Threatening the Cloud: Securing Services and Data by Continuous, Model-Driven Negative Security Testing

Today’s increasing trend towards outsourcing IT landscapes and business processes into the Cloud is a double-edged sword. On the one side, companies can save time and money; however, on the other side, moving possible sensitive data and business processes into the Cloud demands for a high degree of information security. In the course of this chapter, the authors give an overview of a Cloud’s various vulnerabilities, how to address them properly, and last but not least, a model-driven approach to evaluate the state of security of a Cloud environment by means of negative testing. Besides, the authors incorporate the idea of living models to allow tracking and incorporating of changes in the Cloud environment and react properly and, more important, in time on evolving security requirements throughout the complete Cloud Life Cycle.

[1]  Henda Hajjami Ben Ghézala,et al.  Meta-Modeling Based Secure Software Development Processes , 2014, Int. J. Secur. Softw. Eng..

[2]  Wei-Tek Tsai,et al.  Testing as a Service over Cloud , 2010, 2010 Fifth IEEE International Symposium on Service Oriented System Engineering.

[3]  Pierre F. Tiako,et al.  Software Applications: Concepts, Methodologies, Tools, and Applications , 2009 .

[4]  Ruth Breu,et al.  Security engineering for service-oriented architectures , 2008 .

[5]  Corrado Petrucco,et al.  Social Software and Language Acquisition , 2009 .

[6]  Barton P. Miller,et al.  An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.

[7]  Ousmane Amadou Dia,et al.  A Practical Framework for Policy Composition and Conflict Resolution , 2012, Int. J. Secur. Softw. Eng..

[8]  Ahmad R. Sarfaraz,et al.  Analysis of Risk and Reliability in Project Delivery Methods , 2013, Int. J. Strateg. Decis. Sci..

[9]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[10]  Donn Seeley,et al.  A Tour of the Worm , 1988 .

[11]  A. Jefferson Offutt,et al.  Introduction to Software Testing , 2008 .

[12]  Elizabeth Chang,et al.  Variant Logic for Model Driven Applications , 2014 .

[13]  Gary McGraw,et al.  Risk Analysis in Software Design , 2004, IEEE Secur. Priv..

[14]  Jared D. DeMott,et al.  Fuzzing for Software Security Testing and Quality Assurance , 2008 .

[15]  Rick Mugridge,et al.  Fit for Developing Software: Framework for Integrated Tests (Robert C. Martin) , 2005 .

[16]  Dapeng Liu,et al.  An Empirical Study on Novice Programmer's Behaviors with Analysis of Keystrokes , 2013, Int. J. Softw. Innov..

[17]  Henrique Santos,et al.  Issues about the Adoption of Formal Methods for Dependable Composition of Web Services , 2013 .

[18]  Karen Lowrie,et al.  The Challenges of Obtaining Credible Data for Transportation Security Modeling , 2014 .

[19]  Ina Schieferdecker,et al.  From U2TP Models to Executable Tests with TTCN-3 - An Approach to Model Driven Testing , 2005, TestCom.

[20]  Manfred Broy,et al.  Model-Based Testing of Reactive Systems, Advanced Lectures [The volume is the outcome of a research seminar that was held in Schloss Dagstuhl in January 2004] , 2005, Model-Based Testing of Reactive Systems.

[21]  Alexander. Koutamanis,et al.  Computer-Mediated Briefing for Architects , 2013 .

[22]  Ruth Breu,et al.  Security Testing by Telling TestStories , 2010, Modellierung.

[23]  Phil McMinn,et al.  Search‐based software test data generation: a survey , 2004, Softw. Test. Verification Reliab..

[24]  Juan Manuel Cueva Lovelle,et al.  Advances and Applications in Model-Driven Engineering , 2013 .

[25]  Goh Bee Hua Implementing IT Business Strategy in the Construction Industry , 2013 .

[26]  Manuel Oriol,et al.  YETI on the Cloud , 2010, 2010 Third International Conference on Software Testing, Verification, and Validation Workshops.

[27]  Ruth Breu,et al.  Living on the MoVE: Towards an Architecture for a Living Models Infrastructure , 2010, 2010 Fifth International Conference on Software Engineering Advances.

[28]  Franco Caron,et al.  Managing Information for a Risk Based Approach to Stakeholder Management , 2014, Int. J. Inf. Technol. Proj. Manag..

[29]  Pedro Arias-Sánchez,et al.  Laser Scanning for the Evaluation of Historic Structures , 2015 .

[30]  Elfriede Dustin,et al.  The Art of Software Security Testing: Identifying Software Security Flaws , 2006 .

[31]  Jean Hartmann,et al.  A UML-based approach to system testing , 2005, Innovations in Systems and Software Engineering.

[32]  Alfred Strauss,et al.  Lifecycle Assessment of Structures and Probabilistic Performance Approaches , 2015 .

[33]  Yves Le Traon,et al.  Testing Security Policies: Going Beyond Functional Testing , 2007, The 18th IEEE International Symposium on Software Reliability (ISSRE '07).

[34]  Panagiotis G. Asteris,et al.  Handbook of Research on Seismic Assessment and Rehabilitation of Historic Structures , 2015 .

[35]  Gary McGraw,et al.  Software Security Testing , 2004, IEEE Secur. Priv..

[36]  Kira Kastell,et al.  Communication Networks to Connect Moving Vehicles to Transportation Systems to Infrastructure , 2013 .

[37]  Eric-Oluf Svee,et al.  Capturing Consumer Preference in System Requirements Through Business Strategy , 2013, Int. J. Inf. Syst. Model. Des..

[38]  Jonas Helming,et al.  Managing iterations with UNICASE , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[39]  Ronald L. Krutz,et al.  Cloud Security: A Comprehensive Guide to Secure Cloud Computing , 2010 .

[40]  Ossi Taipale,et al.  Research Issues for Software Testing in the Cloud , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[41]  Sonja Koščak Kolin,et al.  Risk analysis in the process of hydraulic fracturing , 2014 .

[42]  Yuk Kuen Wong,et al.  Modern Software Review: Techniques and Technologies , 2006 .

[43]  Ruth Breu,et al.  Towards Adaptive Test Code Generation for Service Oriented Systems , 2009, 2009 Ninth International Conference on Quality Software.

[44]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[45]  Constantine C. Spyrakos,et al.  Performance of a Post-Byzantine Triple-Domed Basilica under Near and Far Fault Seismic Loads: Analysis and Intervention , 2015 .

[46]  Ruth Breu Ten Principles for Living Models - A Manifesto of Change-Driven Software Engineering , 2010, 2010 International Conference on Complex, Intelligent and Software Intensive Systems.

[47]  Volker Gruhn,et al.  Model-Driven Software Development , 2005 .

[48]  Tao Xie,et al.  Defining and Measuring Policy Coverage in Testing Access Control Policies , 2006, ICICS.

[49]  Mary Shaw,et al.  Software Engineering Body of Knowledge (SWEBOK) , 2001, ICSE.

[50]  Robert V. Binder,et al.  Testing Object-Oriented Systems: Models, Patterns, and Tools , 1999 .

[51]  Maura Adana Van Der Linden Testing Code Security , 2007 .

[52]  Tariq M. King,et al.  Migrating Autonomic Self-Testing to the Cloud , 2010, 2010 Third International Conference on Software Testing, Verification, and Validation Workshops.

[53]  Jens Grabowski,et al.  On the Standardization of a Testing Framework for Application Deployment on Grid and Cloud Infrastructures , 2010, 2010 Second International Conference on Advances in System Testing and Validation Lifecycle.

[54]  Julio Flórez-López,et al.  Fracture and Damage Mechanics for Structural Engineering of Frames: State-of-the-Art Industrial Applications , 2014 .