute for Software Systems Engineering P.O. Box 900460, 14440 Potsdam, Germany E-mail: {bernhard.groene, frank.keller}@hpi.uni-potsdam.de Abstract This document presents the results of the seminar “Conceptual Architecture Patterns” of the winter term 2002 in the Hasso–Plattner–Institute.
    [Show full text]
  • Middleware Architecture with Patterns and Frameworks
    Middleware Architecture with Patterns and Frameworks Sacha Krakowiak Distributed under a Creative Commons license http://creativecommons.org/licenses/by-nc-nd/3.0/ February 27, 2009 Contents Preface ix References........................................ x 1 An Introduction to Middleware 1-1 1.1 Motivation for Middleware . 1-1 1.2 CategoriesofMiddleware . 1-6 1.3 A Simple Instance of Middleware: Remote Procedure Call . ......... 1-7 1.3.1 Motivations and Requirements . 1-8 1.3.2 Implementation Principles . 1-9 1.3.3 Developing Applications with RPC . 1-11 1.3.4 SummaryandConclusions. .1-13 1.4 Issues and Challenges in Middleware Design . 1-14 1.4.1 DesignIssues ...............................1-14 1.4.2 Architectural Guidelines . 1-15 1.4.3 Challenges ................................1-17 1.5 HistoricalNote .................................. 1-18 References........................................1-19 2 Middleware Principles and Basic Patterns 2-1 2.1 ServicesandInterfaces . 2-1 2.1.1 Basic Interaction Mechanisms . 2-2 2.1.2 Interfaces ................................. 2-3 2.1.3 Contracts and Interface Conformance . 2-5 2.2 ArchitecturalPatterns . 2-9 2.2.1 Multilevel Architectures . 2-9 2.2.2 DistributedObjects . .. .. .. .. .. .. .. .2-12 2.3 Patterns for Distributed Object Middleware . 2-15 2.3.1 Proxy ...................................2-15 2.3.2 Factory ..................................2-16 2.3.3 Adapter..................................2-18 2.3.4 Interceptor ................................2-19 2.3.5 Comparing and Combining Patterns . 2-20 2.4 Achieving Adaptability and Separation of Concerns . ..........2-21 2.4.1 Meta-ObjectProtocols. 2-21 2.4.2 Aspect-Oriented Programming . 2-23 ii CONTENTS 2.4.3 PragmaticApproaches. .2-25 2.4.4 ComparingApproaches .
    [Show full text]
  • Adaptivity of Business Process
    ICONS 2013 : The Eighth International Conference on Systems Adaptivity of Business Process Charif Mahmoudi Fabrice Mourlin Laboratory of Algorithms, Complexity and Logics, Laboratory of Algorithms, Complexity and Logics, Paris 12th University Paris 12th University Créteil, France Creteil, France [email protected] [email protected] Abstract— Enterprise service bus is a software architecture local services is less costly in a number of messages than a middleware used for implementing the interaction between business process using remote services. Blockings are also software applications in a Service Oriented Architecture. We less numerous, and, therefore, the execution of a business have developed a strategy to dynamically manage business process is more efficient. processes. Administrators of service bus need to reconfigure This remark highlights the dependencies between two sites where the business processes are placed. This evolution concepts, the location of business processes and its own has to be done during execution of service through the bus. We definition. The designer should not consider his work in the ensure the availability of process definition. Moreover, placement constraints. In addition, the administrator cannot business process can also be autonomous. This means a process take into account all the dependencies of a process definition which is able to move from one site to another one, where the to find a better placement. Also, our second point is: how business process engine is installed. This provides another approach to design business process. With our "mobile process separate the two. These conclusions led us to consider an migration" template, we separate two concerns, on one side initial configuration of business processes is not satisfactory.
    [Show full text]
  • 623 a Abfangen Temporärer Fehler, 479 Abgesicherter
    Index A allow_url_fopen, 510 allow_url_include, 510 Abfangen temporärer Fehler, 479 Amazon.com, 409 abgesicherter monolithischer Kernel, 135 Ambient Authority, 99, 107, 158, 416, 446 ablaufbasierte Kontrolle, 104 Ambige Interfaces, 476 Abschalten von Javascript, 503 Analysis/Paralysis Pattern, 553 Absichern von Application-Servern, 347 Anfangs- bzw. Endspanne, 571 Absicherung der Ressourcen, 350 Angriffe Absicherung der Verbindungen, 349 Klassifikation, 12 Absicherung von Servern, 169 Angriffsformen Abwehr auf der Netzwerkschicht, 39 lokale, 15 Access Control Context, 95, 203, 214 Anreicherung von Privilegien, 152 Access Control Lists, 108, 118 Antipattern, 99, 473 Access Control Markup Language, 197 API in Form paarweiser Methoden, 509 Access Control Matrix, 564 Append-Only-Recht, 152 Access Control Policies, 195 Application Integration in Acegi, 295 SSO-Infrastruktur, 285 ACL, 108, 118, 291 Application Level Security, 262 Beispiel, 119 Application Server Malware, 119 LTPA, 335 Solitaire, 119 Application Server Security, 313 Active Object, 470 Application Tower, 230 Add-Ons, 445 Application-Server, 330 Administration, 174 Architektur, 318 Administrationsfunktion, 288 Authorisierungscode in der „after the fact“-Sicherheitsmechanismen, Applikation, 329 417 Beispielarchitektur, 320 AJAX, 69 Classloader, 325 Java Script Object Notation, 75 Concurrency, 316 On-Demand JavaScript, 74 Credentials für den Zugriff auf Techniken, 72 Backends, 329 XMLHttpRequest, 72 CSIv2, 318 aktionsintegrierte Sicherheit, 554 Delegation mit Neuerzeugung Alias-Antipattern,
    [Show full text]