Getting Started with Chaos Engineering - design of an implementation framework in practice

Jernberg, Hugo; Runeson, Per; Engström, Emelie

doi:10.1145/3382494.3421464

Cited by 8 publications

(5 citation statements)

References 11 publications

(26 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Figure 5 shows the execution of ChaosXploit for branch 2, which includes (i) the setup of ChaosXploit (lines 1-5), (ii) the steady state validation which assumes a correct configuration of the policies assigned to the user account under analysis (lines 6-10), (iii) execution of the actions that allow validating the hypothesis through an attempt to restore a previous policy (lines [11][12][13][14][15][16][17][18][19][20]. This last set of lines includes listing the user policies (line 13-14), validating the current version (line 15), identifying the version that allows the privilege escalation (line 16), restoring the desired policy (line 17-18) and validation of the restore (line 20).…”

Section: Results Analysismentioning

confidence: 99%

“…An interesting case study on applying the CE methodology to a real use-case scenario has been conducted in Ref. [18]. The main idea of the authors is to introduce the CE paradigm at ICE Gruppen AB, a group of companies working in the grocery market.…”

Section: State Of the Artmentioning

confidence: 99%

“…Table 1 summarizes the findings of the state-of-the-art investigation. It has to be remarked that the works [16][17][18][19] refer to CE applications while [13,24,25] propose SCE employment. Consequently, one could argue that it is obvious that the attributes' value of the CE works tend to be "Resiliency", while "Security" is predominant for the SCE proposals.…”

Section: State Of the Artmentioning

confidence: 99%

“…Nevertheless, the proposed framework in Ref. [18] adds security features to the CE requirements. Such confusion is directly derived from the ambiguous definition of CE, as previously stated.…”

Section: State Of the Artmentioning

confidence: 99%

See 3 more Smart Citations

On the Way to Automatic Exploitation of Vulnerabilities and Validation of Systems Security through Security Chaos Engineering

Chavarro

Nespoli

Díaz-López

et al. 2022

BDCC

View full text Add to dashboard Cite

Software is behind the technological solutions that deliver many services to our society, which means that software security should not be considered a desirable feature anymore but more of a necessity. Protection of software is an endless labor that includes the improvement of security controls but also the understanding of the sources that induce incidents, which in many cases are due to bad implementation or assumptions of controls. As traditional methods may not be efficient in detecting those security assumptions, novel alternatives must be attempted. In this sense, Security Chaos Engineering (SCE) becomes an innovative methodology based on the definition of a steady state, a hypothesis, experiments, and metrics, which allow to identify failing components and ultimately protect assets under cyber risk scenarios. As an extension of a previous work, this paper presents ChaosXploit, an SCE-powered framework that employs a knowledge database, composed of attack trees, to expose vulnerabilities that exist in a software solution that has been previously defined as a target. The use of ChaosXploit may be part of a defensive security strategy to detect and correct software misconfigurations at an early stage. Finally, different experiments are described and executed to validate the feasibility of ChaosXploit in terms of auditing the security of cloud-managed services, i.e., Amazon buckets, which may be prone to misconfigurations and, consequently, targeted by potential cyberattacks.

show abstract

Section: Results Analysismentioning

confidence: 99%

Section: State Of the Artmentioning

confidence: 99%

Section: State Of the Artmentioning

confidence: 99%

Section: State Of the Artmentioning

confidence: 99%

See 2 more Smart Citations

On the Way to Automatic Exploitation of Vulnerabilities and Validation of Systems Security through Security Chaos Engineering

Chavarro

Nespoli

Díaz-López

et al. 2022

BDCC

View full text Add to dashboard Cite

show abstract

“…Zhang et al [58] designed ChaosMachine, a tool that conducts chaos engineering experiments at the try-catch level for Java applications. Jernberg et al [33] designed a chaos engineering framework based on the literature and a tool survey, and validated the framework in a real commercial web system. Simonsson et al [43] proposed ChaosOrca, a chaos engineering system that injects system call errors for dockerized applications.…”

Section: B Chaos Engineeringmentioning

confidence: 99%

Chaos Engineering of Ethereum Blockchain Clients

Zhang¹,

Ron²,

Baudry³

et al. 2021

Preprint

View full text Add to dashboard Cite

The Ethereum blockchain is the operational backbone of major decentralized finance platforms. As such, it is expected to be exceptionally reliable. In this paper, we present CHAOSETH, a chaos engineering tool for resilience assessment of Ethereum clients. CHAOSETH operates in the following manner: First, it monitors Ethereum clients to determine their normal behavior. Then, it injects system call invocation errors into the Ethereum clients and observes the resulting behavior under perturbation. Finally, CHAOSETH compares the behavior recorded before, during, and after perturbation to assess the impact of the injected system call invocation errors. The experiments are performed on the two most popular Ethereum client implementations: GoEthereum and OpenEthereum. We experiment with 22 different types of system call invocation errors. We assess their impact on the Ethereum clients with respect to 15 applicationlevel metrics. Our results reveal a broad spectrum of resilience characteristics of Ethereum clients in the presence of system call invocation errors, ranging from direct crashes to full resilience. The experiments clearly demonstrate the feasibility of applying chaos engineering principles to blockchains.

show abstract

“What’s Going On” with BizDevOps: A qualitative review of BizDevOps practice

Antunes,

Tate

2024

Computers in Industry

View full text Add to dashboard Cite

Getting Started with Chaos Engineering - design of an implementation framework in practice

Cited by 8 publications

References 11 publications

On the Way to Automatic Exploitation of Vulnerabilities and Validation of Systems Security through Security Chaos Engineering

On the Way to Automatic Exploitation of Vulnerabilities and Validation of Systems Security through Security Chaos Engineering

Chaos Engineering of Ethereum Blockchain Clients

“What’s Going On” with BizDevOps: A qualitative review of BizDevOps practice

Contact Info

Product

Resources

About