Security Issues on Testing of Public Cloud Applications
Udhyan Timilsina1, Leah Riungu-Kalliosaari2, Ossi Taipale2, Kari Smolander2, Wang Weijun3
1. Lionbridge Technologies Inc., Tampere 33100, Finland; 2. Software Engineering Laboratory, Lappeenranta University of Technology, Lappeenranta 53400, Finland; 3. School of Information Management, Central China Normal University, Wuhan 430079, China
Abstract:The objective of this study is to evaluate security issues of cloud testing. Organizations are increasingly moving to the cloud and sharing their information, but there are concerns about security issues and risks that may arise due to security breaches. This paper extends the concept of security approach during testing. It makes use of a literature review to evaluate the risk of eight security issues when testing in public clouds. The security issues including trust, governance, compliance, identity and access management, availability, data security, instance isolation and its failures, and architecture in testing on a public cloud. The paper also includes an empirical survey to evaluate the current security strategies of different public cloud providers on the eight security issues.
Udhyan Timilsina, Leah Riungu-Kalliosaari, Ossi Taipale, Kari Smolander, 王伟军. 公有云应用中测试的安全问题[J]. 现代图书情报技术, 2012, (11): 22-33.
Udhyan Timilsina, Leah Riungu-Kalliosaari, Ossi Taipale, Kari Smolander, Wang Weijun. Security Issues on Testing of Public Cloud Applications. New Technology of Library and Information Service, 2012, (11): 22-33.
[1] Weiss A. Computing in the Clouds[J]. ACM Networker,2007,114):16-25. [2] Subashini S, avitha V. A Survey on Security Issues in Service Delivery Models of Cloud Computing[J].Journal of Network and Computer Applications,2011,341):1-11. [3] Clavister. Security in the Cloud[EB/OL].[2012-03-01]. http://www.itwire.nu/members/cla69/attachments/CLA_WP_SECURITY_IN_THE_CLOUD.pdf. [4][JP3]Moyle E,elley D. Cloud Security: Understand the Risks Before You Make the Move[EB/OL].[2012-03-06]. http://i.cmpnet.com/darkreading/cloudsecurity/[JP]S2760411_DR_secure_cloud.pdf.[JP] [5][JP3]Anantha B.Testing Cloud and Testing Using Cloud[EB/OL].[2012-03-08]. http://www.sonatasoftware.com/export/sites/Sonata/sonata_[JP]en/innovation/resources/articles/pdfs/Cloud_Testing.pdf.[JP] [6] Prakash N.Cloud Testing: Attracting Demand[EB/OL].[2012-03-05]. http://www.expresscomputeronline.com/20100201/trend01.shtml. [7] AppLabs. Cloud Testing- Determine What Fit Best with the Cloud[EB/OL].[2012-03-19]. http://www.applabs.com/ap-private/pdf-download/11967%3Fnid%3D19167%2526Print%3Dpdf. [8] MacVittie L.Cloud Testing: The Next Generation[EB/OL].[2012-02-10]. http://www.networkworld.com/news/tech/2011/020911-cloud-testing.html. [9] Naryanan C.Cloud Testing-Ensuring QOS[EB/OL].[2012-02-10]. http://www.iqnite-conferences.com/de/Programm/abstracts/narayanan_ab.pdf. [10] Cochran M, Witman P.Governance and Service Level Agreement Issues in a Cloud Computing Environment[J]. Journal of Information Technology Management, 2011,222):41-55. [11] CSA, Cloud Security Alliance. Top Threats to Cloud Computing[EB/OL].[2012-02-20]. http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf. [12] Roodenrijs E.Testing on the Cloud[EB/OL].[2012-03-25]. http://sogeti.com/upload/Curious%20about%20us/Documents/PoV%20-%20A%20Sogeti%20Test%20Cloud_v1%200.pdf. [13] Cloud Computing Security Challenges[A].//rutz R L, Vines R D.Cloud Security: A Comprehensive Guide to Secure Cloud Computing[M]. New York City: John Wiley & Sons,2010:153-173. [14] Nag S.Business Case for Cloud Based Testing[EB/OL].[2011-12-10].http://www.bsil.com/Resource-Center-%281%29/White-Papers/02-Business-Case-for-Cloud-based-Testing-pdf.aspx. [15] Armbrust M, Fox A, Griffith R,et al.Above the Clouds: A Berkeley View of Cloud Computing[EB/OL].[2011-12-15]. http://x-integrate.de/x-in-cms.nsf/id/DE_Von_Regenmachern_und_Wolkenbruechen_-_Impact_2009_Nachlese/$file/abovetheclouds.pdf. [16][JP2]issis D, Lekkas D. Addressing Cloud Computing Security Issues[J]. Future Generation Computer Systems,2012,283):583-592.[JP] [17] CSA. Security Guidance for Critical Areas of Focus in Cloud ComputingV2.1)[EB/OL].[2011-09-10]. https://cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf. [18] Jansen W, Grance T. Guidelines on Security and Privacy in Public Cloud Computing[EB/OL].[2012-04-02]. http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf. [19][JP2]Proctor P E. Compliance ey Initiative Overview[EB/OL].[2012-03-15]. http://www.gartner.com/resources/214700/214765/compliance_key_initiative_ov_214765.pdf.[JP] [20] Dokras S, Hartman B, Mathers T, et al. The Role of Security in Trustworthy Cloud Computing[EB/OL].[2012-03-10]. http://www.emc.com/collateral/about/investor relations/9921_CLOUD_WP_0209_lowres.pdf. [21] Almulla S A, Chan Y.Cloud Computing Security Management[C]. In:Proceedings of the 2nd International Conference on Engineering Systems Management and Its Applications ICESMA).2010:1-7. [22] Chow R, Golle P, Jakobsson M,et al. Controlling Data in the Cloud: Outsourcing Computation Without Outsourcing Control[C]. In:Proceedings of the 2009 ACM Workshop on Cloud Computing Security CCSW ’09).2009:85-90. [23] etter.FBI Defends Disruptive Raids on Texas Data Centers[EB/OL].[2012-03-19]. http://www.wired.com/threatlevel/2009/04/data-centers-ra/. [24] Garfinkel S L.An Evaluation of Amazon’s Grid Computing Services: EC2, S3[OL].[2011-11-18].http://www.ece.rutgers.edu/~parashar/Classes/07-08/ece572/readings/sgarfinkel-08-07.pdf. [25] Reese G. Cloud Application Architectures[M]. The 1st Edition.Sebastopol,CA:O’Reilly Media,2009:2-4,99-118. [26] Wang C, Wang Q, Ren, et al. Ensuring Data Storage Security in Cloud Computing[C]. In:Proceedings of the 17th International Workshop on Quality of ServiceIWQoS).2009:1-9. [27] Raju R P B, Swarna R P, Rao S M.Privacy and Security issues of Cloud Computing[J]. International Journal of Advanced Research in Technology, 2011,12):128-136. [28] Goodin D.Webhost Hack Wipes Out Data for 100,000 Sites[EB/OL].[2012-03-18]. http://www.theregister.co.uk/2009/06/08/webhost_attack/. [29] Higgins J. NC State, IBM Researchers Create "Stealth" Hypervisor Security Tool will Ultimately be Offered as Open Source[OL].[2012-03-20]. http://www.darkreading.com/database-security/167901020/security/application-security/227500269/nc-state-ibm-researchers-create-stealth-hypervisor-security-tool.html. [30] Lumely A R.Cyber Security and Privacy in Cloud Computing: Multidisciplinary Research Problems in Business[EB/OL].[2012-03-28]. http://www.cspri.seas.gwu.edu/Publications,%20Papers,%20and%20Research/CloudComputing_Lumley.pdf. [31] ENSIA, European Network and Information Security Agency. Cloud Computing: Benefits, Risks and Recommendations for Information Security[EB/OL].[2012-03-25]. http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment. [32] Rosen G.State of Cloud-January 2011[EB/OL].[2012-02-12]. http://www.jackofallclouds.com/2011/01/state-of-the-cloud-january-201/.