Junzan Zhou,Bo Zhou,Shanping Li

DOI: https://doi.org/10.1109/COMPSACW.2014.108

2014-01-01

Abstract:Recently, cloud computing has become popular for its unique advantages. Many applications have been migrated to cloud as web services. However, evaluating the performance of cloud services is non-trivial. Performance testing is one of the dominant techniques for evaluating system performance. In this paper, we present a model and template-based approach that automatically generates test scripts and test cases to measure service performance in an enterprise private cloud. We describe how load is generated automatically from our tool. Our empirical study shows the proposed approach can significantly decrease the cost of performance testing and help reveal potential performance issues.

Wenjuan Li,Lingdi Ping,Xuezeng Pan

DOI: https://doi.org/10.1109/iceie.2010.5559829

2010-01-01

Abstract:Security and interoperability is the biggest challenge to promote cloud computing currently. Trust has proved to be one of the most important and effective alternative means to construct security in distributed systems. In order to efficiently and safely construct entities' trust relationship in cloud and cross-clouds environment, this paper proposed a novel cloud trust model and a new cloud security framework. The propose trust model is domain-based. It divides one cloud provider's resource nodes into the same trust domain. It designs different trust strategies for different roles. Trust recommendation is treated as one type of cloud services just like computation or storage. Based on the proposed trust model, it introduced a novel cloud security framework with an independent trust management module. Using the proposed security model, it introduced some trust-based security mechanisms. Results of simulation experiments show that the proposed security model can achieve high transaction success rate with high trust accuracy.

Honghao Lv,Jing Yan,Jialin Zhang,Zhibo Pang,Geng Yang,Alf J. Isaksson

DOI: https://doi.org/10.1109/mie.2024.3407051

IF: 8.36

2024-01-01

IEEE Industrial Electronics Magazine

Abstract:The emergence of virtualized computing and converged networks has the potential to revolutionize industrial automation systems, offering unprecedented levels of flexibility and scalability that were previously unattainable with traditional infrastructure. Therefore, cloud-fog automation (CFA) platforms are becoming key players not only in coordinating the production task management in upper-layer applications but also in handling real-time control and monitoring by the edge devices. In this article, we discuss how cloud/fog-based virtualization and converged communication networks can allow for flexible deployment of automation use cases and evaluate the impacts introduced by the less deterministic infrastructure from the perspective of control. Four representative use cases are studied using our in-house developed CFA platform to demonstrate the smart coordination of automation in a variety of real-life prototypes. Moreover, the capabilities of the commercial off-the-shelf virtualized computing and converged networks are characterized, which confirms the CFA platform as an essential part of the future industrial infrastructure for hosting heterogenous control applications is not a “daydream”.

Weiwei Wang,Xiaosong Zhang,Ting Chen,XueYang Wu,Xiaoshan Li

DOI: https://doi.org/10.1007/978-3-642-25541-0_99

2011-01-01

Abstract:Cloud computing is profound changing the whole IT industry, and lead traditional software testing to a new direction. In this paper, aiming at the existing framework of cloud computing, we analyze the advantages and disadvantages of existing methods of software testing, then designs a cloud computing based software Testing framework, and have implemented a prototype. The experiments prove that the efficiency of the cloud computing based software testing is greatly improved. © 2011 Springer-Verlag.

Ameen Alkasem,Hongwei Liu,Decheng Zuo

DOI: https://doi.org/10.1007/978-3-030-05057-3_33

2018-01-01

Abstract:This work addresses performance testing for monitoring mass quantities of large-dataset measurements in infrastructure-as-a-Service (IaaS). Physical resources are not virtualized in sharing dynamic clouds; thus, shared resources compete for access to system resources. This competition introduces significant new challenges when assessing the performance of IaaS. A bottleneck may occur if one system resource is critical to IaaS; this may shut down the system and services, which would reduce the workflow performance by a large margin. To protect against bottlenecks, we propose CloudPT, a performance test management framework for IaaS. CloudPT has many advantages: (I) high-efficiency detection; (II) a unified end-to-end feedback loop to collaborate with cloud-ecosystems management; and (III) a troubleshooting performance test. This paper shows that CloudPT efficiently identifies and detects bottlenecks with a minimal false-positive rate (u003c13%) and it correlates high accuracy using the failure of a host virtual machine (host VM) to start-up with both cloud illustrative batches and transactional workloads such as the Spark, and Kafka framework for a data partitioning and collecting events on an each server. In a framework based on a trace case study, CloudPT diagnosed performance bottlenecks in 20 s with a precision rate of 86%, confirming its real-time efficiency.

Victor Chang,Yen-Hung Kuo,Muthu Ramachandran

DOI: https://doi.org/10.1016/j.future.2015.09.031

IF: 7.307

2016-04-01

Future Generation Computer Systems

Abstract:This article presents a cloud computing adoption framework (CCAF) security suitable for business clouds. CCAF multilayered security is based on the development and integration of three major security technologies: firewall, identity management, and encryption based on the development of enterprise file sync and share technologies. This article presents the vision, related works, and views on security framework. Core technologies have been explained in detail, and experiments were designed to demonstrate the robustness of the CCAF multilayered security. In penetration testing, CCAF multilayered security could detect and block 99.95% viruses and trojans, and could achieve ≥85% of blocking for 100 h of continuous attack. Detection and blocking took <0.012s/trojan or virus. A full CCAF multilayered security protection could block all SQL (structured query language) injection, providing real protection to data. CCAF multilayered security did not report any false alarm. All F-measures for CCAF test results were ≥99.75%. The mechanism of blending of CCAF multilayered security with policy, real services, and business activities has been illustrated. Research contributions have been justified and CCAF multilayered security can be beneficial for volume, velocity, and veracity of big data services operated in the cloud.

Hootan Alavizadeh,Hooman Alavizadeh,Dong Seong Kim,Julian Jang-Jaccard,Masood Niazi Torshiz

DOI: https://doi.org/10.48550/arXiv.1904.01758

2019-04-03

Abstract:Cloud service providers offer their customers with on-demand and cost-effective services, scalable computing, and network infrastructures. Enterprises migrate their services to the cloud to utilize the benefit of cloud computing such as eliminating the capital expense of their computing need. There are security vulnerabilities and threats in the cloud. Many researches have been proposed to analyze the cloud security using Graphical Security Models (GSMs) and security metrics. In addition, it has been widely researched in finding appropriate defensive strategies for the security of the cloud. Moving Target Defense (MTD) techniques can utilize the cloud elasticity features to change the attack surface and confuse attackers. Most of the previous work incorporating MTDs into the GSMs are theoretical and the performance was evaluated based on the simulation. In this paper, we realized the previous framework and designed, implemented and tested a cloud security assessment tool in a real cloud platform named UniteCloud. Our security solution can (1) monitor cloud computing in real-time, (2) automate the security modeling and analysis and visualize the GSMs using a Graphical User Interface via a web application, and (3) deploy three MTD techniques including Diversity, Redundancy, and Shuffle on the real cloud infrastructure. We analyzed the automation process using the APIs and showed the practicality and feasibility of automation of deploying all the three MTD techniques on the UniteCloud.

Cryptography and Security

Xiaoying Bai,Muyang Li,Bin Chen,Wei-Tek Tsai,Jerry Gao

DOI: https://doi.org/10.1109/SOSE.2011.6139087

2011-01-01

Abstract:Cloud platform provides an infrastructure for resource sharing, software hosting and service delivering in a pay-per-use approach. To test the cloud-based software systems, techniques and tools are necessary to address unique quality concerns of the cloud infrastructure such as massive scalability and dynamic configuration. The tools can also be built on the cloud platform to benefit from virtualized platform and services, massive resources, and parallelized execution. The paper makes a survey of representative approaches and typical tools for cloud testing. It identifies the needs for cloud testing tools including multi-layer testing, SLA-based testing, large scale simulation, and on-demand test environment. To address the needs, it investigates the new architecture and techniques for designing testing tools for the cloud and in the cloud. Tool implementations are surveyed considering different approaches including migrated conventional tools, research tools, commercial tools and facilities like benchmark and testbed. Based on the analysis of state-of-the-art practices, the paper further investigates future trend of testing tool research and development from both capability and usability perspectives.

Lian Yu,Wei-Tek Tsai,Xiangji Chen,Linqing Liu,Yan Zhao,Liangjie Tang,Wei Zhao

DOI: https://doi.org/10.1109/sose.2010.36

2010-01-01

Abstract:Testing-as-a-service (TaaS) is a new model to provide testing capabilities to end users. Users save the cost of complicated maintenance and upgrade effort, and service providers can upgrade their services without impact on the end-users. Due to uneven volumes of concurrent requests, it is important to address the elasticity of TaaS platform in a cloud environment. Scheduling and dispatching algorithms are developed to improve the utilization of computing resources. We develop a prototype of TaaS over cloud, and evaluate the scalability of the platform by increasing the test task load, analyze the distribution of computing time on test task scheduling and test task processing over the cloud, and examine the performance of proposed algorithms by comparing others.

Chiem Trieu Phong,Wei Qi Yan

DOI: https://doi.org/10.4018/ijdcf.2014100104

2014-01-01

International Journal of Digital Crime and Forensics

Abstract:Penetration testing is an effort to attack a system using similar techniques and tools adopted by real hackers. The ultimate goal of penetration testing is to call to light as many existing vulnerabilities as possible, then come up with practical solutions to remediate the problems; thus, enhance the system security as a whole. The paper introduces concepts and definitions related to penetration testing, together with different models and methodologies to conduct a penetration test. A wide range of penetration testing state-of-the-art, as well as related tools (both commercial and free open source available on the market) are also presented in relatively rich details.

Junyi Wang,Xiaoying Bai,Linyi Li,Zhicheng Ji,Haoran Ma

DOI: https://doi.org/10.1109/compsac.2017.24

2017-01-01

Abstract:Following the Service-Oriented Architecture, a large number of diversified Cloud services are exposed as Web APIs (Application Program Interface), which serve as the contracts between the service providers and service consumers. Due to their massive and broad applications, any flaw in the cloud APIs may lead to serious consequences. API testing is thus necessary to ensure the availability, reliability, and stability of cloud services. The research proposes a model-based approach to automating API testing. The semi-structured API specifications, like XML/HTML specifications, are gathered from the Web sites using web crawlers, and translated into YAML-encoded standard representations. A scenario editor is designed to specify the dependencies among API operations. Test generators are built to derive test scripts from the specifications and scenarios, including test data, test cases for individual operations as well as operations sequences. Various algorithms can be used for test generation, such as combinatorial data generation, heuristic graph search, and optimization algorithms. The produced test scripts, together with a load model, can be deployed on Cloud and scheduled for execution. A prototype system, called ATCloud, was constructed to illustrate the process of API understanding, test scenario modeling using directed diagraph annotated with transfer probabilities between operations, cloud-based test resources management, distributed workload simulation, and performance monitoring.

heng liu,zhao wang,zhong chen,hongbing wang,qi jing

2011-01-01

Abstract:With the development of distributed environments such as WSN and IoT, the evaluation of security state of them has become a key issue. As a visualized method of network penetration test, the attack tree has played an important role in network security evaluation. In an attack tree, nodes represent security states of nodes in the network, while edges represent conditions or tools that cause state transfers. However, traditional attack tree-based penetration test has several disadvantages, such as inefficient tool management. This paper proposes FATPET, a novel penetration test framework which is based on attack trees in distributed environment. In FATPET, we first improve traditional attack tree language, then describe the design rationale of FATPET, and finally we propose the improvement to attack tool management. The case-study indicates that distributed attack trees are helpful and effective in penetration tests in distributed environment.

Victor Chang,Muthu Ramachandran

DOI: https://doi.org/10.1109/tsc.2015.2491281

IF: 11.019

2016-01-01

IEEE Transactions on Services Computing

Abstract:Offering real-time data security for petabytes of data is important for cloud computing. A recent survey on cloud security states that the security of users' data has the highest priority as well as concern. We believe this can only be able to achieve with an approach that is systematic, adoptable and well-structured. Therefore, this paper has developed a framework known as Cloud Computing Adoption Framework (CCAF) which has been customized for securing cloud data. This paper explains the overview, rationale and components in the CCAF to protect data security. CCAF is illustrated by the system design based on the requirements and the implementation demonstrated by the CCAF multi-layered security. Since our Data Center has 10 petabytes of data, there is a huge task to provide real-time protection and quarantine. We use Business Process Modeling Notation (BPMN) to simulate how data is in use. The use of BPMN simulation allows us to evaluate the chosen security performances before actual implementation. Results show that the time to take control of security breach can take between 50 and 125 hours. This means that additional security is required to ensure all data is well-protected in the crucial 125 hours. This paper has also demonstrated that CCAF multi-layered security can protect data in real-time and it has three layers of security: 1) firewall and access control; 2) identity management and intrusion prevention and 3) convergent encryption. To validate CCAF, this paper has undertaken two sets of ethical-hacking experiments involved with penetration testing with 10,000 trojans and viruses. The CCAF multi-layered security can block 9,919 viruses and trojans which can be destroyed in seconds and the remaining ones can be quarantined or isolated. The experiments show although the percentage of blocking can decrease for continuous injection of viruses and trojans, 97.43 percent of them can be quarantined. Our CCAF multi-layered security has an average of 20 percent better performance than the single-layered approach which could only block 7,438 viruses and trojans. CCAF can be more effective when combined with BPMN simulation to evaluate security process and penetrating testing results.

computer science, information systems, software engineering

Na Wu,Decheng Zuo,Zhan Zhang

DOI: https://doi.org/10.1145/3290420.3290476

2018-01-01

Abstract:A growing number of enterprises are beginning to adopt the microservice architecture to build their applications in clouds. The microservice architecture breakdowns the traditional development pattern of monolithic applications. The heterogeneity of the development technologies and the accelerated service component lifecycle provide both opportunity and challenge for building high-availability microservice-based applications. Because failures are inevitable in dynamic and complex cloud environments, it is necessary to test the fault tolerant capability of applications. To this end, we propose an extensible fault tolerance testing framework for microservice-based cloud applications based on the non-intrusive fault injection. Users can customize and execute test cases with the proposed framework to verify the manner and performance of the fault tolerance of the target service. We take a use case to show the fault tolerance testing process of the framework.

Jian Yang,Huanguo Zhang,Jianming Fu,Fan Yang

DOI: https://doi.org/10.1109/icciautom.2011.6184020

2013-01-01

Abstract:In essence, fuzzing is a kind of penetration testing by injecting fault to simulate the attacks. However, current fuzzings do not simulate the attacks in a real sense. They pay more attention to the injection of malformed semi-valid data at a single input point. Nevertheless, an attack is usually a set of cooperative aggressive behaviors at multi input points. In this paper, we present PCFuzzing, a penetration combinatorial fuzzing framework for the software in host environment by simulating attack trace at multi input points. Based on the attack attributes plug-in gained by means of static analysis in advance, PCFuzzing uses dynamic taint tracing to automatically find the input vector that influence values used at key program attack points (points where the program may contain an error), uses symbolic execution and constraint solving to identify the constraint boundary of every input in input vector and constraint relationship of the inputs in input vector, uses combinatorial testing strategies to generate and combine the malformed test case vector, and then injects the combinatorial test case vector to find security vulnerabilities in programs according to the attack strategies in the attack attributes plug-in. Our experimental results indicate that our PCFuzzing can not only effectively expose errors located deep within large applications, but also can avoid the combination explosion to a certain extent because taint tracer in framework uses dynamic taint tracing to reduce the number of inputs involved in the combination and constraint collector in framework uses symbolic execution and constraint solving to narrow the value ranges of input data.

Nicholas Springer,Wu-chang Feng

DOI: https://doi.org/10.48550/arXiv.2107.12566

2021-07-27

Abstract:Organizations have rapidly shifted infrastructure and applications over to public cloud computing services such as AWS (Amazon Web Services), Google Cloud Platform, and Azure. Unfortunately, such services have security models that are substantially different and more complex than traditional enterprise security models. As a result, misconfiguration errors in cloud deployments have led to dozens of well-publicized breaches. This paper describes Thunder CTF, a scaffolded, scenario-based CTF (Capture-the-Flag) for helping students learn about and practice cloud security skills. Thunder CTF is easily deployed at minimal cost and is highly extensible to allow for crowd-sourced development of new levels as security issues evolve in the cloud.

Cryptography and Security

Alim Ul Gias,Rayhanur Rahman,Asif Imran,Kazi Sakib

DOI: https://doi.org/10.48550/arXiv.1407.5610

2014-07-22

Abstract:Performance Testing is critical for applications like web services and e-commerce platforms to ensure enhanced end user experience. In such cases, starting to test the system's performance early should significantly reduce the overall development cost. Test-first Performance (TFP) is one such paradigm that allows performance testing right from the early stage of development. Given such potential benefit, this paper proposes the design of a testing framework IVRIDIO which introduces TFP as a Service (TFPaaS). IVRIDIO incorporates the Plugin for TFP in the Cloud (PTFPC) aiming to provide instant feedbacks - a prime requirement of TFP to immediately fix critical performance issues. Furthermore, the Convention over Configuration (CoC) design paradigm has been applied by introducing a configurable project template to maintain TFP test cases. The prototyping details of the framework are given and the variation of response time to the inclusion of PTFPC has also been discussed. The Summated Usability Metric (SUM) score has been provided so that it can later be used for comparing the PTFPC plugin's usability.

Software Engineering

Jerry Gao,Xiaoying Bai,Wei-Tek Tsai

2011-01-01

Abstract:Cloud computing not only changes the way of obtaining computing resources (such as computers, infrastructures, data storage, and application services), but also changes the way of managing and delivering computing services, technologies, and solutions. Cloud computing leads an opportunity in offering testing as a service (TaaS) for SaaS and clouds. Meanwhile, it causes new issues, challenges and needs in software testing, particular in testing clouds and cloud-based applications. This paper provides a comprehensive tutorial on cloud testing and cloud-based application testing. It answers the common questions raised by engineers and managers, and it provides clear concepts, discusses the special objectives, features, requirements, and needs in cloud testing. It offers a clear comparative view between web-based software testing and cloud-based application testing. In addition, it examines the major issues, challenges, and needs in testing cloud-based software applications. Furthermore, it also summarizes and compares different commercial products and solutions supporting cloud testing as services.

Junyi Wang,Xiaoying Bai,Haoran Ma,Linyi Li,Zhicheng Ji

DOI: https://doi.org/10.1109/ICSTW.2017.71

2017-01-01

Abstract:Following the Service-Oriented Architecture, Cloud services are exposed as Web APIs (Application Program Interface), which serve as the contracts between the service providers and service consumers. With increasing massive and broad applications of Cloud-based development, a large number of diversified APIs are emerging. Due to their wide impacts, any flaw in the cloud APIs may lead to serious consequences. API testing is thus necessary to ensure the availability, reliability, and stability of cloud services. The research proposed an approach to automating API testing following the model-driven architecture, so that services can be continuously fetched, analyzed and validated. A prototype system ATcloud was constructed to illustrate the process of API understanding, test scenario modeling using directed graph annotated with transfer probabilities between operations, cloud-based test resources management, distributed workload simulation, and performance monitoring.

Jing Chen,Chunxiao Wang,Fei Liu,Yinglong Wang

DOI: https://doi.org/10.1109/cbd.2017.23

2017-08-01

Abstract:In a traditional process of software testing, an user have to buy servers and test tools to set up various test environment artificially, which causes high-cost, long test time and difficult test implements with limited resource. Cloud computing integrates a large number of physical resources into a pool and realizes the virtualization of various resources based on virtualization techniques. Users can achieve various virtual resources on demand from cloud platform without any investment on infrastructures. This offers a new solution to the problems in traditional software testing. So this paper proposes a multi-layer model of a software online testing platform based on cloud computing and implements the test platform. This test platform that include IaaS and SaaS platforms, self-help service and operation maintenance portals realizes automatic creation of test environments, remote use of test tools and online test services. Users can get various test services on demand only logging in to this platform at anytime and anywhere, which has the advantage of low test cost and high efficiency. In addition, this platform is also tested in terms of resource provision time and load variation, which shows the ability of this platform to satisfy users' resource demands.