Evaluation of Operational Vulnerability in Cloud Service Management Using Model Checking

We proposed an evaluation method to determine the vulnerability of services instantiated on cloud computing infrastructures to improper system management (e.g., system structure having single point of failures and executions of misconfigurations giving critical effect for services). In this paper, we first define the vulnerability level of services based on the impact of failures. Next, we show how to construct a model for vulnerability evaluations, which can represent the behavior of a cloud system in the occurrence of faults or during the execution of operations. The cloud system model consists of state transition models for components of a system with interdependency relationships. In this model, state transitions in a component invoked by the executions of configuration change operations or the occurrences of component faults can trigger state transitions in other components due to the dependency between these components. Using this model, we analyze the propagation of the fault´s effect between components having interdependencies. Then, we implement the model on the model checker NuSMV, and finally, we demonstrate how to evaluate the vulnerability of the service using the model checking approach through a case study.