Loading [a11y]/accessibility-menu.js
An independent verification of errors and vulnerabilities in SaaS cloud | IEEE Conference Publication | IEEE Xplore

An independent verification of errors and vulnerabilities in SaaS cloud


Abstract:

Software-as-a-Service (SaaS) offers immense advantages to a subscriber, as the SaaS subscriber pays for the amount of service he has consumed. This pay-per-use model offe...Show More

Abstract:

Software-as-a-Service (SaaS) offers immense advantages to a subscriber, as the SaaS subscriber pays for the amount of service he has consumed. This pay-per-use model offered by the SaaS provider is supported by the underlying virtualization technology, which allows sharing of the physical infrastructure among several clients who subscribe to the SaaS cloud to optimize the cost of usage. However, with this cost-benefit come several risks related to reliability, security and availability (RAS). Consequently, a potential subscriber of a SaaS offering wants to perform several reviews and validations related to RAS before the subscription. In fact, the subscriber often prefers an independent validation of these QoS aspects, as an on-going basis. In this work, we propose a validation methodology and a tool iCirrus-Val for a SaaS subscriber, to perform an independent analysis and verification of functional errors and vulnerabilities of a SaaS cloud from its weblogs. iCirrus-Val groups the logged URLs into whitelist and suspect categories. A whitelisted URL belonging to a business process, is analyzed for permanent and transient faults. A suspect URL is further analyzed to check if it falls into an “attempt to an attack category”. Our approach is lightweight and does not require data from other parts of the system that is typically unavailable to a SaaS subscriber. It is restricted to a study of RAS from the subscribers entry point. However, we believe that our approach has a potential to identify a large number of the vulnerabilities. Our belief, though not empirically validated here, rests upon recent research findings which indicate that vulnerabilities are increasingly targeted at the entry point such as the web server, as attackers find it difficult to hack the core server.We illustrate our approach using a real-life data of an organization that has adopted a SaaS public cloud.
Date of Conference: 25-28 June 2012
Date Added to IEEE Xplore: 13 August 2012
ISBN Information:

ISSN Information:

Conference Location: Boston, MA, USA

References

References is not available for this document.