ESCUDO-CLOUD developed an innovative approach to conduct testing over the security lifecycle (see figure) of Cloud systems (e.g., OpenStack, Amazon EC2) by ascertaining the compliance of security Service Level Objectives (SLOs).
The approach, termed C’Mon, developed a compliance monitoring framework (see figure) via the direct and indirect monitoring of Cloud services.
Additionally, Cloud services typically entail concurrent processes and multi-threaded software with characteristic non-deterministic execution behavior. Consequently, the classical testing techniques that are build around deterministic single-threaded behavior need to be extended. ESCUDO-CLOUD developed approaches spanning experimental (termed Invariant Propagation Analysis) and formal (Iterative Relaxed Scheduling) testing facets. In addition, ESCUDO-CLOUD also developed open-source testing support tools as GRINDER (Customizable Test Harness) and PAIN (tunability of parallelism for accuracy and throughput). The project also developed techniques for application level verification developing solutions for testing VM and container integrity that were applied to ESCUDO-CLOUD’s Shuffle Index experiments.
- Ahmed Taha, Soha Albaghdady, Stefan Winter, Ahmed Taha, Heng Zhang, Neeraj Suri "C'MON: Monitoring the Compliance of Cloud Services to Contracted Properties" in Proc. of International Conference on Availability, Reliability and Security (ARES 2017) Reggio Calabria, Italy, August 29-September 1, 2017
- Heng Zhang, Jesus Luna, Ruben Trapero and Neeraj Suri "deQAM: A Dependency Based Indirect Monitoring Approach for Cloud Services" in Proc. of the 14th IEEE International Conference on Services Computing (SCC 2017), Honolulu, Hawaii, USA, June 25-30, 2017
- Abraham Chan, Stefan Winter, Habib Saissi, Karthik Pattabiraman, Neeraj Suri "Error Propagation Analysis of Multithreaded Programs Using Likely Invariants" in Proc. of the 10th IEEE International Conference on Software Testing, Verification and Validation (ICST 2017), Tokyo, Japan, March 13-17, 2017
- Stefan Winter, Oliver Schwahn, Roberto Natella, Neeraj Suri, Domenico Cotroneo "No PAIN, No Gain? The utility of PArallel fault INjections" in Proc. of the 37th International Conference on Software Engineering (ICSE), Firenze, Italy, May 16-24, 2015