Title :
Risk-Based Security Testing in Cloud Computing Environments
Author_Institution :
Inst. of Comput. Sci., Univ. of Innsbruck Innsbruck, Innsbruck, Austria
Abstract :
Assuring the security of a software system in terms of testing nowadays still is a quite tricky task to conduct. Security requirements are taken as a foundation to derive tests to be executed against a system under test. Yet, these positive requirements by far do not cover all the relevant security aspects to be considered. Hence, especially in the event of security testing, negative requirements, derived from risk analysis, are vital to be incorporated. If considering today´s emerging trend in the adoption of cloud computing, security testing even has a more important significance. Due to a cloud´s openness, in theory there exists an infinite number of tests. Hence, a concise technique to incorporate the results of risk analysis in security testing is inevitable. We therefore propose a new model-driven methodology for the security testing of cloud environments, ingesting misuse cases, defined by negative requirements derived from risk analysis.
Keywords :
cloud computing; program testing; program verification; security of data; cloud computing; model-driven methodology; risk analysis; risk-based security testing; software system security; Adaptation model; Analytical models; Computational modeling; Risk analysis; Security; Testing; Unified modeling language; Cloud Computing; Model–Driven Testing; Security Testing;
Conference_Titel :
Software Testing, Verification and Validation (ICST), 2011 IEEE Fourth International Conference on
Conference_Location :
Berlin
Print_ISBN :
978-1-61284-174-8
Electronic_ISBN :
978-0-7695-4342-0
DOI :
10.1109/ICST.2011.23
