Software Component as a Service (SCaaS) Defense in Depth

Abstract :

Cloud computing has many advantages such as IT resource sharing, excellent scalability, flexibility and high automation level. Because of these advantages, cloud computing is rapidly becoming the Internet technology future. However, the reuse of the software components in cloud computing has been underachieving for many reasons, some of which involve multiple issues, such as the representations of program components, matching of requirements with existing programs, and so on. Software components contain code that can usually be executed only on specific platforms and an interface which supply the unique access to the component. [1] The code describes the operations that the component will perform when requested and the required input for the component to work correctly. A Software Component as a Service (SCaaS) combines the concept of cloud computing and software reuse. SCaaS delivers software components over the web. A SCaaS user uploads software components to the cloud; then, the SCaaS provider makes these components available on demand typically through a licensing model [1]. As with any cloud service model, SCaaS involves security challenges such as accountability, confidentiality, and integrity. Moreover, because a SCaaS may store user-specific data, it introduces an additional security threat: these components may contain malicious code. In this paper, a cloud that meets the Cloud Security Alliance (CSA) requirements (accountability, confidentiality, and integrity) was built. Also, sandboxing techniques was introduced to testing components before storing them in the cloud. Proxy broadcast re-encryption for securing data in untrusted media was used.

keywords :

Cloud computing; Security; SCaaS; Threats; Sandboxing, Proxy re-encryption