VULCAN: Vulnerability Assessment Framework for Cloud Computing

Kamongi, Patrick; Kotikela, Srujan; Kavi, Krishna M.; Gomathisankaran, Mahadevan; Singhal, Anoop

doi:10.1109/sere.2013.31

Cited by 31 publications

(21 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Security provided by various CSPs can be evaluated by different methods like security level agreements, generating knowledge bases to assess threats confronted by Cloud assets, or developing security service‐level agreements and individually analyzing the trust of different Cloud providers . These methods are able to identify the security threats and their countermeasures present on a CSP, but do not answer how relevant they will be to a particular client's application.…”

Section: Proposed Cloud Migration Frameworkmentioning

confidence: 99%

Analysis of a cloud migration framework for offline risk assessment of cloud service providers

Sen

Madria

2020

Softw Pract Exp

View full text Add to dashboard Cite

Generic notions of security on cloud platforms make clients apprehensive about fully migrating their applications on these platforms. The challenge lies in the capability of personalizing the security assessments of different cloud service providers from the perspective of the security requirements of the client applications to be hosted on them. This challenge was addressed by the previously proposed offline risk assessment framework for cloud service providers. This article presents a comprehensive analysis of a cloud migration framework that has been designed by adapting the novel security assessment principles of the offline risk assessment framework. The migration strategy has been modeled as a multiobjective optimization problem to further study the performance of numerous evolutionary algorithms in designing various cloud migration scenarios. The overall effectiveness of the proposed framework has been examined using a use-case application scenario and semisynthetic cloud service providers. K E Y W O R D Scloud migration, cloud security, genetic algorithm, multiobjective optimization, risk assessment, sensitivity analysis 1 998

show abstract

Section: Proposed Cloud Migration Frameworkmentioning

confidence: 99%

Analysis of a cloud migration framework for offline risk assessment of cloud service providers

Sen

Madria

2020

Softw Pract Exp

View full text Add to dashboard Cite

show abstract

“…Similarly, [62] presents a model built to conduct penetration testing of cloud computing system vulnerabilities, including the platform and infrastructure, and [87] presents a model for conducting penetration testing of desktop applications and targets the most common desktop application vulnerabilities. These findings show that each technology is unique, which requires the construction of a specific model to conduct penetration testing.…”

Section: Rq3: What Are Models Are Available For Penetration Testing and How Can We Classify Them?mentioning

confidence: 99%

Systematic Literature Review on Penetration Testing for Mobile Cloud Computing Applications

et al. 2019

View full text Add to dashboard Cite

Mobile cloud computing (MCC) enables mobile devices to exploit seamless cloud services via offloading, and has numerous advantages and increased security and complexity. Penetration testing of mobile applications has become more complex and expensive due to several parameters, such as the platform, device heterogeneity, context event types, and offloading. Numerous studies have been published in the MCC domain, whereas few studies have addressed the common issues and challenges of MCC testing. However, current studies do not address MCC and penetration testing. Therefore, revisiting MCC and penetration testing domains is essential to overcoming the inherent complexity and reducing costs. Motivated by the importance of revisiting these domains, this paper pursues two objectives: to provide a comprehensive systematic literature review (SLR) of the MCC, security and penetration testing domains and to establish the requirements for penetration testing of MCC applications. This paper has systematically reviewed previous penetration testing models and techniques based on the requirements in Kitchenham's SLR guidelines. The SLR outcome has indicated the following deficiencies: the offloading parameter is disregarded; studies that address mobile, cloud, and web vulnerabilities are lacking; and a MCC application penetration testing model has not been addressed by current studies. In particular, offloading and mobile state management are two new and vital requirements that have not been addressed to reveal hidden security vulnerabilities, facilitate mutual trust, and enable developers to build more secure MCC applications. Beneficial review results that can contribute to future research are presented.INDEX TERMS Mobile cloud computing, penetration testing, offloading, mobile testing, cloud testing.

show abstract

“…They ran a penetration test against the snapshot using a cluster of three different memory size Ubuntu VMs. An automated risk assessment framework (Nemesis) is presented in [38], involving vulnerability assessment by using their previous work [39]. To evaluate their approach, a cloud environment and its services are designed using OpenStack, applying the framework on 10 IT products.…”

Section: ) Mobile Testingmentioning

confidence: 99%

“…First they aim to determine the vulnerabilities of Ubuntu Server with the OpenStack node; second they aim to determine the vulnerabilities of cloud instances with different operating systems. A prototype framework for vulnerability assessment in cloud systems is presented in [39] and [41], with one example about developing an automated process for their proposed approach. Security validation as a service is presented in [42], with two hosts providing the proposed service to two midsize business processes, repeating the requests every 15 minutes for security validation.…”

Section: ) Mobile Testingmentioning

confidence: 99%

A Systematic Mapping Study of Empirical Studies on Software Cloud Testing Methods

Ahmad

Brereton

András

2017

2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C)

View full text Add to dashboard Cite

Abstract-Context: Software has become more complicated, dynamic, and asynchronous than ever, making testing more challenging. With the increasing interest in the development of cloud computing, and increasing demand for cloud-based services, it has become essential to systematically review the research in the area of software testing in the context of cloud environments. Objective: The purpose of this systematic mapping study is to provide an overview of the empirical research in the area of software cloud-based testing, in order to build a classification scheme. We investigate functional and non-functional testing methods, the application of these methods, and the purpose of testing using these methods. Method: We searched for electronically available papers in order to find relevant literature and to extract and analyze data about the methods used. Result: We identified 69 primary studies reported in 75 research papers published in academic journals, conferences, and edited books. Conclusion: We found that only a minority of the studies combine rigorous statistical analysis with quantitative results. The majority of the considered studies present early results, using a single experiment to evaluate their proposed solution.

show abstract

VULCAN: Vulnerability Assessment Framework for Cloud Computing

Cited by 31 publications

References 8 publications

Analysis of a cloud migration framework for offline risk assessment of cloud service providers

Analysis of a cloud migration framework for offline risk assessment of cloud service providers

Systematic Literature Review on Penetration Testing for Mobile Cloud Computing Applications

A Systematic Mapping Study of Empirical Studies on Software Cloud Testing Methods

Contact Info

Product

Resources

About