Challenges in Formal Methods for Testing and Verification of Cloud Computing Systems

Formal methods are necessary to capture the semantics and behavior of processes of various systems. They characterize and provide insight into the behavior of real systems and thus identify their deterministic and non-deterministic features. The design and deployment of cloud computing systems utilize the current technology development in order to provide the appropriate service and accommodate the increasing demand while maintaining high quality and error free service. In this paper, we discuss the state of the art on using formal methods for the verification of cloud computing systems. Even though formal methods have been used successfully in the design and verification of several aspects of these systems, there are still many design issues in cloud computing that can be enhanced using formal methods. For instance, several scheduling algorithms are being used for cloud frameworks, such as Hadoop for instance, that are found to suffer from scheduling failures. This could have been avoided if the schedular has been properly verified. On the other hand, several new paradigms have evolved with cloud computing such as big data, these require fundamental changed on methods and algorithms that are being used for classical distributed systems, which in turn, increase the chance of having faulty systems that are difficult to highlight using only simulation methods.

[1]  Borko Furht,et al.  Handbook of Cloud Computing , 2010 .

[2]  Rupak Majumdar,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 1997, Lecture Notes in Computer Science.

[3]  Jim Woodcock,et al.  Using Z - specification, refinement, and proof , 1996, Prentice Hall international series in computer science.

[4]  Fabienne Boyer,et al.  An experience report on the verification of autonomic protocols in the cloud , 2013, Innovations in Systems and Software Engineering.

[5]  Radu Mateescu,et al.  CADP 2006: A Toolbox for the Construction and Analysis of Distributed Processes , 2007, CAV.

[6]  Yang Liu,et al.  TrustFound: Towards a Formal Foundation for Model Checking Trusted Computing Platforms , 2014, FM.

[7]  Jean-Raymond Abrial,et al.  Faultless Systems: Yes We Can! , 2009, Computer.

[8]  Shinji Kikuchi,et al.  Performance Modeling of Concurrent Live Migration Operations in Cloud Computing Systems Using PRISM Probabilistic Model Checker , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[9]  Martín Abadi,et al.  Automated verification of selected equivalences for security protocols , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).

[10]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[11]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, Journal of Cryptology.

[12]  Amjad Gawanmeh Automatic Verification of Security Policies in Firewalls with Dynamic Rule Sequence , 2014, 2014 11th International Conference on Information Technology: New Generations.

[13]  Jinjun Chen,et al.  A Big Picture of Integrity Verification of Big Data in Cloud Computing , 2015, Handbook on Data Centers.

[14]  Andrzej M. Goscinski,et al.  Selected Approaches and Frameworks to Carry out Genomic Data Analysis on the Cloud , 2015, Scalable Comput. Pract. Exp..

[15]  Jonathan P. Bowen,et al.  Formal Methods: State of the Art and New Directions , 2009 .

[16]  Sofiène Tahar,et al.  Real time verification of firewalls with dynamic rulebase update , 2014, 2014 IEEE 27th Canadian Conference on Electrical and Computer Engineering (CCECE).

[17]  Azer Bestavros,et al.  Formal Verification of SLA Transformations , 2011, 2011 IEEE World Congress on Services.

[18]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[19]  Christel Baier,et al.  Principles of model checking , 2008 .

[20]  Ina Schieferdecker,et al.  Applying Model Checking to Generate Model-Based Integration Tests from Choreography Models , 2009, TestCom/FATES.

[21]  Linpeng Huang,et al.  A Formal Model for Resource Protections in Web Service Applications , 2012, 2012 International Conference on Cloud and Service Computing.

[22]  Marta Z. Kwiatkowska,et al.  PRISM: Probabilistic Symbolic Model Checker , 2002, Computer Performance Evaluation / TOOLS.

[23]  Sebastian Wieczorek,et al.  A domain-specific language for consistent enterprise service integration , 2012 .

[24]  Elena Troubitsyna,et al.  Formal Modelling of Resilient Data Storage in Cloud , 2013, ICFEM.

[25]  Thomas Kropf,et al.  Introduction to Formal Hardware Verification , 1999, Springer Berlin Heidelberg.

[26]  Radu Mateescu,et al.  CADP 2011: a toolbox for the construction and analysis of distributed processes , 2012, International Journal on Software Tools for Technology Transfer.

[27]  Sofiène Tahar,et al.  Predicting Scheduling Failures in the Cloud , 2015, ArXiv.

[28]  Harry Foster,et al.  Assertion-Based Verification , 2018, EDA for IC System Design, Verification, and Testing.

[29]  Santosh K. Shrivastava,et al.  A high-level model-checking tool for verifying service agreements , 2011, Proceedings of 2011 IEEE 6th International Symposium on Service Oriented System (SOSE).

[30]  Ying Zhang,et al.  Cloud calculus: Security verification in elastic cloud computing platform , 2012, 2012 International Conference on Collaboration Technologies and Systems (CTS).

[31]  Michael Witt,et al.  Extending XNAT towards a Cloud-Based Quality Assessment Platform for Retinal Optical Coherence Tomographies , 2014, 2014 14th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing.

[32]  Jun Sun,et al.  Towards Formal Modeling and Verification of Cloud Architectures: A Case Study on Hadoop , 2013, 2013 IEEE Ninth World Congress on Services.

[33]  Samee Ullah Khan,et al.  Modeling and Analysis of State-of-the-art VM-based Cloud Management Platforms , 2013, IEEE Transactions on Cloud Computing.

[34]  Bin Li,et al.  Application-Oriented Remote Verification Trust Model in Cloud Computing , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[35]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[36]  M. Gordon,et al.  Introduction to HOL: a theorem proving environment for higher order logic , 1993 .

[37]  Nancy A. Lynch,et al.  Brewer's conjecture and the feasibility of consistent, available, partition-tolerant web services , 2002, SIGA.

[38]  Andrew P. Martin,et al.  TMR: Towards a Trusted MapReduce Infrastructure , 2012, 2012 IEEE Eighth World Congress on Services.

[39]  Murat Kantarcioglu,et al.  Towards the Design and Implementation of a Cloud-centric Assured Information Sharing System , 2011 .

[40]  Inderveer Chana,et al.  Consistency verification and quality assurance (CVQA) traceability framework for SaaS , 2013, 2013 3rd IEEE International Advance Computing Conference (IACC).

[41]  Karthikeyan Bhargavan,et al.  Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage , 2013, POST.

[42]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[43]  Seif Haridi,et al.  CATS: Linearizability and Partition Tolerance in Scalable and Self-Organizing Key-Value Stores , 2012 .

[44]  Paul Watson,et al.  Formalising Workflows Partitioning over Federated Clouds: Multi-level Security and Costs , 2012, 2012 IEEE Eighth World Congress on Services.

[45]  Frédéric Loulergue,et al.  A Case Study on Formal Verification of the Anaxagoros Hypervisor Paging System with Frama-C , 2015, FMICS.

[46]  Rose F. Gamble,et al.  A Design and Verification Framework for Service Composition in the Cloud , 2013, 2013 IEEE Ninth World Congress on Services.

[47]  Sofiène Tahar,et al.  Modeling and verification of firewall configurations using domain restriction method , 2011, 2011 International Conference for Internet Technology and Secured Transactions.

[48]  Sofiène Tahar,et al.  Formal Reliability Analysis Using Theorem Proving , 2010, IEEE Transactions on Computers.

[49]  Shigeru Kusakabe Large Volume Testing for Executable Formal Specification Using Hadoop , 2011, 2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum.

[50]  Yves Bertot,et al.  Interactive Theorem Proving and Program Development: Coq'Art The Calculus of Inductive Constructions , 2010 .

[51]  J. S. Moore,et al.  ACL2: an industrial strength version of Nqthm , 1996, Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96.

[52]  Ioannis Konstantinou,et al.  Cloud elasticity using probabilistic model checking , 2014, ArXiv.

[53]  Michael J. Butler,et al.  ProB: A Model Checker for B , 2003, FME.

[54]  Thomas Groß,et al.  A Virtualization Assurance Language for Isolation and Deployment , 2011, 2011 IEEE International Symposium on Policies for Distributed Systems and Networks.

[55]  Sofiène Tahar,et al.  Novel algorithm for detecting conflicts in firewall rules , 2012, 2012 25th IEEE Canadian Conference on Electrical and Computer Engineering (CCECE).

[56]  Ying Zhang,et al.  Formal Verification of Security Preservation for Migrating Virtual Machines in the Cloud , 2012, SSS.

[57]  Jun Sun,et al.  vTRUST: A Formal Modeling and Verification Framework for Virtualization Systems , 2013, ICFEM.

[58]  Jianhua Li,et al.  A Web Services Composition Model and Its Verification Algorithm Based on Interface Automata , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[59]  Bu-Sung Lee,et al.  A Systematic Framework Enabling Automatic Conflict Detection and Explanation in Cloud Service Selection for Enterprises , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[60]  Samson W. Tu,et al.  Protégé-2000: An Open-Source Ontology-Development and Knowledge-Acquisition Environment: AMIA 2003 Open Source Expo , 2003, AMIA.

[61]  Fabienne Boyer,et al.  Verification of a self-configuration protocol for distributed applications in the cloud , 2012, SAC '12.

[62]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[63]  Melnned M. Kantardzic Big Data Analytics , 2013, Lecture Notes in Computer Science.

[64]  Matteo Camilli Petri nets state space analysis in the cloud , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[65]  Nils Gruschka,et al.  Vulnerable Cloud: SOAP Message Security Validation Revisited , 2009, 2009 IEEE International Conference on Web Services.

[66]  Umair Siddique,et al.  On the Formalization of Zsyntax with Applications in Molecular Biology , 2015, Scalable Comput. Pract. Exp..

[67]  Toshiaki Aoki,et al.  Evaluation of Operational Vulnerability in Cloud Service Management Using Model Checking , 2013, 2013 IEEE Seventh International Symposium on Service-Oriented System Engineering.

[68]  Kun-Lung Wu,et al.  IBM Streams Processing Language: Analyzing Big Data in motion , 2013, IBM J. Res. Dev..

[69]  Pallavi Joshi,et al.  SAMC: Semantic-Aware Model Checking for Fast Discovery of Deep Bugs in Cloud Systems , 2014, OSDI.

[70]  Yan Wang,et al.  A Formal Service Contract Model for Accountable SaaS and Cloud Services , 2010, 2010 IEEE International Conference on Services Computing.

[71]  Koen Claessen,et al.  QuickCheck: a lightweight tool for random testing of Haskell programs , 2000, ICFP.