Abstract
-
(a)
Situation faced: In the era of pervasive digitalization, the airline IT software industry is facing a number of challenges from the combination of new distribution channels, social media, Big data, Cloud Computing, etc. One of the major challenges in creating smart and scalable software applications is how to tackle security challenges when components are distributed and operated in hybrid and multiple clouds, whose providers may be independent and heterogeneous. The difficulties reside not only in identifying and expressing the desired level of security in the application, but also in how the security guarantees are influenced by the cloud services used.
-
(b)
Action taken: We exemplify the case with a flight scheduling application prototype developed by Lufthansa Systems and explain how novel approaches are used to address security issues during the development of such a prototype by following the MUSA approach. MUSA stands for Multi-cloud Secure Applications and refers to an EU-funded research project that is developing an integrated solution for the development and operation of secure multi-cloud applications accounting for those security aspects from the beginning. We introduce the MUSA Security DevOps framework and lessons learned from using it.
-
(c)
Results achieved: Lufthansa Systems tested MUSA tools in an exercise to create, deploy and control a new secure application prototype. We describe how these tools were used in the context of the case study presented in this paper. We also analyze the impact that they had in the development, deployment, and operation of the multi-cloud prototype. This analysis is done by means of a user-centered evaluation using questionnaires and informal interviews.
-
(d)
Lessons learned: The most important lesson is the importance of a sound risk analysis from which the security decisions are taken. MUSA framework supports the automation of the risk analysis in a per component basis, helping to systematize the creation of the application risk profile. Another important aspect is how implementing a SecDevOps approach in a multi-cloud scenario proves that it is highly valuable to include security topics together with the regular DevOps methodology. Finally, we must underline the need for cloud standards which enable homogeneous cloud service descriptions that ease the comparison of the services and the offered security controls.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The MUSA solution is the main result of the project MUSA—Multi-cloud Secure Applications project of the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644429.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
References
Alberts CJ, Dorofee A (2002) Managing information security risks: the Octave approach. Addison-Wesley Longman Publishing Co., Boston, MA
Baah A (2017) Agile quality assurance. Bookbaby, Cork
Debski A, Szczepanik B, Malawski M, Spahr S, Muthig D (2018) A scalable, reactive architecture for cloud applications. IEEE Softw 35(2):62–71
Lufthansa Systems (2017) Airline forum 2017: Lufthansa Systems takes airline customers into the digital world. Available via https://www.lhsystems.com/article/airline-forum-2017-lufthansa-systems-takes-airline-customers-digital-world. Accessed Dec 2017
Microsoft (2005) The STRIDE threat model. Available via https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx. Accessed Aug 2017
MODAClouds Project (2012) MOdel-Driven Approach for design and execution of applications on multiple Clouds. FP7-ICT-2011.1.2. 2012–2015. Available via http://www.modaclouds.eu/project/. Accessed Aug 2017
Mohan V, Othmane L (2016) SecDevOps: is it a marketing buzzword? Department of Computer Science, Technische Universität Darmstadt, Darmstadt
NIST (2014) NIST Special Publication 800-53 Revision 4. Available via https://nvd.nist.gov/800-53. Accessed Aug 2017
North Bridge (2013) The future of cloud computing 3rd annual survey, Available via http://www.northbridge.com/2013-cloud-computing-survey. Accessed Apr 2017
OWASP Foundation (2013) OWASP top 10 – 2013. Technical Report. OWASP Foundation. Available via https://www.owasp.org/index.php/Main_Page. Accessed Aug 2017
PaaSage Project (2012) Model based cloud platform upperware. FP7-ICT-2011.1.2. 2012–2016. Available via http://www.paasage.eu/. Accessed Aug 2017
Rios E, Iturbe E, Palacios MC (2017) Self-healing multi-cloud application modelling. In: Proceedings of the 12th international conference on availability, reliability and security, p 93. ACM
Acknowledgements
This work is supported by the European Commission through the MUlti-cloud Secure Applications (MUSA) project under Project ID: 644429.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Somoskői, B. et al. (2019). Airline Application Security in the Digital Economy: Tackling Security Challenges for Distributed Applications in Lufthansa Systems. In: Urbach, N., Röglinger, M. (eds) Digitalization Cases. Management for Professionals. Springer, Cham. https://doi.org/10.1007/978-3-319-95273-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-95273-4_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-95272-7
Online ISBN: 978-3-319-95273-4
eBook Packages: Business and ManagementBusiness and Management (R0)