Title :
Towards a Model Based Security Testing Approach of Cloud Computing Environments
Author :
Zech, Philipp ; Felderer, Michael ; Breu, Ruth
Author_Institution :
Inst. of Comput. Sci., Univ. of Innsbruck, Innsbruck, Austria
Abstract :
In recent years Cloud computing became one of the most aggressively emerging computer paradigms resulting in a growing rate of application in the area of IT outsourcing. However, as recent studies have shown, security most of the time is the one requirement, neglected at all. Yet, especially because of the nature of usage of Cloud computing, security is inevitable. Unfortunately, assuring the security of a Cloud computing environment is not a one time task, it is a task to be performed during the complete lifespan of the Cloud. This is motivated by the fact that Clouds undergo daily changes in terms of newly deployed applications and offered services. Based on this assumption, in this paper, we propose a novel model -- based, change -- driven approach, employing risk analysis, to test the security of a Cloud computing environment among all layers. As a main intrusion point, our approach exploits the public service interfaces, as they are a major source of newly introduced vulnerabilities, possibly leading to severe security incidents.
Keywords :
cloud computing; outsourcing; program testing; risk analysis; security of data; IT outsourcing; cloud computing environment; model based security testing approach; public service interface; risk analysis; vulnerability; Analytical models; Cloud computing; Data models; Risk analysis; Security; Testing; Unified modeling language; Cloud Computing; Cloud Security; Fuzzing; Model Based Testing; Risk Analysis; Security Testing; Software Penetration;
Conference_Titel :
Software Security and Reliability Companion (SERE-C), 2012 IEEE Sixth International Conference on
Conference_Location :
Gaithersburg, MD
Print_ISBN :
978-1-4673-2670-4
DOI :
10.1109/SERE-C.2012.11
