Chaos as a Software Product Line—A platform for improving open hybrid‐cloud systems resiliency

Camacho, Carlos; Cañizares, Pablo C.; Llana, Luis; Núñez, Alberto

doi:10.1002/spe.3076

Cited by 4 publications

(4 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Figure 5 shows the execution of ChaosXploit for branch 2, which includes (i) the setup of ChaosXploit (lines 1-5), (ii) the steady state validation which assumes a correct configuration of the policies assigned to the user account under analysis (lines 6-10), (iii) execution of the actions that allow validating the hypothesis through an attempt to restore a previous policy (lines [11][12][13][14][15][16][17][18][19][20]. This last set of lines includes listing the user policies (line 13-14), validating the current version (line 15), identifying the version that allows the privilege escalation (line 16), restoring the desired policy (line 17-18) and validation of the restore (line 20).…”

Section: Results Analysismentioning

confidence: 99%

“…To this extent, the work in Ref. [16] described Pystol, a fault injection framework to argue on the resiliency of hybrid-cloud systems in adverse events. Specifically, Pystol is presented as a Software Product Line (SPL) that can be mounted on top of cloud infrastructures, being able to exploit CE's capacities.…”

Section: State Of the Artmentioning

confidence: 99%

“…Table 1 summarizes the findings of the state-of-the-art investigation. It has to be remarked that the works [16][17][18][19] refer to CE applications while [13,24,25] propose SCE employment. Consequently, one could argue that it is obvious that the attributes' value of the CE works tend to be "Resiliency", while "Security" is predominant for the SCE proposals.…”

Section: State Of the Artmentioning

confidence: 99%

See 2 more Smart Citations

On the Way to Automatic Exploitation of Vulnerabilities and Validation of Systems Security through Security Chaos Engineering

Chavarro

Nespoli

Díaz-López

et al. 2022

BDCC

View full text Add to dashboard Cite

Software is behind the technological solutions that deliver many services to our society, which means that software security should not be considered a desirable feature anymore but more of a necessity. Protection of software is an endless labor that includes the improvement of security controls but also the understanding of the sources that induce incidents, which in many cases are due to bad implementation or assumptions of controls. As traditional methods may not be efficient in detecting those security assumptions, novel alternatives must be attempted. In this sense, Security Chaos Engineering (SCE) becomes an innovative methodology based on the definition of a steady state, a hypothesis, experiments, and metrics, which allow to identify failing components and ultimately protect assets under cyber risk scenarios. As an extension of a previous work, this paper presents ChaosXploit, an SCE-powered framework that employs a knowledge database, composed of attack trees, to expose vulnerabilities that exist in a software solution that has been previously defined as a target. The use of ChaosXploit may be part of a defensive security strategy to detect and correct software misconfigurations at an early stage. Finally, different experiments are described and executed to validate the feasibility of ChaosXploit in terms of auditing the security of cloud-managed services, i.e., Amazon buckets, which may be prone to misconfigurations and, consequently, targeted by potential cyberattacks.

show abstract

Section: Results Analysismentioning

confidence: 99%

Section: State Of the Artmentioning

confidence: 99%

Section: State Of the Artmentioning

confidence: 99%

See 1 more Smart Citation

On the Way to Automatic Exploitation of Vulnerabilities and Validation of Systems Security through Security Chaos Engineering

Chavarro

Nespoli

Díaz-López

et al. 2022

BDCC

View full text Add to dashboard Cite

show abstract

“…Thus, the current study certainly can contribute to augmenting knowledge on this issue, which is of paramount importance for avoiding the interruption or malfunctioning of the services that the company offers to its customers. Actually, as noted by Camacho et al [60], the inaccessibility of these services due to platform malfunctioning may lead both to severe penalty costs due to the infringement of availability clauses as well as to the loss of market reputation.…”

Section: Discussionmentioning

confidence: 99%

A Resilience Engineering Approach for the Risk Assessment of IT Services

Fargnoli,

Murgianu

2023

Applied Sciences

View full text Add to dashboard Cite

Nowadays, services related to IT technologies have assumed paramount importance in most sectors, creating complex systems involving different stakeholders. Such systems are subject to unpredictable risks that differ from what is usually expected and cannot be properly managed using traditional risk assessment approaches. Consequently, ensuring their reliability represents a critical task for companies, which need to adopt resilience engineering tools to reduce the occurrence of failures and malfunctions. With this goal in mind, the current study proposes a risk assessment procedure for cloud migration processes that integrates the application of the Functional Resonance Analysis Method (FRAM) with tools aimed at defining specific performance requirements for the suppliers of this service. In particular, the Critical-To-Quality (CTQ) method was used to define the quality drivers of the IT platform customers, while technical standards were applied to define requirements for a security management system, including aspects relevant to the supply chain. Such an approach was verified by means of its application to a real-life case study, which concerns the analysis of the risks inherent to the supply chain related to cloud migration. The results achieved can contribute to augmenting knowledge in the field of IT systems’ risk assessment, providing a base for further research.

show abstract

Exploring the impact of chaos engineering with various user loads on cloud native applications: an exploratory empirical study

Al-Said Ahmad,

Al-Qora’n,

Zayed

2024

Computing

View full text Add to dashboard Cite

One of the most popular models that provide computer resources today is cloud computing. Today’s dynamic and successful platforms are created to take advantage of various resources available from service providers. Ensuring the performance and availability of such resources and services is a crucial problem. Any software system may be subject to faults that might propagate to cause failures. Such faults with the potential of contributing to failures are critical because they impair performance and result in a delayed reaction, which is regarded as a dependability problem. To ensure that critical faults can be discovered as soon as possible, the impact of such faults on the system must be tested. The performance and dependability of cloud-native systems are examined in this empirical study using fault injection, one of the chaos engineering techniques. The study explores the impacts and results of injecting various delay times into two cloud-native applications with diverse user numbers. The performance of the applications with various numbers of users is measured in relation to these delays, which accordingly reflects measuring the dependability of those systems. Firstly, the systems’ architecture were identified, and serverless with two Lambda functions and containerised microservices applications were chosen, which depend on utilising and incorporating cloud-native services. Secondly, faults are injected in order to quantify performance attributes such as throughput and latency. The results of several controlled experiments carried out in real-world cloud environments provide exploratory empirical data, which promoted comparisons and statistical analysis that we utilised to identify the behaviour of the application while experiencing stress. Typical results from this investigation include an overall reduction in performance that is embodied in an increase in latency with injecting delays. However, a remarkable result is noticed at a particular delay in which defects and availability problems appear out of nowhere. These findings assist in highlighting the value of using chaos engineering in general and fault injection in particular to assess the dependability of cloud-native applications and to find unpredicted failures that could arise quickly from defects that aren’t supposed to spread and result in dependability issues.

show abstract

Chaos as a Software Product Line—A platform for improving open hybrid‐cloud systems resiliency

Cited by 4 publications

References 43 publications

On the Way to Automatic Exploitation of Vulnerabilities and Validation of Systems Security through Security Chaos Engineering

On the Way to Automatic Exploitation of Vulnerabilities and Validation of Systems Security through Security Chaos Engineering

A Resilience Engineering Approach for the Risk Assessment of IT Services

Exploring the impact of chaos engineering with various user loads on cloud native applications: an exploratory empirical study

Contact Info

Product

Resources

About