2021
DOI: 10.1109/tse.2019.2954871
|View full text |Cite
|
Sign up to set email alerts
|

A Chaos Engineering System for Live Analysis and Falsification of Exception-Handling in the JVM

Abstract: Software systems contain resilience code to handle those failures and unexpected events happening in production. It is essential for developers to understand and assess the resilience of their systems. Chaos engineering is a technology that aims at assessing resilience and uncovering weaknesses by actively injecting perturbations in production. In this paper, we propose a novel design and implementation of a chaos engineering system in Java called CHAOSMACHINE. It provides a unique and actionable analysis on e… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
18
0

Year Published

2022
2022
2024
2024

Publication Types

Select...
4
1
1

Relationship

0
6

Authors

Journals

citations
Cited by 23 publications
(18 citation statements)
references
References 33 publications
0
18
0
Order By: Relevance
“…terraform apply. Furthermore, this feature internally uses GraphViz 10 and Dot 11 , which are popularly used for graph visualization and expression language respectively. Attack graphs can also be constructed for cloud infrastructure orchestrated using other tools by discovering the infrastructure Terraform resource discovery feature 12 .…”
Section: ) Attack Graphsmentioning
confidence: 99%
See 1 more Smart Citation
“…terraform apply. Furthermore, this feature internally uses GraphViz 10 and Dot 11 , which are popularly used for graph visualization and expression language respectively. Attack graphs can also be constructed for cloud infrastructure orchestrated using other tools by discovering the infrastructure Terraform resource discovery feature 12 .…”
Section: ) Attack Graphsmentioning
confidence: 99%
“…Our fault injection strategies leverage the API connecting cloud customers and cloud services and focus on security faults. Zhang et'al [10] proposed ChaosMachine, a system for live analysis and falsification of exceptionhandling in the JVM. ChaosMachine employs bytecode instrumentation and remote control of fine-grained fault injection to detect resilience weaknesses in try-catch-exemption handling.…”
Section: Related Workmentioning
confidence: 99%
“…The Cloud Storage Enumeration Attack is comparable to brute force password guessing attacks e.g. CVE-2012-3137 9 .…”
Section: B Security Risk Metricsmentioning
confidence: 99%
“…Essentially, our failure scope encapsulates the impact of security failures against cloud assets. We based our 8 this is a vector string representation of all computed metrics for a vulnerability 9 https://nvd.nist.gov/vuln/detail/CVE-2012-3137 selectRandomBucket ← getCloudBuckets() select a random bucket from the set of enumerated buckets 4: disableBucketLogging() stop all logging activities against the bucket 5: end procedure fault models on the CSA cloud penetration test playbook [22], which categorizes public IaaS into three domains for security testing: (1) application, data, business logic, (2) cloud service and (3) cloud account. However, we focus on the latter two domains: cloud account security and cloud service security which directly map to the cloud IAM and cloud storage respectively.…”
Section: Fault Modelsmentioning
confidence: 99%
See 1 more Smart Citation