Skip to main content

Developing dependable and secure cloud applications


Ingo Weber, Surya Nepal and Liming Zhu




Re-published in the digest magazine IEEE Computing Edge, July 2016


An ever-growing share of applications are provided as SaaS solutions on the basis of public cloud services, such as IaaS or PaaS offerings. Cloud services and the ability to manage and control them programmatically through APIs enabled the rise of continuous deployment and DevOps. DevOps, the abbreviated combination of "development" and "operations", has been defined as "a set of practices intended to reduce the time between committing a change to a system and the change being placed into normal production, while ensuring high quality" [1]. This methodology is rapidly progressing towards mainstream adoption [2], as it allows to deliver new functionality to end users fast and often increasing quality along the way.

However, achieving security (confidentiality, integrity and availability) and dependability (availability, reliability, safety, integrity and maintainability) when developing applications in the context of cloud services and DevOps offers a separate set of challenges. For instance, DevOps typically includes implementing a continuous deployment pipeline (CDP), which automatically tests and deploys new versions of the software. This CDP needs to be secured and checked for errors - else it could spread malicious or erroneous code to all servers, thus easily multiplying any problems by orders of magnitude. Trying to achieve full automation in testing and deployment also puts additional challenges on security and dependability, including requiring better practices around quick recovery, rollback, and resilience.

In this article, we broadly discuss the challenges by analysing the security and dependability challenges for all phases of the software development and data security life cycles of SaaS solutions. We also provide an overview of our research and development that aims to alleviate some of the pain points.

BibTeX Entry

    author           = {Weber, Ingo and Nepal, Surya and Zhu, Liming},
    number           = {3},
    month            = may,
    year             = {2016},
    keywords         = {cloud; dependability; security; devops},
    title            = {Developing Dependable and Secure Cloud Applications},
    volume           = {20},
    pages            = {74--79},
    journal          = {IEEE Internet Computing}


Served by Apache on Linux on seL4.