The cloud computing has provided customers with various services at its SaaS layer though, few work has been done on the security checking of messages exchanged between a customer and a service provider at SaaS so as to protect SaaS. In this paper we propose a validation model to investigate the SaaS security issue. Rather than installing a set of probes as we have done for the testing web services, in this model we introduce a validation service that plays the role of a firewall and protects our SaaS by verifying the correctness of messages with respect to a set of predefined security rules and forwarding them to their real destinations if they pass the verification or rejecting them otherwise. We develop a prototype model based on the tool known as RV4WS which was developed in our early study on web service runtime verification, as well as a checking engine RVEngine to verify our checking algorithm for the model. A survey on how to use this model for the services deployed on Google App Engine, Window Azure and Oracle Java Cloud Service is also presented. © Springer-Verlag 2013.
CITATION STYLE
Cao, T. D., & Chiew, K. (2013). Protecting software as a service in the clouds by validation. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7759 LNCS, pp. 35–46). https://doi.org/10.1007/978-3-642-37804-1_5
Mendeley helps you to discover research relevant for your work.