Please wait a minute...
Advanced Search
现代图书情报技术  2012, Vol. Issue (11): 22-33     https://doi.org/10.11925/infotech.1003-3513.2012.11.05
  专题 本期目录 | 过刊浏览 | 高级检索 |
公有云应用中测试的安全问题
Udhyan Timilsina1, Leah Riungu-Kalliosaari2, Ossi Taipale2, Kari Smolander2, 王伟军3
1. 莱博智科技有限公司 坦佩雷 33100;
2. 拉普兰塔理工大学软件工程实验室 拉普兰塔 53400;
3. 华中师范大学信息管理学院 武汉 430079
Security Issues on Testing of Public Cloud Applications
Udhyan Timilsina1, Leah Riungu-Kalliosaari2, Ossi Taipale2, Kari Smolander2, Wang Weijun3
1. Lionbridge Technologies Inc., Tampere 33100, Finland;
2. Software Engineering Laboratory, Lappeenranta University of Technology, Lappeenranta 53400, Finland;
3. School of Information Management, Central China Normal University, Wuhan 430079, China
全文: PDF (720 KB)   HTML  
输出: BibTeX | EndNote (RIS)      
摘要 本研究旨在探讨云测试的安全问题。虽然越来越多的企业开始向云环境迈进并共享信息,但他们同样十分关注云环境的安全问题和可能存在的风险。综述测试过程中安全保障方法的现有概念,在此基础上重点归纳和分析公共云测试中的信任、治理、承诺、认证与访问管理、可用性、数据安全、隔离及失败、架构这8类安全问题的风险程度,并对典型的公共云服务提供商在这8类安全问题上所采取的安全策略进行实证分析。
服务
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章
Ossi Taipale
Kari Smolander
王伟军
Udhyan Timilsina
Leah Riungu-Kalliosaari
关键词 云计算软件测试安全问题公有云实证分析    
Abstract:The objective of this study is to evaluate security issues of cloud testing. Organizations are increasingly moving to the cloud and sharing their information, but there are concerns about security issues and risks that may arise due to security breaches. This paper extends the concept of security approach during testing. It makes use of a literature review to evaluate the risk of eight security issues when testing in public clouds. The security issues including trust, governance, compliance, identity and access management, availability, data security, instance isolation and its failures, and architecture in testing on a public cloud. The paper also includes an empirical survey to evaluate the current security strategies of different public cloud providers on the eight security issues.
Key wordsCloud computing    Testing    Security issues    Public cloud    Survey
收稿日期: 2012-07-03      出版日期: 2013-02-06
:  TP393  
基金资助:本文系湖北省自然科学基金项目“基于云计算的知识集成与服务研究”(项目编号:2011CDA116)和芬兰科技创新基金项目“云计算环境下面向质量预期的软件测试及开发研究”(项目编号:TEKES 344/31/2011)的研究成果之一。
通讯作者: 王伟军     E-mail: wangwj@mail.ccnu.edu.cn
引用本文:   
Udhyan Timilsina, Leah Riungu-Kalliosaari, Ossi Taipale, Kari Smolander, 王伟军. 公有云应用中测试的安全问题[J]. 现代图书情报技术, 2012, (11): 22-33.
Udhyan Timilsina, Leah Riungu-Kalliosaari, Ossi Taipale, Kari Smolander, Wang Weijun. Security Issues on Testing of Public Cloud Applications. New Technology of Library and Information Service, 2012, (11): 22-33.
链接本文:  
https://manu44.magtech.com.cn/Jwk_infotech_wk3/CN/10.11925/infotech.1003-3513.2012.11.05      或      https://manu44.magtech.com.cn/Jwk_infotech_wk3/CN/Y2012/V/I11/22
[1] Weiss A. Computing in the Clouds[J]. ACM Networker,2007,114):16-25.
[2] Subashini S, avitha V. A Survey on Security Issues in Service Delivery Models of Cloud Computing[J].Journal of Network and Computer Applications,2011,341):1-11.
[3] Clavister. Security in the Cloud[EB/OL].[2012-03-01]. http://www.itwire.nu/members/cla69/attachments/CLA_WP_SECURITY_IN_THE_CLOUD.pdf.
[4][JP3]Moyle E,elley D. Cloud Security: Understand the Risks Before You Make the Move[EB/OL].[2012-03-06]. http://i.cmpnet.com/darkreading/cloudsecurity/[JP]S2760411_DR_secure_cloud.pdf.[JP]
[5][JP3]Anantha B.Testing Cloud and Testing Using Cloud[EB/OL].[2012-03-08]. http://www.sonatasoftware.com/export/sites/Sonata/sonata_[JP]en/innovation/resources/articles/pdfs/Cloud_Testing.pdf.[JP]
[6] Prakash N.Cloud Testing: Attracting Demand[EB/OL].[2012-03-05]. http://www.expresscomputeronline.com/20100201/trend01.shtml.
[7] AppLabs. Cloud Testing- Determine What Fit Best with the Cloud[EB/OL].[2012-03-19]. http://www.applabs.com/ap-private/pdf-download/11967%3Fnid%3D19167%2526Print%3Dpdf.
[8] MacVittie L.Cloud Testing: The Next Generation[EB/OL].[2012-02-10]. http://www.networkworld.com/news/tech/2011/020911-cloud-testing.html.
[9] Naryanan C.Cloud Testing-Ensuring QOS[EB/OL].[2012-02-10]. http://www.iqnite-conferences.com/de/Programm/abstracts/narayanan_ab.pdf.
[10] Cochran M, Witman P.Governance and Service Level Agreement Issues in a Cloud Computing Environment[J]. Journal of Information Technology Management, 2011,222):41-55.
[11] CSA, Cloud Security Alliance. Top Threats to Cloud Computing[EB/OL].[2012-02-20]. http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf.
[12] Roodenrijs E.Testing on the Cloud[EB/OL].[2012-03-25]. http://sogeti.com/upload/Curious%20about%20us/Documents/PoV%20-%20A%20Sogeti%20Test%20Cloud_v1%200.pdf.
[13] Cloud Computing Security Challenges[A].//rutz R L, Vines R D.Cloud Security: A Comprehensive Guide to Secure Cloud Computing[M]. New York City: John Wiley & Sons,2010:153-173.
[14] Nag S.Business Case for Cloud Based Testing[EB/OL].[2011-12-10].http://www.bsil.com/Resource-Center-%281%29/White-Papers/02-Business-Case-for-Cloud-based-Testing-pdf.aspx.
[15] Armbrust M, Fox A, Griffith R,et al.Above the Clouds: A Berkeley View of Cloud Computing[EB/OL].[2011-12-15]. http://x-integrate.de/x-in-cms.nsf/id/DE_Von_Regenmachern_und_Wolkenbruechen_-_Impact_2009_Nachlese/$file/abovetheclouds.pdf.
[16][JP2]issis D, Lekkas D. Addressing Cloud Computing Security Issues[J]. Future Generation Computer Systems,2012,283):583-592.[JP]
[17] CSA. Security Guidance for Critical Areas of Focus in Cloud ComputingV2.1)[EB/OL].[2011-09-10]. https://cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf.
[18] Jansen W, Grance T. Guidelines on Security and Privacy in Public Cloud Computing[EB/OL].[2012-04-02]. http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf.
[19][JP2]Proctor P E. Compliance ey Initiative Overview[EB/OL].[2012-03-15]. http://www.gartner.com/resources/214700/214765/compliance_key_initiative_ov_214765.pdf.[JP]
[20] Dokras S, Hartman B, Mathers T, et al. The Role of Security in Trustworthy Cloud Computing[EB/OL].[2012-03-10]. http://www.emc.com/collateral/about/investor relations/9921_CLOUD_WP_0209_lowres.pdf.
[21] Almulla S A, Chan Y.Cloud Computing Security Management[C]. In:Proceedings of the 2nd International Conference on Engineering Systems Management and Its Applications ICESMA).2010:1-7.
[22] Chow R, Golle P, Jakobsson M,et al. Controlling Data in the Cloud: Outsourcing Computation Without Outsourcing Control[C]. In:Proceedings of the 2009 ACM Workshop on Cloud Computing Security CCSW ’09).2009:85-90.
[23] etter.FBI Defends Disruptive Raids on Texas Data Centers[EB/OL].[2012-03-19]. http://www.wired.com/threatlevel/2009/04/data-centers-ra/.
[24] Garfinkel S L.An Evaluation of Amazon’s Grid Computing Services: EC2, S3[OL].[2011-11-18].http://www.ece.rutgers.edu/~parashar/Classes/07-08/ece572/readings/sgarfinkel-08-07.pdf.
[25] Reese G. Cloud Application Architectures[M]. The 1st Edition.Sebastopol,CA:O’Reilly Media,2009:2-4,99-118.
[26] Wang C, Wang Q, Ren, et al. Ensuring Data Storage Security in Cloud Computing[C]. In:Proceedings of the 17th International Workshop on Quality of ServiceIWQoS).2009:1-9.
[27] Raju R P B, Swarna R P, Rao S M.Privacy and Security issues of Cloud Computing[J]. International Journal of Advanced Research in Technology, 2011,12):128-136.
[28] Goodin D.Webhost Hack Wipes Out Data for 100,000 Sites[EB/OL].[2012-03-18]. http://www.theregister.co.uk/2009/06/08/webhost_attack/.
[29] Higgins J. NC State, IBM Researchers Create "Stealth" Hypervisor Security Tool will Ultimately be Offered as Open Source[OL].[2012-03-20]. http://www.darkreading.com/database-security/167901020/security/application-security/227500269/nc-state-ibm-researchers-create-stealth-hypervisor-security-tool.html.
[30] Lumely A R.Cyber Security and Privacy in Cloud Computing: Multidisciplinary Research Problems in Business[EB/OL].[2012-03-28]. http://www.cspri.seas.gwu.edu/Publications,%20Papers,%20and%20Research/CloudComputing_Lumley.pdf.
[31] ENSIA, European Network and Information Security Agency. Cloud Computing: Benefits, Risks and Recommendations for Information Security[EB/OL].[2012-03-25]. http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment.
[32] Rosen G.State of Cloud-January 2011[EB/OL].[2012-02-12]. http://www.jackofallclouds.com/2011/01/state-of-the-cloud-january-201/.
[1] 高长元, 于建萍, 何晓燕. 基于改进粒子群算法的云计算产业联盟知识搜索算法研究*[J]. 数据分析与知识发现, 2017, 1(3): 81-89.
[2] 颜时彦, 王胜清, 罗云川, 黄浩军. 云环境下基于FCA的领域本体协作构建模式初探[J]. 现代图书情报技术, 2014, 30(3): 49-56.
[3] 肖强, 朱庆华, 郑华, 吴克文. Hadoop环境下的分布式协同过滤算法设计与实现[J]. 现代图书情报技术, 2013, 29(1): 83-89.
[4] 王伟军, 姜毅, 刘蕤, Kari Smolander. 云计算环境下软件测试研究进展[J]. 现代图书情报技术, 2012, (11): 3-9.
[5] 姜毅, 曹丽, 王伟军, Ossi Taipale. “测试即服务”概念模型研究[J]. 现代图书情报技术, 2012, (11): 10-15.
[6] 张一弛, 熊湘文, 黄雅文, 王世雄. 云计算环境下测试数据的界定与管理[J]. 现代图书情报技术, 2012, (11): 16-21.
[7] 王家兵. 利用Arduino及Android终端的图书馆机房远程监控系统研发[J]. 现代图书情报技术, 2012, (10): 89-92.
[8] 马少兵, 马自卫. 数字图书馆私有云平台的构建研究和应用开发[J]. 现代图书情报技术, 2011, 27(4): 9-16.
[9] 张兴旺, 李晨晖, 秦晓珠. 云计算环境下大规模数据处理的研究与初步实现[J]. 现代图书情报技术, 2011, 27(4): 17-23.
[10] 沈奎林, 杜瑾. 基于VMware vSphere虚拟化技术构建图书馆云服务平台初探[J]. 现代图书情报技术, 2011, 27(10): 74-78.
[11] 赵华茗. 搭建基于云计算的开源海量数据挖掘平台[J]. 现代图书情报技术, 2010, 26(10): 76-81.
[12] 赵华茗,李春旺,李宇,周强. 云计算及其应用的开源实现研究[J]. 现代图书情报技术, 2009, (9): 1-6.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
版权所有 © 2015 《数据分析与知识发现》编辑部
地址:北京市海淀区中关村北四环西路33号 邮编:100190
电话/传真:(010)82626611-6626,82624938
E-mail:jishu@mail.las.ac.cn