{"title":"在云应用开发周期中集成安全","authors":"Marwa A. Elsayed, Mohammad Zulkernine","doi":"10.1109/ICSSA45270.2018.00013","DOIUrl":null,"url":null,"abstract":"Nowadays, more and more business and individuals tune to Software-as-a-Service (SaaS) applications to rapidly access various software capabilities through the Internet. The more SaaS adoption evolves, the more software service providers compete for fast development to cope with the market pace. This trend pushes security after functionality-needs in the priority list. This, in turn, results in delivering applications with potential security risk. The risk is further elevated due to the lack of visibility, control, and regulatory enforcements over consumers' data associated with such applications. Motivated by the raised necessity to consider security-needs at the same priority as functionality-needs, this paper proposes a comprehensive platform to interweave security activities and services from inception through deployment and beyond. Such activities and services are based on information flow control. The platform specifically envisions these activities to devote security into every phase of the development lifecycle of SaaS applications and offer different style of defenses as security services. It promotes for shared security responsibility to gain twofold benefits: a) it helps service providers to protect their SaaS applications from prevalent security threats; b) it enables SaaS consumers to choose a protected application to process their sensitive data with a trust in its security.","PeriodicalId":223442,"journal":{"name":"2018 International Conference on Software Security and Assurance (ICSSA)","volume":"78 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Integrating Security in Cloud Application Development Cycle\",\"authors\":\"Marwa A. Elsayed, Mohammad Zulkernine\",\"doi\":\"10.1109/ICSSA45270.2018.00013\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Nowadays, more and more business and individuals tune to Software-as-a-Service (SaaS) applications to rapidly access various software capabilities through the Internet. The more SaaS adoption evolves, the more software service providers compete for fast development to cope with the market pace. This trend pushes security after functionality-needs in the priority list. This, in turn, results in delivering applications with potential security risk. The risk is further elevated due to the lack of visibility, control, and regulatory enforcements over consumers' data associated with such applications. Motivated by the raised necessity to consider security-needs at the same priority as functionality-needs, this paper proposes a comprehensive platform to interweave security activities and services from inception through deployment and beyond. Such activities and services are based on information flow control. The platform specifically envisions these activities to devote security into every phase of the development lifecycle of SaaS applications and offer different style of defenses as security services. It promotes for shared security responsibility to gain twofold benefits: a) it helps service providers to protect their SaaS applications from prevalent security threats; b) it enables SaaS consumers to choose a protected application to process their sensitive data with a trust in its security.\",\"PeriodicalId\":223442,\"journal\":{\"name\":\"2018 International Conference on Software Security and Assurance (ICSSA)\",\"volume\":\"78 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 International Conference on Software Security and Assurance (ICSSA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSSA45270.2018.00013\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Conference on Software Security and Assurance (ICSSA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSSA45270.2018.00013","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Integrating Security in Cloud Application Development Cycle
Nowadays, more and more business and individuals tune to Software-as-a-Service (SaaS) applications to rapidly access various software capabilities through the Internet. The more SaaS adoption evolves, the more software service providers compete for fast development to cope with the market pace. This trend pushes security after functionality-needs in the priority list. This, in turn, results in delivering applications with potential security risk. The risk is further elevated due to the lack of visibility, control, and regulatory enforcements over consumers' data associated with such applications. Motivated by the raised necessity to consider security-needs at the same priority as functionality-needs, this paper proposes a comprehensive platform to interweave security activities and services from inception through deployment and beyond. Such activities and services are based on information flow control. The platform specifically envisions these activities to devote security into every phase of the development lifecycle of SaaS applications and offer different style of defenses as security services. It promotes for shared security responsibility to gain twofold benefits: a) it helps service providers to protect their SaaS applications from prevalent security threats; b) it enables SaaS consumers to choose a protected application to process their sensitive data with a trust in its security.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
