nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

Towards PaaS Offering of BPMN 2.0 Engines: A Proposal for Service-Level Tenant Isolation

verfasst von : Majid Makki, Dimitri Van Landuyt, Wouter Joosen

Erschienen in: Advances in Service-Oriented and Cloud Computing

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Business processes modeling and management solutions provide powerful abstraction mechanisms for the control flow of complex, task-driven applications, and as such allow for better alignment with business-related concerns. Despite the existence and wide adoption of standardized business process management languages such as WS-BPEL and BPMN 2.0, workflow engines in current Platform-as-a-Service (PaaS) offerings are in practice more restricted, in part for reasons such as vendor lock-in, but also due to restrictions of multi-tenant environments.

In this paper, we explore the main security-related problems caused by offering BPMN2-compliant workflow engines in a multi-tenant PaaS environment, particularly focusing on threats caused by misbehaving tenants and the lack of proper tenant isolation. In addition, we propose a service-level tenant isolation framework that allows PaaS offerings to support workflow engines which comply with the BPMN 2.0 standard, and we discuss the technical feasibility of implementing this framework using Java technologies such as OSGi and the Resource Consumption Management API (JSR-284).

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nächstes Kapitel CEP-Based SLO Evaluation

This is required by the BPMN 2.0 specification for some types of tasks.

The acronym stands for six threat categories namely Spoofing, Tampering with Data, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege.

This is required for portability of tenant applications to other instances of the same BPMN 2.0 engine where the tenant isolation framework is not used.

Rimal, B.P., Choi, E., Lumb, I.: A taxonomy and survey of cloud computing systems. In: INC, IMS and IDC, pp. 44–51 (2009)

Walraven, S., Truyen, E., Joosen, W.: Comparing paas offerings in light of SaaS development. Computing 96(8), 669–724 (2014)CrossRef

AWS: Amazon Simple Workflow Service (Amazon SWF). https://aws.amazon.com/documentation/swf/. Accessed 12 June 2017

Google: Google App Engine Fantasm. https://cloud.google.com/appengine/articles/fantasm. Accessed 12 June 2017

Opara-Martins, J., Sahandi, R., Tian, F.: Critical review of vendor lock-in and its impact on adoption of cloud computing. In: 2014 International Conference on Information Society (i-Society), pp. 92–97. IEEE (2014)

Ko, R.K., Lee, S.S., Wah Lee, E.: Business process management (BPM) standards: a survey. Bus. Process Manag. J. 15(5), 744–791 (2009)CrossRef

Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., et al.: A view of cloud computing. Commun. ACM 53(4), 50–58 (2010)CrossRef

OMG: Business Process Model and Notation 2.0. http://www.omg.org/spec/BPMN/2.0/PDF/. Accessed 04 Aug 2015

OASIS: Web Services Business Process Execution Language. http://docs.oasis-open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.html. Accessed 04 June 2016

10.

Rodero-Merino, L., Vaquero, L.M., Caron, E., Muresan, A., Desprez, F.: Building safe PaaS clouds: a survey on security in multitenant software platforms. Comput. Secur. 31(1), 96–108 (2012)CrossRef

11.

Li, Y., Li, W., Jiang, C.: A survey of virtual machine system: current technology and future trends. In: 2010 Third International Symposium on Electronic Commerce and Security (ISECS), pp. 332–336. IEEE (2010)

12.

Bernstein, D.: Containers and cloud: from LXC to docker to kubernetes. IEEE Cloud Comput. 1(3), 81–84 (2014)CrossRef

13.

Wikipedia: List of BPMN Engines. https://en.wikipedia.org/wiki/List_of_BPMN_2.0_engines. Accessed 05 July 2017

14.

OSGi-Alliance: OSGi specification (2012). https://osgi.org/download/r4v43/osgi.core-4.3.0.pdf. Accessed 19 April 2017

15.

JCP: JSR 284: Resource Consumption Management API. https://jcp.org/en/jsr/detail?id=284. Accessed 12 June 2017

16.

Microsoft: The stride threat model (2015). https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx. Accessed 19 April 2017

17.

Shostack, A.: Threat Modeling: Designing for Security. Wiley, New York (2014)

18.

RedHat-JBoss: jBPM. http://www.jbpm.org/. Accessed 04 June 2017

19.

Alfresco: Activiti User Guide. https://www.activiti.org/userguide/. Accessed 24 May 2017

20.

Czajkowski, G., Daynés, L.: Multitasking without comprimise: a virtual machine evolution. ACM SIGPLAN Not. 36, 125–138 (2001)CrossRef

21.

Herzog, A., Shahmehri, N.: Problems running untrusted services as Java threads. Certification Secur. Inter-Organ. E-Serv. 177, 19–32 (2004)CrossRef

22.

Pawlak, R., Monperrus, M., Petitprez, N., Noguera, C., Seinturier, L.: Spoon: a library for implementing analyses and transformations of Java source code. Softw. Pract. Exp. 46(9), 1155–1179 (2016)CrossRef

23.

Lam, P., Bodden, E., Lhoták, O., Hendren, L.: The soot framework for Java program analysis: a retrospective. In: Cetus Users and Compiler Infrastructure Workshop (CETUS 2011), vol. 15, p. 35 (2011)

24.

Oracle: Java 8 SE platform security. https://docs.oracle.com/javase/8/docs/technotes/guides/security/overview/jsoverview.html. Accessed 19 April 2017

25.

Gong, L., Ellison, G.: Inside Java (TM) 2 Platform Security: Architecture, API Design, and Implementation. Pearson Education, London (2003)

26.

Parallel Universe: Quasar. http://docs.paralleluniverse.co/quasar/. Accessed 09 July 2017

27.

Pathirage, M., Perera, S., Kumara, I., Weerawarana, S.: A multi-tenant architecture for business process executions. In: 2011 IEEE International Conference on Web services (ICWS), pp. 121–128. IEEE (2011)

28.

Apache: Apache ode. http://ode.apache.org/. Accessed 09 July 2017

29.

Yu, D., Zhu, Q., Guo, D., Huang, B., Su, J.: jBPM4S: a multi-tenant extension of jBPM to support BPaaS. In: Bae, J., Suriadi, S., Wen, L. (eds.) AP-BPM 2015. LNBIP, vol. 219, pp. 43–56. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-19509-4_4CrossRef

30.

Walraven, S., De Borger, W., Vanbrabant, B., Lagaisse, B., Van Landuyt, D., Joosen, W.: Adaptive performance isolation middleware for multi-tenant SaaS. In: 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC), pp. 112–121. IEEE (2015)

31.

Krebs, R., Loesch, M., Kounev, S.: Platform-as-a-service architecture for performance isolated multi-tenant applications. In: 2014 IEEE 7th International Conference on Cloud Computing (CLOUD), pp. 914–921. IEEE (2014)

32.

Krebs, R., Momm, C., Kounev, S.: Metrics and techniques for quantifying performance isolation in cloud environments. Sci. Comput. Program. 90, 116–134 (2014)CrossRef

33.

Lin, H., Sun, K., Zhao, S., Han, Y.: Feedback-control-based performance regulation for multi-tenant applications. In: 2009 15th International Conference on Parallel and Distributed Systems (ICPADS), pp. 134–141. IEEE (2009)

34.

Krebs, R., Spinner, S., Ahmed, N., Kounev, S.: Resource usage control in multi-tenant applications. In: 2014 14th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), pp. 122–131. IEEE (2014)

Titel: Towards PaaS Offering of BPMN 2.0 Engines: A Proposal for Service-Level Tenant Isolation
verfasst von: Majid Makki
Dimitri Van Landuyt
Wouter Joosen
Verlag: Springer International Publishing
Buch: Advances in Service-Oriented and Cloud Computing
Print ISBN: 978-3-319-79089-3

Electronic ISBN: 978-3-319-79090-9

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-79090-9_1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner