Risk-Based Security Testing in Cloud Computing Environments

Author

Zech, Philipp

Author_Institution

Inst. of Comput. Sci., Univ. of Innsbruck Innsbruck, Innsbruck, Austria

fYear

2011

fDate

21-25 March 2011

Firstpage

411

Lastpage

414

Abstract

Assuring the security of a software system in terms of testing nowadays still is a quite tricky task to conduct. Security requirements are taken as a foundation to derive tests to be executed against a system under test. Yet, these positive requirements by far do not cover all the relevant security aspects to be considered. Hence, especially in the event of security testing, negative requirements, derived from risk analysis, are vital to be incorporated. If considering today´s emerging trend in the adoption of cloud computing, security testing even has a more important significance. Due to a cloud´s openness, in theory there exists an infinite number of tests. Hence, a concise technique to incorporate the results of risk analysis in security testing is inevitable. We therefore propose a new model-driven methodology for the security testing of cloud environments, ingesting misuse cases, defined by negative requirements derived from risk analysis.

Keywords

cloud computing; program testing; program verification; security of data; cloud computing; model-driven methodology; risk analysis; risk-based security testing; software system security; Adaptation model; Analytical models; Computational modeling; Risk analysis; Security; Testing; Unified modeling language; Cloud Computing; Model–Driven Testing; Security Testing;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Testing, Verification and Validation (ICST), 2011 IEEE Fourth International Conference on

Conference_Location

Berlin

Print_ISBN

978-1-61284-174-8

Electronic_ISBN

978-0-7695-4342-0

Type

conf

DOI

10.1109/ICST.2011.23

Filename

5770631