부산대학교 도서관

Nowadays, more and more business and individuals tune to Software-as-a-Service (SaaS) applications to rapidly access various software capabilities through the Internet. The more SaaS adoption evolves, the more software service providers compete for fast development to cope with the market pace. This trend pushes security after functionality-needs in the priority list. This, in turn, results in delivering applications with potential security risk. The risk is further elevated due to the lack of visibility, control, and regulatory enforcements over consumers' data associated with such applications. Motivated by the raised necessity to consider security-needs at the same priority as functionality-needs, this paper proposes a comprehensive platform to interweave security activities and services from inception through deployment and beyond. Such activities and services are based on information flow control. The platform specifically envisions these activities to devote security into every phase of the development lifecycle of SaaS applications and offer different style of defenses as security services. It promotes for shared security responsibility to gain twofold benefits: a) it helps service providers to protect their SaaS applications from prevalent security threats; b) it enables SaaS consumers to choose a protected application to process their sensitive data with a trust in its security.