No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
A practical approach for detecting multi-tenancy data interference
Abstract
This paper presents a practical solution for identifying tenant data interference defects
when migrating single-tenant legacy code to multi-tenant components or multitenant
microservices.
The paper explains the concepts of multi-tenant components and microservices,
elaborates a formal definition of the multi-tenancy data interference problem based on
information flow control theory, and presents a practical method to identify potential
defects by analysing the code statically. The method has been implemented as a prototype
developer support tool for PHP code.
The implemented support tool prototype demonstrates the method’s effectiveness
for supporting the transformation of single-tenant legacy source code into multi-tenant
components or microservices. It could also be used to confirm that multi-tenant components
or microservices are free of data interference defects. The prototype implementation
has been validated in a case study with code from the open-source enterprise
application SugarCRM. Results indicate that the developed approach significantly increases
the efficiency of multi-tenancy transformation in larger code bases by pointing
out potential defects.
... The authors used the SarF clustering method [66] to eliminate specialists' manual effort in analyzing different architectural views. Furda et al. [18] used static analysis to identify possible data leaks among microservices while migrating from monolithic applications. ...
... Jin et al. demonstrated a method of migration from monolith to microservices using the functionality of execution trace [33], whereas Kamimura et al. [17] proposed this migra-tion using source code analysis. Furda et al. [18] described an approach to identify data interference defects while migrating from monolithic to microservices. They explain the data interference problem based on information flow control theory that can cause data leaks among the microservice components. ...
... Saidani [16] Kamimura et al. [17] Furda et al. [18] De Alwis et al. [19] De Alwis et al. [20] Matias et al. [21] Soldani et al. [22] Eski et al. [23] Ren et al. [24] Ma et al. [25] Walker et al. [26] Walker et al. [27] Walker et al. [28] Pigazzini et al. [29] Marquez et al. [30] Tighilt et al. [31] Kecskemeti et al. [32] Jin et al. [33] Kleehaus et al. [34] Jiang et al. [35] Somashekar et al. [36] Brondolin et al. [12] Ravichandiran et al. [37] Chen et al. [38] Bogner et al. [39] Samardzic et al. [40] Du et al. [41] Meng et al. [42] Jin et al. [43] Zuo et al. [44] Zhou et al. [45] Guo et al. [46] Brandon et al. [47] Christoforou et al. [48] Nunes et al. [49] Li et al. [50] Stojanovic et al. [51] Guan et al. [52] Liu et al. [53] Meng et al. [54] Wu et al. [55] Ma et al. [2] Sun et al. [56] Rademacher [57] Khazaei et al. [58] Chondamrongkul et al. [59] Klinaku et al. [60] Mendonca et al. [61] Mczara et al. [62] Toledo et al. [63] Cerny et al. [1] Auer et al. [64] Bogner et al. [65] Institutional Review Board Statement: Not applicable. ...
Microservice architecture has become the leading design for cloud-native systems. The highly decentralized approach to software development consists of relatively independent services, which provides benefits such as faster deployment cycles, better scalability, and good separation of concerns among services. With this new architecture, one can naturally expect a broad range of advancements and simplifications over legacy systems. However, microservice system design remains challenging, as it is still difficult for engineers to understand the system module boundaries. Thus, understanding and explaining the microservice systems might not be as easy as initially thought. This study aims to classify recently published approaches and techniques to analyze microservice systems. It also looks at the evolutionary perspective of such systems and their analysis. Furthermore, the identified approaches target various challenges and goals, which this study analyzed. Thus, it provides the reader with a roadmap to the discipline, tools, techniques, and open challenges for future work. It provides a guide towards choices when aiming for analyzing cloud-native systems. The results indicate five analytical approaches commonly used in the literature, possibly in combination, towards problems classified into seven categories.
... Gigabit Capable Passive Optical Network (GPON) is an access node technology needed to provide multimedia services (Voice, data, video and other content) for residential and business customers [5]. Analysis of interference data is a way to process data into information so that the characteristics of the data can be understood and useful for problem solving [6]. In this study the problem of interference with telecommunication network equipment with code 1035 is Internet interference consisting of Not Found, Voice Not Found and IPTV Not Found, while interference with code 1054 is interference with communication networks consisting of GPON00, GPON01, GPON02, GPON03, GPON04, and GPON05. ...
XYZ company is a telecommunications company that offers a variety of services to Indonesians, including high-speed internet connection via fiber optic lines. The customer data for 1.000 subscribers will be utilized to conduct an analysis of the disruption generated by the communication network or the main device and other supporting devices connected to the internet network in this study. The classification of data in certain classes will be known using the Naive Bayes Classifier Algorithm, and the results of the classification will be used as a solution to calculate the interference that frequently occurs, namely code 1035 interference caused by customer data not having internet service, voice service, or IPTV service. The code 1054 interference was caused by a mismatch of the customer’s active device in the system during the transition or migration from Copper Cable to Fiber Optic (GPON00-GPON05). The probability of interference code 1035 is TP Rate = 0.988, FP Rate = 0.033, Precision Recall = 0.988, F-Measure = 0.988, MCC = 0.971, ROC Area = 1.000 and PRC Area = 1.000. And accuracy by class code 1054 is TP Rate = 0.984, FP Rate = 0.007, Precision Recall = 0.985, F-Measure = 0.982, MCC = 0.979, ROC Area = 1.000 and PRC Area = 1.000.
This comprehensive article explores the evolution and implementation of multi-tenant architectures in modern cloud computing environments, focusing on their role in Software-as-a-Service solutions. The article examines how these architectures enable efficient resource sharing while maintaining strict data isolation among tenants. This article demonstrates how integrating AI-driven observability frameworks and advanced security mechanisms, such as IAM and KMS, can improve scalability by 70% and reduce operational costs by 60%, offering practical solutions to modern multi-tenant architecture challenges. The article delves into core technical components, including data layer implementation and compute layer architecture, while analyzing advanced security measures and AI-driven observability frameworks. Through extensive case studies and research analysis, the article demonstrates how multi-tenant Publication Issue 308 architectures have revolutionized cloud service delivery by optimizing resource utilization, enhancing operational efficiency, and ensuring robust security measures across various industry sectors.
Purpose: The aim of the chapter is to present the key assumptions for identifying emerging modern trends and technologies which increase rail transport safety. Design/Methodology/Approach: The methodology for this chapter is a critical literature review with theoretical and practical reflections which aim to identify trends in the development of the digitalization of rail transport that have the greatest impact on railway safety. Findings: This chapter identifies key technical solutions that significantly change the approach to understanding digital safety in rail transport. Research limitations/implications: The limitations of the analytical and evaluation study result from the difficulty in identifying those issues that are of the utmost importance to fully explaining the directions for the development of digital economy solutions that improve rail transport safety. Practical implications: The practical nature of the content described has been focused on critical analysis and examples and the identification of the most important solutions currently used in rail transport for safety management focused on the use of technological solutions supporting the achievement of a high level of safety. Originality/Value: The originality lies in the broad perspective of these rail transport digitalization technologies in the context of safety. The multitude of solutions proves the phenomenon of rapid technological progress in this area. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
Microservice migration is a promising technique to incrementally modernise monolithic legacy enterprise applications and enable them to exploit the benefits of Cloud computing environments. In this article we elaborate on three challenges of microservice migration: multi-tenancy, statefulness and data consistency. We show how to identify each of these challenges in legacy code and explain refactoring and architectural pattern-based migration techniques relevant to microser- vice architectures. We explain how multi-tenancy enables microservices to be utilised by different organisations with distinctive requirements, why statefulness affects both availability and reliability of a microservice system and why data consistency challenges are encountered when migrating legacy code that operates on a centralised data repository to microservices operating on decentralised data repositories. We also explain the interdependencies between multi-tenancy, statefulness and data consistency.
Enterprise applications are data-centric information systems that are being increasingly deployed as Software-as-a-Service (SaaS) Cloud offerings. Such service-oriented enterprise applications allow multiple tenants (i.e., groups of service consumers) to share the computational and storage capabilities of a single Cloud application instance. Compared to a more traditional single-tenant application deployment model, a multi-tenant SaaS architecture promises to lower both deployment and maintenance costs. Such cost reductions motivate architects to re-engineer existing enterprise applications to support multi-tenancy at the application level. However, in order to preserve data integrity and data confidentiality, the re-engineering process must guarantee that different tenants allocated to the same application instance cannot access one another’s data, including both persistent values stored in databases and transient values created during calculations.
This chapter presents a method and a set of architectural patterns for systema- tically re-engineering data-sensitive enterprise applications into secure multi- tenant software services that can be deployed to public and private Cloud offerings seamlessly. Architectural refactoring is introduced as a novel re- engineering practice and the necessary steps in multi-tenant refactoring are described from planning to execution to validation (including testing and code reviews). The method and patterns are validated in a fictitious, but realistic and representative case study that was distilled from real-world requirements and application architectures.
A model of cloud services is emerging whereby a few trusted providers manage
the underlying hardware and communications whereas many companies build on this
infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS
applications. From the start, strong isolation between cloud tenants was seen
to be of paramount importance, provided first by virtual machines (VM) and
later by containers, which share the operating system (OS) kernel. Increasingly
it is the case that applications also require facilities to effect isolation
and protection of data managed by those applications. They also require
flexible data sharing with other applications, often across the traditional
cloud-isolation boundaries; for example, when government provides many related
services for its citizens on a common platform. Similar considerations apply to
the end-users of applications. But in particular, the incorporation of cloud
services within `Internet of Things' architectures is driving the requirements
for both protection and cross-application data sharing.
These concerns relate to the management of data. Traditional access control
is application and principal/role specific, applied at policy enforcement
points, after which there is no subsequent control over where data flows; a
crucial issue once data has left its owner's control by cloud-hosted
applications and within cloud-services. Information Flow Control (IFC), in
addition, offers system-wide, end-to-end, flow control based on the properties
of the data. We discuss the potential of cloud-deployed IFC for enforcing
owners' dataflow policy with regard to protection and sharing, as well as
safeguarding against malicious or buggy software. In addition, the audit log
associated with IFC provides transparency, giving configurable system-wide
visibility over data flows. [...]
The advent of Cloud computing led to new ways for developing, engineering, providing and consuming services. As a paradigm building on a set of combined technologies, clouds enable on-demand service provisioning with guaranteed levels of quality on virtualized resources across disparate administrative domains. The latter has been one of the main factors for the wide adoption of clouds. Nevertheless, one class of applications has not yet taken advantage of the added-value of clouds: legacy applications. In this paper we highlight the challenges that arise when porting legacy applications on cloud environments and propose enabling technologies for overcoming these challenges and the corresponding limitations. We emphasize on application analysis and aspects oriented to quality of service, multi-tenancy contexts that affect the application behaviour at runtime, as well as characterization of providers in order to support decision making regarding the optimum ones to host the aforementioned legacy applications following their analysis.
Software as a service is frequently offered in a multi-tenant style, where customers of the application and their end-users share resources such as software and hardware among all users, without necessarily sharing data. It is surprising that, with such a popular paradigm, little agreement exists with regard to the definition, domain, and challenges of multi-tenancy. This absence is detrimental to the research community and the industry, as it hampers progress in the domain of multi-tenancy and enables organizations and academics to wield their own definitions to further their commercial or research agendas.
Software vendors increasingly aim to apply the Software-as-a-Service (SaaS) delivery model instead of the traditional on-premise model. Platforms-as-a-Service (PaaS), such as Google App Engine and Windows Azure, deliver a computing platform and solution stack as a service, but they also aim to facilitate the development of cloud applications (SaaS). Such PaaS offerings should enable third parties to build and deliver multi-tenant SaaS applications while shielding the complexity of the underpinning middleware and infrastructure. This paper compares, on the basis of a practical case study, three different and representative PaaS platforms with respect to their support for SaaS application development. We have reengineered an on-premise enterprise application into a SaaS application and we have subsequently deployed it in three PaaS-based cloud environments. We have investigated the following qualities of the PaaS platforms from the perspective of SaaS development: portability of the application code base, available support for creating and managing multi-tenant-aware applications, and quality of the tool support.
Modern static bug checking tools promise to uncover im-plementation defects in software earlier, more reliably, and at lower cost, than conventional testing techniques. Despite their promise, comparatively few software development or-ganizations make use of these tools. In this talk we summarize common attributes of bug checking tools, explain the main barriers to entry for soft-ware development organizations, provide our own experi-ence in building a bug checking tool and finding bugs in commercially deployed software, and discuss ways in which these tools can be deployed in a software organization.
Multi-tenancy is a relatively new software architecture principle in the realm of the Software as a Service (SaaS) business model. It allows to make full use of the economy of scale, as multiple customers - “tenants” - share the same application and database instance. All the while, the tenants enjoy a highly configurable application, making it appear that the application is deployed on a dedicated server. The major benefits of multi-tenancy are increased utilization of hardware resources and improved ease of maintenance, resulting in lower overall application costs, making the technology attractive for service providers targeting small and medium enterprises (SME). Therefore, migrating existing single-tenant to multi-tenant applications can be interesting for SaaS software companies. In this paper we report on our experiences with reengineering an existing industrial, single-tenant software system into a multi-tenant one using a lightweight reengineering approach.
In this paper we survey static analysis methods for identifying security vulnerabilities in software systems. We cover three areas that have been associated with sources of security vulnerabilities: access-control, information-flow, and application-programming-interface conformance. Because access control mechanisms fall into two major categories, stack-based access control and role-based access control, we discuss static analysis techniques for these two areas of access control separately. Similarly, security violations pertaining to information flow consist of integrity violations and confidentiality violations, and consequently, our discussion of static analysis techniques for information-flow vulnerabilities includes these two topics. For each type of security vulnerability we present our findings in two parts: in the first part we describe recent research results, and in the second part we illustrate implementation techniques by describing selected static analysis algorithms.
Application-level multi-tenancy is an architectural design principle for Software-as-a-Service applications to enable the hosting of multiple customers (or tenants) by a single application instance. Despite the operational cost and maintenance benefits of application-level multi-tenancy, the current middleware component models for multi-tenant application design are inflexible with respect to providing different software variations to different customers.
In this paper we show that this limitation can be solved by a multi-tenancy support layer that combines dependency injection with middleware support for tenant data isolation. Dependency injection enables injecting different software variations on a per tenant basis, while dedicated middleware support facilitates the separation of data and configuration metadata between tenants. We implemented a prototype on top of Google App Engine and we evaluated by means of a case study that the improved flexibility of our approach has little impact on operational costs and upfront application engineering costs.
Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important security policies such as confidentiality. An end-to-end confidentiality policy might assert that secret input data cannot be inferred by an attacker through the attacker's observations of system output; this policy regulates information flow. Conventional security mechanisms such as access control and encryption do not directly address the enforcement of information-flow policies. Recently, a promising new approach has been developed: the use of programming-language techniques for specifying and enforcing information-flow policies. In this paper, we survey the past three decades of research on information-flow security, particularly focusing on work that uses static program analysis to enforce information-flow policies. We give a structured view of recent work in the area and identify some important open challenges.
Today, PHP is one of the most popular programming languages, and is commonly used in the open source community and in industry to build large application frameworks and web applications. In this paper, we discuss our ongoing work on PHP AiR, a framework for PHP Analysis in Rascal. PHP AiR is focused especially on program analysis and empirical software engineering, and is being used actively and effectively in work on evaluating PHP feature usage and system evolution, on program analysis for refactoring and security validation, and on source code metrics. We describe the requirements and design decisions for PHP AiR, summarize current research using PHP AiR, discuss lessons learned, and briefly sketch future work.
A computer implemented method for locating isolation points in an application under multi-tenant environment includes scanning, using a computer device an application by using scanning rules, to obtain potential isolation points and relationships between the potential isolation points; specifying at least one isolation point among the potential isolation points; and screening an isolation point from the potential isolation points by using relationships between the specified at least one isolation point and the remaining potential isolation points.
A dataflow analysis computes an approximation of the values computed at various points in a program by considering how the execution of statements transforms the program's state. Dataflow analyses are often expressed as a reachability problem in a control flow graph. In the presence of procedures, care must be taken to avoid traversing infeasible paths in such graphs, in order to avoid a loss of precision. Efficient algorithms such as IFDS [1] have been devised that only consider interprocedurally feasible paths that contain properly matched call and return statements. In this paper, we observe that another form of infeasible path may arise in the context of object-oriented programs that contain correlated method calls. We present some examples to illustrate this phenomenon, and discuss how a dataflow analysis could be devised that avoids traversing infeasible paths.
Probabilistic security leaks in multi-threaded programs exploit nondeterminism and interleaving. Probabilistic leaks does not leak secret values directly, but secret values influence the probability of public events. The article explains probabilistic leaks, and discusses various methods for checking probabilistic noninterference.
From the Book:In the spring of 1999 I flew to Chicago to consult on a project being done by ThoughtWorks, a small but rapidly growing application development company. The project was one of those ambitious enterprise application projects: a back-end leasing system. Essentially what this system does is to deal with everything that happens to a lease after you've signed on the dotted line. It has to deal with sending out bills, handling someone upgrading one of the assets on the lease, chasing people who don't pay their bills on time, and figuring out what happens when someone returns the assets early. That doesn't sound too bad until you realize that leasing agreements are infinitely varied and horrendously complicated. The business "logic" rarely fits any logical pattern, because after all its written by business people to capture business, where odd small variations can make all the difference in winning a deal. Each of those little victories is yet more complexity to the system. That's the kind of thing that gets me excited: how to take all that complexity and come up with system of objects that can make more tractable. Indeed I belive that the primary benefit of objects is in making complex logic tractable. Developing a good Domain Model (133) for a complex business problem is difficult, but wonderfully satisfying. Yet that's not the end of the problem. Such a domain model has to persisted to a database, and like many projects we were using a relational database. We also had to connect this model to a user interface, provide support to allow remote applications to use our software, and integrate our software with third party packages. All of this on a newtechnology called J2EE which nobody in the world had any real experience in using. Even though this technology was new, we did have the benefit of experience. I'd been doing this kind of thing for ages now with C++, Smalltalk, and CORBA. Many of the ThoughtWorkers had a lot of experience with Forte. We already had the key architectural ideas in our heads, we just had to figure out how to apply them to J2EE. Looking back on it three years later the design is not perfect, but it's stood the test of time pretty damn well. That's the kind of situation that is where this book comes in. Over the years I've seen many enterprise application projects. These projects often contain similar design ideas which have proven to be effective ways to deal with the inevitable complexity that enterprise applications possess. This book is a starting point to capture these design ideas as patterns. The book is organized in two parts. The first part is a set of narrative chapters on a number of important topics in the design of enterprise applications. They introduce various problems in the architecture of enterprise applications and their solutions. However the narrative chapters don't go into much detail on these solutions. The details of the solutions are in the second part, organized as patterns. These patterns are a reference and I don't expect you to read them cover to cover. My intention is that you can read the narrative chapters in part one from start to finish to get a broad picture of what the book covers, then you can dip into the patterns chapters of part two as your interest and needs drive you. So this book is a short narrative book and a longer reference book combined into one. This is a book on enterprise application design. Enterprise applications are about the display, manipulation and storage of large amounts of often complex data and the support or automation of business processes with that data. Examples include reservation systems, financial systems, supply chain systems, and many of the systems that run modern business. Enterprise applications have their own particular challenges and solutions. They are a different animal to embedded systems, control systems, telecoms, or desktop productivity software. So if you work in of these other fields, there's nothing really in this book for you (unless you want to get a feel for what enterprise applications are like.) For a general book on software architecture I'd recommend POSA. There are many architectural issues in building enterprise applications. I'm afraid this book can't be a comprehensive guide to them. In building software I'm a great believer in iterative development. At the heart of iterative development is the notion that you should deliver software as soon as you have something useful to the user, even if it's not complete. Although there are many differences between writing a book and writing software, this notion is one that I think the two share. So this book is an incomplete but (I trust) useful compendium of advice on enterprise application architecture. The primary topics I talk about are: layering of enterprise applications how to structure domain (business) logic the structure of a web user interface how to link in-memory modules (particularly objects) to a relational database how to handle session state in stateless environments some principles of distributionThe list of things I don't talk about is rather longer. I really fancied writing about organizing validation, incorporating messaging and asynchronous communication, security, error handling, clustering, application integration, architectural refactoring, structuring rich-client user interfaces, amongst others. I can only hope to see some patterns appear for this work in the near future. However due to space, time, and lack of cogitation you won't find them in this book. Perhaps I'll do a second volume someday and get into these topics, or maybe someone else will fill these, and other, gaps. Of these, dealing with message based communication is a particularly big issue. Increasingly people who are integrating multiple applications are making use of asynchronous message based communication approaches. There's much to said for using them within an application as well. This book is not intended to be specific for any particular software platform. I first came across these patterns while working with Smalltalk, C++, and CORBA in the late 80's and early 90's. In the late 90's I started to do extensive work in Java and found these patterns applied well both to early Java/CORBA systems and later J2EE based work. More recently I've been doing some initial work with Microsoft's .NET platform and find the patterns apply again. My ThoughtWorks colleagues have also introduced their experiences, particularly with Forte. I can't claim generality across all platforms that ever have been or will be used for enterprise applications, but so far these patterns have shown enough recurrence to be useful. I have provided code exampl for most of these patterns. My choice of language for the code examples is based on what I think most readers are likely to be able to read and understand. Java's a good choice here. Anyone who can read C or C++ can read Java, yet Java is much less complex than C++. Essentially most C++ programmers can read Java but not vice versa. I'm an object bigot, so inevitably lean to an OO language. As a result most of the code examples are in Java. As I was working on the book Microsoft started stabilizing their .NET environment, and their C# language has most of the same properties as Java for an author. So I did some of the code examples in C# as well, although that does introduce some risk since developers don't have much experience with .NET yet and so the idioms for using it well are less mature. Both are C-based languages so if you can read one you should be able to read both, even if you aren't deeply into that language or platform. My aim was to use a language that the largest amount of software developers can read, even if it's not their primary or preferred language. (My apologies to those who like Smalltalk, Delphi, Visual Basic, Perl, Python, Ruby, COBOL or any other language. I know you think you know a better language than Java or C#, all I can say is I do too!) The examples are there for inspiration and explanation of the ideas in the patterns. They are not canned solutions, in all cases you'll need to do a fair bit of work to fit them into your application. Patterns are useful starting points, but they are not destinations. Who This book Is ForI've written this book for programmers, designers, and architects who are building enterprise applications and who want to either improve their understanding of these architectural issues or improve their communication about them. I'm assuming that most of my readers will fall into two groups: either those with modest needs who are looking to build their own software to handle these issues, or readers with more demanding needs who will be using a tool. For those of modest needs, my intention is that these patters should get you started. In many areas you'll need more than the patterns will give you, but my intention is to provide more of a head start in this field than I got. For tool users I hope this book will be useful to give you some idea of what's happening under the hood, but also help you in making choices between which of the tool supported patterns to use. Using, say, an object-relational mapping tool still means you have to make decisions about how to map certain situations. Reading the patterns should give you some guidance in making the choices. There is a third category, those with demanding needs who want to build their own software for these problems. The first thing I'd say here is look carefully at using tools. I've seen more than one project get sucked into a long exercise at building frameworks which weren't what project was really about. If you're still convinced, go ahead. Remember in this case that many of the code examples in this book are deliberately simplified to help understanding, and you'll find you'll need to do a lot tweaking to handle the greater demands that you'll face. Since patterns are common solutions to recurring problems, there's a good chance that you'll have already come across some of them. If you've been working in enterprise applicat while, you may well know most of them. I'm not claiming to have anything new in this book. Indeed I claim the oppositethis is a book of (for our industry) old ideas. If you're new to this field I hope you'll like this book to help you learn about these techniques. If you're more familiar with the techniques I hope you'll like this book because it helps you communicate and teach these ideas to others. An important part of patterns is trying to build a common vocabulary, so you can say that this class is a Remote Facade (413) and other designers know what you mean. Martin Fowler, Melrose MA, May 2002 http://martinfowler.com
It has become more and more obvious that in Cloud Computing, applications are key drivers to make Cloud business a success. Multi-tenancy is a critical technology to allow one instance of application serving multiple customers at the same time to share Cloud resources and achieve high operational efficiency. There are different options of realizing multi-tenancy, in this paper we describe a transparent approach of making existing Web applications to support multi-tenancy and run in the public Cloud. Our approach includes intercepting the Web requests and deriving the tenant context, carrying the tenant context with a thread in the Web container, manipulating the isolation points (application artifacts that need to be isolated) in a Web application, and propagating tenant context to remote Cloud resources (such as database server, and message queue server) when necessary. With this approach, volumes of existing Web applications could quickly be provisioned through a public Cloud platform without rewriting the original source code. We have also implement a real system based on the common multi-tenancy model that separate the concerns of application developer, SaaS operator, tenant administrator, and tenant user. We finally integrate the SaaS multi-tenancy technique with Cloud platform services.
Advanced static-analysis tools have been found to be effective at finding defects that jeopardize system safety and security. This article describes how these work and outlines their limitations. They are best used in combination with traditional dynamic testing techniques, and can even reduce the cost to create and manage test cases for stringent run-time coverage.
ertification mechanism for verifying the secure flow of information through a program. Because it exploits the properties of a lattice structure among security classes, the procedure is sufficiently simple that it can easily be included in the analysis phase of most existing compilers. Appropriate semantics are presented and proved correct. An important application is the confinement problem: The mechanism can prove that a program cannot cause supposedly nonconfidential results to depend on confidential input data.
This paper investigates mechanisms that guarantee secure information flow in a computer system. These mechanisms are examined within a mathematical framework suitable for formulating the requirements of secure information flow among security classes. The central component of the model is a lattice structure derived from the security classes and justified by the semantics of information flow. The lattice properties permit concise formulations of the security requirements of different existing systems and facilitate the construction of mechanisms that enforce security. The model provides a unifying view of all systems that restrict information flow, enables a classification of them according to security objectives, and suggests some new approaches. It also leads to the construction of automatic program certification mechanisms for verifying the secure flow of information through a program.
Multi-tenancy technology is one of key competencies for network delivery services to achieve higher profit margin by leveraging the economic of scale. This paper explores the requirements and challenges of the native multi-tenancy pattern which have the potential of serving a large volume of clients simultaneously. We provide a framework with a set of multi-tenancy common services to help people design and implement a high quality native multi-tenant application more efficiently. Due to the essential requirement to guarantee service quality with high share efficiency, we present approaches and principles to support better isolations among tenants in many aspects such as security, performance, availability, administration etc. We have already achieved many hand on experiences by applying parts of the design and principles into a real multi-tenant application, and identified some future research points to better safeguard the quality of service for each tenant.
CORE ...........................................................................................................................204 Deep Models .......................................................................................................................................205 Refactoring and Distillation ................................................................................................................205 17. Large-Scale Structure.................................................................................................................206 EVOLVING ORDER .........................................................................................................................208 SYSTEM METAPHOR [BECK 2000] .................................................................................................209 PLUGGABLE COMPONENTS.............................................................................................................210 ABSTRACT DOMAIN FRAMEWORK .................................................................................................212 RESPONSIBILITY LAYERS...............................................................................................................212 Large-Scale Structure, Unification Contexts, and Distillation ............................................................223 Refactoring Toward a Fitting Structure...............................................................................................225 Architecture, Architecture Teams, and Large-Scale Structure ............................................................227 18. Game Plans ..................................................................................................................................230 Looking Forward.....
Multi-tenant data architecture
- F Chong
- G Carraro
- R Wolter
Chong, F., Carraro, G., Wolter, R., 2006. Multi-tenant data architecture.
http://ramblingsofraju.com/wp-content/uploads/2016/08/
Multi-Tenant-Data-Architecture.pdf, last accessed April 2018.
Checking applications using security APIs with JOANA
- J Graf
- M Hecker
- M Mohr
- G Snelting
Graf, J., Hecker, M., Mohr, M., Snelting, G., 2015. Checking applications using security APIs with JOANA. In: 8th International Workshop on Analysis of
Security APIs.
Multi-tenant architecture comparison
- J Kabbedijk
- M Pors
- S Jansen
- S Brinkkemper
Kabbedijk, J., Pors, M., Jansen, S., Brinkkemper, S., 2014. Multi-tenant architecture comparison. In: European Conference on Software Architecture. Springer
International Publishing, pp. 202-209.
Symbolic String Verification: An Automata-Based Approach
- F Yu
- T Bultan
- M Cova
- O Ibarra
Yu, F., Bultan, T., Cova, M., Ibarra, O., 2008. Model Checking Software. Vol.
5156 of Lecture Notes in Computer Science. Springer Berlin Heidelberg, Ch.
Symbolic String Verification: An Automata-Based Approach, pp. 306-324.
Programmer's reference guide of zend frame
- Ltd Zend Technologies
Zend Technologies Ltd., 2014. Programmer's reference guide of zend framework 2. http://framework.zend.com/manual/2.3/en/index.html, last
accessed April 2018.
Multi-tenant architecture comparison
- Kabbedijk
Checking applications using security APIs with JOANA
- Graf
Model checking software
- Yu