Protecting software as a service in the clouds by validation

Abstract

The cloud computing has provided customers with various services at its SaaS layer though, few work has been done on the security checking of messages exchanged between a customer and a service provider at SaaS so as to protect SaaS. In this paper we propose a validation model to investigate the SaaS security issue. Rather than installing a set of probes as we have done for the testing web services, in this model we introduce a validation service that plays the role of a firewall and protects our SaaS by verifying the correctness of messages with respect to a set of predefined security rules and forwarding them to their real destinations if they pass the verification or rejecting them otherwise. We develop a prototype model based on the tool known as RV4WS which was developed in our early study on web service runtime verification, as well as a checking engine RVEngine to verify our checking algorithm for the model. A survey on how to use this model for the services deployed on Google App Engine, Window Azure and Oracle Java Cloud Service is also presented. © Springer-Verlag 2013.