{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T15:32:03Z","timestamp":1763479923088},"reference-count":40,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2013,9,18]],"date-time":"2013-09-18T00:00:00Z","timestamp":1379462400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Autom Softw Eng"],"published-print":{"date-parts":[[2014,4]]},"DOI":"10.1007\/s10515-013-0133-z","type":"journal-article","created":{"date-parts":[[2013,9,17]],"date-time":"2013-09-17T15:52:09Z","timestamp":1379433129000},"page":"187-224","source":"Crossref","is-referenced-by-count":38,"title":["Adaptable, model-driven security engineering for SaaS cloud-based applications"],"prefix":"10.1007","volume":"21","author":[{"given":"Mohamed","family":"Almorsy","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"John","family":"Grundy","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Amani S.","family":"Ibrahim","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2013,9,18]]},"reference":[{"key":"133_CR1","volume-title":"Extending AspectJ for Separating Regions","author":"S. Akai","year":"2009","unstructured":"Akai, S., Chiba, S.: Extending AspectJ for Separating Regions. ACM, New York (2009)"},{"key":"133_CR2","volume-title":"Proc. of 2010 Asia Pacific Cloud Workshop, Colocated with APSEC","author":"M. Almorsy","year":"2010","unstructured":"Almorsy, M., Grundy, J., Mueller, I.: An analysis of the cloud computing security problem. In: Proc. of 2010 Asia Pacific Cloud Workshop, Colocated with APSEC, Sydney, Australia (2010)"},{"key":"133_CR3","doi-asserted-by":"crossref","first-page":"230","DOI":"10.1145\/2351676.2351709","volume-title":"Proceedings of the 27th IEEE\/ACM International Conference on Automated Software Engineering ASE 2012","author":"M. Almorsy","year":"2012","unstructured":"Almorsy, M., Grundy, J., Ibrahim, A.S.: Supporting automated software re-engineering using re-aspects. In: Proceedings of the 27th IEEE\/ACM International Conference on Automated Software Engineering ASE 2012, New York, NY, USA, 2012, pp.\u00a0230\u2013233. ACM, New York (2012)"},{"key":"133_CR4","volume-title":"Security Engineering: A Guide to Building Dependable Distributed Systems","author":"R. Anderson","year":"2001","unstructured":"Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, New York (2001)"},{"key":"133_CR5","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1145\/1370905.1370910","volume-title":"Proceedings of the Fourth International Workshop on Software Engineering for Secure Systems, SESS \u201908","author":"A. Bauer","year":"2008","unstructured":"Bauer, A., J\u00fcrjens, J.: Security protocols, properties, and their monitoring. In: Proceedings of the Fourth International Workshop on Software Engineering for Secure Systems, SESS \u201908. New York, NY, USA, 2008. pp.\u00a033\u201340. ACM, New York (2008)"},{"key":"133_CR6","doi-asserted-by":"crossref","unstructured":"Blair, G., Bencomo, N., Frame, R.B.: Models@run.time. IEEE Comput., 22\u201327 (2009)","DOI":"10.1109\/MC.2009.326"},{"key":"133_CR7","first-page":"254","volume-title":"Lecture Notes in Computer Science","author":"M. Brock","year":"2010","unstructured":"Brock, M., Goscinski, A.: Toward a framework for cloud security algorithms and architectures for parallel processing. In: Lecture Notes in Computer Science, vol.\u00a06082, pp.\u00a0254\u2013263. Springer, Berlin (2010)"},{"key":"133_CR8","doi-asserted-by":"crossref","first-page":"101","DOI":"10.1109\/CLOUD.2009.63","volume-title":"2009 IEEE International Conference on Cloud Computing","author":"H. Cai","year":"2009","unstructured":"Cai, H., Zhang, K., Zhou, M.J., Gong, W., Cai, J.J., Mao, X.S.: An end-to-end methodology and toolkit for fine granularity SaaS-ization. In: 2009 IEEE International Conference on Cloud Computing, 21\u201325 Sept. 2009, pp.\u00a0101\u2013108 (2009)"},{"key":"133_CR9","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/SERVICES.2010.48","volume-title":"2010 6th World Congress on Services","author":"H. Cai","year":"2010","unstructured":"Cai, H., Wang, N., Zhou, M.J.: A\u00a0transparent approach of enabling SaaS multi-tenancy in the cloud. In: 2010 6th World Congress on Services, 5\u201310 July 2010, pp.\u00a040\u201347 (2010)"},{"key":"133_CR10","unstructured":"Chinchani, R., Iyer, A., Ngo, H., Upadhyaya, S.: A\u00a0target-centric formal model for insider threat and more. Technical Report 2004-16, University of Buffalo, US (2004)"},{"key":"133_CR11","first-page":"1","volume-title":"International Workshop on Software Engineering for Adaptive and Self-Managing Systems","author":"A. Elkhodary","year":"2007","unstructured":"Elkhodary, A., Whittle, J.: A\u00a0survey of approaches to adaptive application security. In: International Workshop on Software Engineering for Adaptive and Self-Managing Systems, pp.\u00a01\u201316 (2007)"},{"key":"133_CR12","first-page":"551","volume-title":"The 9th IEEE International Conference on E-Commerce Technology and 4th IEEE International Conference on Enterprise Computing, E-Commerce, and E-Services, 2007. CEC\/EEE 2007","author":"C.J. Guo","year":"2007","unstructured":"Guo, C.J., Sun, W., Huang, Y., Wang, Z.H., Gao, B.: A framework for native multi-tenancy application development and management. In: The 9th IEEE International Conference on E-Commerce Technology and 4th IEEE International Conference on Enterprise Computing, E-Commerce, and E-Services, 2007. CEC\/EEE 2007, 23\u201326 July 2007, pp.\u00a0551\u2013558 (2007)"},{"key":"133_CR13","first-page":"2916","volume":"15","author":"M. Hafner","year":"2009","unstructured":"Hafner, M., Memon, M., Breu, R.: Seaas\u2014a reference architecture for security services in soa. J. Univers. Comput. Sci. 15, 2916\u20132936 (2009)","journal-title":"J. Univers. Comput. Sci."},{"key":"133_CR14","volume-title":"Supporting Reconfigurable Security Policies for Mobile Programs","author":"B. Hashii","year":"2000","unstructured":"Hashii, B., Malabarba, S., Pandey, R., Bishop, M.: Supporting Reconfigurable Security Policies for Mobile Programs. North-Holland Publishing Co., Amsterdam (2000)"},{"key":"133_CR15","first-page":"41","volume-title":"Proceedings of the 26th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy","author":"X. Jin","year":"2012","unstructured":"Jin, X., Krishnan, R., Sandhu, R.: A\u00a0unified attribute-based access control model covering dac, mac and rbac. In: Proceedings of the 26th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, pp.\u00a041\u201355 (2012)"},{"key":"133_CR16","unstructured":"Johansen, R., Stephan, S., Peter, S.: Yiihaw .net aspect weaver usage guide. http:\/\/www.itu.dk\/~sestoft\/papers\/yiihaw-usage-guide.pdf (2007)"},{"key":"133_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"187","DOI":"10.1007\/3-540-45314-8_14","volume-title":"Fundamental Approaches to Software Engineering","author":"J. J\u00fcrjens","year":"2001","unstructured":"J\u00fcrjens, J.: Towards development of secure systems using UMLsec. In: Fundamental Approaches to Software Engineering. Lecture Notes in Computer Science, vol.\u00a02029, pp.\u00a0187\u2013200. Springer, Berlin (2001)"},{"key":"133_CR18","doi-asserted-by":"crossref","first-page":"408","DOI":"10.1109\/ASE.2001.989840","volume-title":"Proceedings. 16th Annual International Conference on Automated Software Engineering","author":"J. J\u00fcrjens","year":"2001","unstructured":"J\u00fcrjens, J., Wimmel, G.: Formally testing fail-safety of electronic purse protocols. In: Proceedings. 16th Annual International Conference on Automated Software Engineering, Nov. 2001, pp.\u00a0408\u2013411 (2001)"},{"key":"133_CR19","first-page":"49","volume-title":"Proc. of the 3rd Workshop on Requirements for High Assurance Systems","author":"A. Lamsweerde","year":"2003","unstructured":"Lamsweerde, A., Brohez, S., et al.: System goals to intruder anti-goals: attack generation and resolution for security requirements engineering. In: Proc. of the 3rd Workshop on Requirements for High Assurance Systems, Monterey, 2003, pp.\u00a049\u201356. ACM, New York (2003)"},{"key":"133_CR20","first-page":"89","volume":"3","author":"L. Liu","year":"2009","unstructured":"Liu, L., Yu, E., Mylopoulos, J.: Secure i\u2217: engineering secure software systems through social analysis. Int. J. Softw. Inf. 3, 89\u2013120 (2009)","journal-title":"Int. J. Softw. Inf."},{"key":"133_CR21","first-page":"426","volume-title":"The 5th International Conference on the Unified Modeling Language","author":"T. Lodderstedt","year":"2002","unstructured":"Lodderstedt, T., Basin, D., Doser, J.: Secureuml: a uml-based modeling language for model-driven security. In: The 5th International Conference on the Unified Modeling Language, Dresden, Germany, 2002, vol.\u00a02460, pp.\u00a0426\u2013441. Springer, Berlin (2002)"},{"key":"133_CR22","doi-asserted-by":"crossref","DOI":"10.21236\/ADA443493","volume-title":"Security Quality Requirements Engineering (Square) Methodology","author":"N. Mead","year":"2005","unstructured":"Mead, N., Stehney, T.: Security Quality Requirements Engineering (Square) Methodology. ACM, New York (2005)"},{"key":"133_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"192","DOI":"10.1007\/11863908_13","volume-title":"Computer Security\u2014ESORICS 2006","author":"D. Mellado","year":"2006","unstructured":"Mellado, D., Fern\u00e1ndez-Medina, E., Piattini, M.: Applying a security requirements engineering process. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) Computer Security\u2014ESORICS 2006. Lecture Notes in Computer Science, vol.\u00a04189, pp.\u00a0192\u2013206. Springer, Berlin (2006)"},{"key":"133_CR24","doi-asserted-by":"crossref","first-page":"115","DOI":"10.1109\/SERVICES.2010.90","volume-title":"2010 6th World Congress on Services","author":"M. Menzel","year":"2010","unstructured":"Menzel, M., Warschofsky, R., Thomas, I., Willems, C., Meinel, C.: The service security lab: a model-driven platform to compose and explore service security in the cloud. In: 2010 6th World Congress on Services, 5\u201310 July 2010, pp.\u00a0115\u2013122 (2010)"},{"key":"133_CR25","doi-asserted-by":"crossref","first-page":"156","DOI":"10.1109\/ICIW.2008.68","volume-title":"Third International Conference on Internet and Web Applications and Services, 2008. ICIW \u201908","author":"R. Mietzner","year":"2008","unstructured":"Mietzner, R., Leymann, F., Papazoglou, M.P.: Defining composite configurable SaaS application packages using sca, variability descriptors and multi-tenancy patterns. In: Third International Conference on Internet and Web Applications and Services, 2008. ICIW \u201908, 8\u201313 June 2008, pp.\u00a0156\u2013161 (2008)"},{"key":"133_CR26","doi-asserted-by":"crossref","first-page":"357","DOI":"10.1145\/1858996.1859074","volume-title":"Proceedings of the IEEE\/ACM International Conference on Automated Software Engineering, ASE \u201910","author":"L. Montrieux","year":"2010","unstructured":"Montrieux, L., J\u00fcrjens, J., Haley, C.B., Yu, Y., Schobbens, P.-Y., Toussaint, H.: Tool support for code generation from a UMLsec property. In: Proceedings of the IEEE\/ACM International Conference on Automated Software Engineering, ASE \u201910, New York, NY, USA, 2010, pp.\u00a0357\u2013358. ACM, New York (2010)"},{"key":"133_CR27","first-page":"122","volume-title":"IEEE 31st Int. Conf. on Software Engineering","author":"B. Morin","year":"2009","unstructured":"Morin, B., Barais, O., Nain, G., et al.: Taming dynamically adaptive systems using models and aspects. In: IEEE 31st Int. Conf. on Software Engineering, Vancouver, BC, 2009, pp.\u00a0122\u2013132. IEEE Computer Society, Washington (2009)"},{"key":"133_CR28","doi-asserted-by":"crossref","DOI":"10.1145\/1858996.1859040","volume-title":"Security-Driven Model-Based Dynamic Adaptation","author":"B. Morin","year":"2010","unstructured":"Morin, B., Mouelhi, T., Fleurey, F., Traon, Y., Barais, O., J\u00e9z\u00e9quelet, J.: Security-Driven Model-Based Dynamic Adaptation. ACM, New York (2010)"},{"key":"133_CR29","volume-title":"Proceedings of the 11th Int. Conf. on Model Driven Engineering Languages and Systems","author":"T. Mouelhi","year":"2008","unstructured":"Mouelhi, T., Fleurey, F., Baudry, B., Traon, Y.: A model-based framework for security policy specification, deployment and testing. In: Proceedings of the 11th Int. Conf. on Model Driven Engineering Languages and Systems, France, 2008. Springer, Berlin (2008)"},{"key":"133_CR30","doi-asserted-by":"crossref","unstructured":"Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. (2007)","DOI":"10.1142\/S0218194007003240"},{"key":"133_CR31","first-page":"214","volume-title":"2010 the 12th International Conference on Advanced Communication Technology","author":"Z. Pervez","year":"2010","unstructured":"Pervez, Z., Lee, S., Lee, Y.-K.: Multi-tenant, secure, load disseminated SaaS architecture. In: 2010 the 12th International Conference on Advanced Communication Technology, 7\u201310 Feb. 2010, vol.\u00a01, pp.\u00a0214\u2013219 (2010)"},{"key":"133_CR32","first-page":"214","volume-title":"Proceedings of the 12th International Conference on Advanced Communication Technology","author":"Z. Pervez","year":"2010","unstructured":"Pervez, Z., Lee, S., Lee, Y.-K.: Multi-tenant, secure, load disseminated SaaS architecture. In: Proceedings of the 12th International Conference on Advanced Communication Technology, Gangwon-Do, South Korea, pp.\u00a0214\u2013219. IEEE Press, New York (2010)"},{"key":"133_CR33","first-page":"305","volume-title":"19th International Workshop on Database and Expert Systems Application","author":"F. Sanchez-Cid","year":"2008","unstructured":"Sanchez-Cid, F., Mana, A.: Serenity pattern-based software development life-cycle. In: 19th International Workshop on Database and Expert Systems Application, pp.\u00a0305\u2013309 (2008)"},{"key":"133_CR34","doi-asserted-by":"crossref","DOI":"10.1109\/CGO.2003.1191531","volume-title":"Retargetable and Reconfigurable Software Dynamic Translation","author":"K. Scott","year":"2003","unstructured":"Scott, K., Kumar, N., Velusamy, S., et al.: Retargetable and Reconfigurable Software Dynamic Translation. IEEE Computer Society, Washington (2003)"},{"issue":"1","key":"133_CR35","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1007\/s00766-004-0194-4","volume":"10","author":"G. Sindre","year":"2005","unstructured":"Sindre, G., Opdahl, A.: Eliciting security requirements with misuse cases. Requir. Eng. 10(1), 34\u201344 (2005)","journal-title":"Requir. Eng."},{"key":"133_CR36","first-page":"224","volume-title":"Proceedings of the 2010 International Conference on Models in Software Engineering","author":"T. Vogel","year":"2010","unstructured":"Vogel, T., Seibel, A., Giese, H.: The role of models and megamodels at runtime. In: Proceedings of the 2010 International Conference on Models in Software Engineering, pp.\u00a0224\u2013238 (2010)"},{"key":"133_CR37","doi-asserted-by":"crossref","first-page":"336","DOI":"10.1109\/ICISE.2009.894","volume-title":"Proceedings of the 2009 First IEEE International Conference on Information Science and Engineering","author":"D. Wang","year":"2009","unstructured":"Wang, D., Zhang, Y., Zhang, B., Liu, Y.: Research and implementation of a new SaaS service execution mechanism with multi-tenancy support. In: Proceedings of the 2009 First IEEE International Conference on Information Science and Engineering, pp.\u00a0336\u2013339. IEEE Computer Society, Washington (2009)"},{"key":"133_CR38","doi-asserted-by":"crossref","first-page":"388","DOI":"10.1109\/ICIME.2010.5477832","volume-title":"2010 the 2nd IEEE International Conference on Information Management and Engineering (ICIME)","author":"J. Xu","year":"2010","unstructured":"Xu, J., Jinglei, T., Dongjian, H., Linsen, Z., Lin, C., Fang, N.: Research and implementation on access control of management-type SaaS. In: 2010 the 2nd IEEE International Conference on Information Management and Engineering (ICIME), 16\u201318 April 2010, pp.\u00a0388\u2013392 (2010)"},{"key":"133_CR39","doi-asserted-by":"crossref","first-page":"209","DOI":"10.1109\/ICSESS.2010.5552407","volume-title":"2010 IEEE International Conference on Software Engineering and Service Sciences (ICSESS)","author":"X. Zhang","year":"2010","unstructured":"Zhang, X., Shen, B., Tang, X., Chen, W.: From isolated tenancy hosted application to multi-tenancy: toward a systematic migration method for web application. In: 2010 IEEE International Conference on Software Engineering and Service Sciences (ICSESS), 16\u201318 July 2010, pp.\u00a0209\u2013212 (2010)"},{"key":"133_CR40","doi-asserted-by":"crossref","first-page":"244","DOI":"10.1109\/SOSE.2010.34","volume-title":"2010 Fifth IEEE International Symposium on Service Oriented System Engineering (SOSE)","author":"C. Zhong","year":"2010","unstructured":"Zhong, C., Zhang, J., Xia, Y., Yu, H.: Construction of a trusted SaaS platform. In: 2010 Fifth IEEE International Symposium on Service Oriented System Engineering (SOSE), 4\u20135 June 2010, pp.\u00a0244\u2013251 (2010)"}],"container-title":["Automated Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10515-013-0133-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10515-013-0133-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10515-013-0133-z","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,3,6]],"date-time":"2022-03-06T09:15:58Z","timestamp":1646558158000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10515-013-0133-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,9,18]]},"references-count":40,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2014,4]]}},"alternative-id":["133"],"URL":"https:\/\/doi.org\/10.1007\/s10515-013-0133-z","relation":{},"ISSN":["0928-8910","1573-7535"],"issn-type":[{"value":"0928-8910","type":"print"},{"value":"1573-7535","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,9,18]]}}}