Please wait a minute...
New Technology of Library and Information Service  2012, Vol. Issue (11): 22-33    DOI: 10.11925/infotech.1003-3513.2012.11.05
Current Issue | Archive | Adv Search |
Security Issues on Testing of Public Cloud Applications
Udhyan Timilsina1, Leah Riungu-Kalliosaari2, Ossi Taipale2, Kari Smolander2, Wang Weijun3
1. Lionbridge Technologies Inc., Tampere 33100, Finland;
2. Software Engineering Laboratory, Lappeenranta University of Technology, Lappeenranta 53400, Finland;
3. School of Information Management, Central China Normal University, Wuhan 430079, China
Download: PDF(720 KB)   HTML  
Export: BibTeX | EndNote (RIS)      
Abstract  The objective of this study is to evaluate security issues of cloud testing. Organizations are increasingly moving to the cloud and sharing their information, but there are concerns about security issues and risks that may arise due to security breaches. This paper extends the concept of security approach during testing. It makes use of a literature review to evaluate the risk of eight security issues when testing in public clouds. The security issues including trust, governance, compliance, identity and access management, availability, data security, instance isolation and its failures, and architecture in testing on a public cloud. The paper also includes an empirical survey to evaluate the current security strategies of different public cloud providers on the eight security issues.
Key wordsCloud computing      Testing      Security issues      Public cloud      Survey     
Received: 03 July 2012      Published: 06 February 2013
:  TP393  

Cite this article:

Udhyan Timilsina, Leah Riungu-Kalliosaari, Ossi Taipale, Kari Smolander, Wang Weijun. Security Issues on Testing of Public Cloud Applications. New Technology of Library and Information Service, 2012, (11): 22-33.

URL:

http://manu44.magtech.com.cn/Jwk_infotech_wk3/EN/10.11925/infotech.1003-3513.2012.11.05     OR     http://manu44.magtech.com.cn/Jwk_infotech_wk3/EN/Y2012/V/I11/22

[1] Weiss A. Computing in the Clouds[J]. ACM Networker,2007,114):16-25.
[2] Subashini S, avitha V. A Survey on Security Issues in Service Delivery Models of Cloud Computing[J].Journal of Network and Computer Applications,2011,341):1-11.
[3] Clavister. Security in the Cloud[EB/OL].[2012-03-01]. http://www.itwire.nu/members/cla69/attachments/CLA_WP_SECURITY_IN_THE_CLOUD.pdf.
[4][JP3]Moyle E,elley D. Cloud Security: Understand the Risks Before You Make the Move[EB/OL].[2012-03-06]. http://i.cmpnet.com/darkreading/cloudsecurity/[JP]S2760411_DR_secure_cloud.pdf.[JP]
[5][JP3]Anantha B.Testing Cloud and Testing Using Cloud[EB/OL].[2012-03-08]. http://www.sonatasoftware.com/export/sites/Sonata/sonata_[JP]en/innovation/resources/articles/pdfs/Cloud_Testing.pdf.[JP]
[6] Prakash N.Cloud Testing: Attracting Demand[EB/OL].[2012-03-05]. http://www.expresscomputeronline.com/20100201/trend01.shtml.
[7] AppLabs. Cloud Testing- Determine What Fit Best with the Cloud[EB/OL].[2012-03-19]. http://www.applabs.com/ap-private/pdf-download/11967%3Fnid%3D19167%2526Print%3Dpdf.
[8] MacVittie L.Cloud Testing: The Next Generation[EB/OL].[2012-02-10]. http://www.networkworld.com/news/tech/2011/020911-cloud-testing.html.
[9] Naryanan C.Cloud Testing-Ensuring QOS[EB/OL].[2012-02-10]. http://www.iqnite-conferences.com/de/Programm/abstracts/narayanan_ab.pdf.
[10] Cochran M, Witman P.Governance and Service Level Agreement Issues in a Cloud Computing Environment[J]. Journal of Information Technology Management, 2011,222):41-55.
[11] CSA, Cloud Security Alliance. Top Threats to Cloud Computing[EB/OL].[2012-02-20]. http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf.
[12] Roodenrijs E.Testing on the Cloud[EB/OL].[2012-03-25]. http://sogeti.com/upload/Curious%20about%20us/Documents/PoV%20-%20A%20Sogeti%20Test%20Cloud_v1%200.pdf.
[13] Cloud Computing Security Challenges[A].//rutz R L, Vines R D.Cloud Security: A Comprehensive Guide to Secure Cloud Computing[M]. New York City: John Wiley & Sons,2010:153-173.
[14] Nag S.Business Case for Cloud Based Testing[EB/OL].[2011-12-10].http://www.bsil.com/Resource-Center-%281%29/White-Papers/02-Business-Case-for-Cloud-based-Testing-pdf.aspx.
[15] Armbrust M, Fox A, Griffith R,et al.Above the Clouds: A Berkeley View of Cloud Computing[EB/OL].[2011-12-15]. http://x-integrate.de/x-in-cms.nsf/id/DE_Von_Regenmachern_und_Wolkenbruechen_-_Impact_2009_Nachlese/$file/abovetheclouds.pdf.
[16][JP2]issis D, Lekkas D. Addressing Cloud Computing Security Issues[J]. Future Generation Computer Systems,2012,283):583-592.[JP]
[17] CSA. Security Guidance for Critical Areas of Focus in Cloud ComputingV2.1)[EB/OL].[2011-09-10]. https://cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf.
[18] Jansen W, Grance T. Guidelines on Security and Privacy in Public Cloud Computing[EB/OL].[2012-04-02]. http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf.
[19][JP2]Proctor P E. Compliance ey Initiative Overview[EB/OL].[2012-03-15]. http://www.gartner.com/resources/214700/214765/compliance_key_initiative_ov_214765.pdf.[JP]
[20] Dokras S, Hartman B, Mathers T, et al. The Role of Security in Trustworthy Cloud Computing[EB/OL].[2012-03-10]. http://www.emc.com/collateral/about/investor relations/9921_CLOUD_WP_0209_lowres.pdf.
[21] Almulla S A, Chan Y.Cloud Computing Security Management[C]. In:Proceedings of the 2nd International Conference on Engineering Systems Management and Its Applications ICESMA).2010:1-7.
[22] Chow R, Golle P, Jakobsson M,et al. Controlling Data in the Cloud: Outsourcing Computation Without Outsourcing Control[C]. In:Proceedings of the 2009 ACM Workshop on Cloud Computing Security CCSW ’09).2009:85-90.
[23] etter.FBI Defends Disruptive Raids on Texas Data Centers[EB/OL].[2012-03-19]. http://www.wired.com/threatlevel/2009/04/data-centers-ra/.
[24] Garfinkel S L.An Evaluation of Amazon’s Grid Computing Services: EC2, S3[OL].[2011-11-18].http://www.ece.rutgers.edu/~parashar/Classes/07-08/ece572/readings/sgarfinkel-08-07.pdf.
[25] Reese G. Cloud Application Architectures[M]. The 1st Edition.Sebastopol,CA:O’Reilly Media,2009:2-4,99-118.
[26] Wang C, Wang Q, Ren, et al. Ensuring Data Storage Security in Cloud Computing[C]. In:Proceedings of the 17th International Workshop on Quality of ServiceIWQoS).2009:1-9.
[27] Raju R P B, Swarna R P, Rao S M.Privacy and Security issues of Cloud Computing[J]. International Journal of Advanced Research in Technology, 2011,12):128-136.
[28] Goodin D.Webhost Hack Wipes Out Data for 100,000 Sites[EB/OL].[2012-03-18]. http://www.theregister.co.uk/2009/06/08/webhost_attack/.
[29] Higgins J. NC State, IBM Researchers Create "Stealth" Hypervisor Security Tool will Ultimately be Offered as Open Source[OL].[2012-03-20]. http://www.darkreading.com/database-security/167901020/security/application-security/227500269/nc-state-ibm-researchers-create-stealth-hypervisor-security-tool.html.
[30] Lumely A R.Cyber Security and Privacy in Cloud Computing: Multidisciplinary Research Problems in Business[EB/OL].[2012-03-28]. http://www.cspri.seas.gwu.edu/Publications,%20Papers,%20and%20Research/CloudComputing_Lumley.pdf.
[31] ENSIA, European Network and Information Security Agency. Cloud Computing: Benefits, Risks and Recommendations for Information Security[EB/OL].[2012-03-25]. http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment.
[32] Rosen G.State of Cloud-January 2011[EB/OL].[2012-02-12]. http://www.jackofallclouds.com/2011/01/state-of-the-cloud-january-201/.
[1] Wengang Feng,Jing Huang. Early Warning for Civil Aviation Security Checks Based on Deep Learning[J]. 数据分析与知识发现, 2018, 2(10): 46-53.
[2] Changyuan Gao,Jianping Yu,Xiaoyan He. Knowledge Search for Cloud Computing Industry Alliance: An Algorithm Based on Improved Particle Swarm Optimization[J]. 数据分析与知识发现, 2017, 1(3): 81-89.
[3] Zhang Zhixiong, Zhang Shanshan, Ku Liping, Li Lin. Survey and Analysis on Cognition and Using of arXiv for China Mainland Researchers[J]. 现代图书情报技术, 2014, 30(7): 1-8.
[4] Yan Shiyan, Wang Shengqing, Luo Yunchuan, Huang Haojun. An Ontology Collaborative Construction Model Based on FCA in Cloud Computing Environment[J]. 现代图书情报技术, 2014, 30(3): 49-56.
[5] Song Haiyan, Shao Chengjin, Ku Liping, Zhang Dongrong, Pan Wei, Huang Wenli, Jiang Lili, Chen Tiantian, Zhang Hao. Survey and Analysis on Cognition and Using of Institutional Repository for China Mainland Researchers[J]. 现代图书情报技术, 2014, 30(2): 8-16.
[6] Xiao Qiang, Zhu Qinghua, Zheng Hua, Wu Kewen. Design and Implementation of Distributed Collaborative Filtering Algorithm on Hadoop[J]. 现代图书情报技术, 2013, 29(1): 83-89.
[7] Wang Weijun, Jiang Yi, Liu Rui, Kari Smolander. Research Progress in Software Testing on Cloud Computing[J]. 现代图书情报技术, 2012, (11): 3-9.
[8] Jiang Yi, Cao Li, Wang Weijun, Ossi Taipale. Research on the Concept Model of Testing as a Service[J]. 现代图书情报技术, 2012, (11): 10-15.
[9] Zhang Yichi, Xiong Xiangwen, Huang Yawen, Wang Shixiong. Definition and Management of Test Data on Cloud Computing[J]. 现代图书情报技术, 2012, (11): 16-21.
[10] Cao Li, Jiang Yi, Gan Chunmei, Zhang Yichi, Chen Guiqiang. Construction of Software Testing Platform on Cloud Computing[J]. 现代图书情报技术, 2012, (11): 34-39.
[11] Wang Jiabing. Developing a Remote Monitoring System for Library Computer Room Using Arduino and Android Terminal[J]. 现代图书情报技术, 2012, (10): 89-92.
[12] Huang Xiaobin, Qiu Minghui. A Review of Remote Usability Evaluation and Its Application on Usability Evaluation of Digital Library[J]. 现代图书情报技术, 2012, 28(1): 1-6.
[13] Ma Shaobing, Ma Ziwei. Construction of Digital Library Private Cloud Platform and Application Development[J]. 现代图书情报技术, 2011, 27(4): 9-16.
[14] Zhang Xingwang, Li Chenhui, Qin Xiaozhu. Research and Initial Implementation of Large-scale Data Processing Based on Cloud Computing[J]. 现代图书情报技术, 2011, 27(4): 17-23.
[15] Shen Kuilin, Du Jin. Preliminary Study on Using VMware vSphere Virtualization Technology to Build Cloud Services Platform of Library[J]. 现代图书情报技术, 2011, 27(10): 74-78.
  Copyright © 2016 Data Analysis and Knowledge Discovery   Tel/Fax:(010)82626611-6626,82624938   E-mail:jishu@mail.las.ac.cn