Evaluating Security Properties of Architectures in Unpredictable Environments: A Case for Cloud

The continuous evolution and unpredictability underlying service-based systems leads to difficulties in making exact QoS claims about the dependability of architectures interfacing with them. Hence, there is a growing need for new methods to evaluate the dependability of architectures interfacing with such environments. This paper presents a method for evaluating the security quality attribute of architectures in service-based systems. The proposed method combines some properties of the Architectural Tradeoff Analysis Method (ATAM) and security testing using Implied Scenario. In particular, the scenario elicitation process of ATAM is improved by utilising Implied Scenario technique to generate scenarios which may be undetected using plain ATAM. An industrial case study of a problem related to securing data at the Software-as-a-Service layer on Force.com Cloud platform is adopted to validate the new method. The results indicate that our method found four additional security scenarios beyond the plain ATAM, resulting in four new risks and two new tradeoff points.