Building a security reference architecture for cloud systems
Contemporary middleware must facilitate the customization of a built-in services framework, such that non-functional requirements emerging from the engineering process are met. This must be achieved by facilitating adaptation and selection of appropriate services without carrying the load, footprint, and overhead of a bloated system. We illustrate the concept and approach with an example in the domain of security engineering of a large scale, internet based application in the domain of online document processing. In addition, we sketch why such an approach cannot only yield the desired variants of middleware security services, but also application-driven security dashboards, i.e. the tools to monitor and manage the actual security environment. The resulting research findings plead for a research agenda that revisits reflection and that enables model-driven software techniques to be used in the just-in-time generation of co-existing middleware variants.