Aus Aifbportal
Wechseln zu:Navigation, Suche

Security-by-Design in der Cloud-Anwendungsentwicklung

Security-by-Design in der Cloud-Anwendungsentwicklung

Veröffentlicht: 2016 Oktober
Erscheinungsort: Wiesbaden
Journal: HMD Praxis der Wirtschaftsinformatik
Nummer: 5
Seiten: 688-697
Verlag: Springer Vieweg
Volume: 53

Referierte Veröffentlichung


Companies increasingly recognize the economical and operational advantages of Cloud Computing, which enables them to realize significant cost savings and to speed up the setup of software applications. Yet, the usage of Cloud Computing requires the consideration of new challenges regarding data security, which pose a serious threat to the adoption of Cloud Computing. This article presents results from the EU-funded PaaSword project, which aims at increasing the trust in Cloud Computing. A holistic data security framework will be developed during the project, whereby the focus is on software developers, who shall be supported during the development of secure cloud applications and services. Therefore, firstly, the underlying architecture concept for secure storage of data is introduced. The context-based access control component is described in further details afterwards. The central aspect of this access control component is a context-based access control model, which can be used by developers to annotate data access objects. The access control model itself builds upon an attribute-based access control model. Thereby, access rights are granted through the evaluation of access rules, which take context attributes into account. Such attributes might, e. g., be the role of a user within an organization, the IP address or type of the requesting device. The PaaSword access control model conceptualizes aspects which shall be considered during the selection of data access rules and with which the context-based access control model determines under which circumstances an access request on which data is allowed. The formulation of such rules is based on the XACML standard, which allows combining single rules with context conditions to more complex policies.

ISSN: 1436-3011
Weitere Informationen unter: Link
DOI Link: 10.1365/s40702-016-0258-1




Betriebliche Informationssysteme