Symbolic test case generation for testing orchestrators in context

Escobedo Del Cid, José Pablo

25 November 2010

Web services are pieces of software offering functionalities to other (remote) machines over the Internet that work based on the Service-Oriented Architecture (SOA). They can be invoked by means of Web related standards (usually, SOAP, UDDI, XML, HTTP, WSDL. In the recent years, the usage of Web services has increased due to the flexibility and interoperability among heterogeneous platforms and operative systems that they provide. SOA adds value in terms of low coupling, re-usability of services and sharing; it makes the systems flexible and adaptive in case of changes in the business process and improves the integration of heterogeneous systems. Besides, new ways of using Web services have emerged, by combining them in order to create more complete (and complex) services. This process of re-using and combining Web services is called Web service composition, and its main objective is to allow the re-usability of the functionalities proposed by the Web services. This is why this architecture has been widely accepted by the companies all over the world: it helps reducing the cost and time to create business processes, and this is the type of systems we work with in this thesis, more specifically, we aim at ensuring their correct behavior by using testing techniques in order to detect possible errors.

[INFO] Computer Science

SOA

Orchestrators

Symbolic testing

Symbolic test case generation for testing orchestrators in context / Génération des cas de tests symboliques pour tester des orchestrateurs en contexte

Escobedo Del Cid, José Pablo

25 November 2010

Les services Web sont des logiciels qui offrent des fonctionnalités à des autres machines à travers l'Interent. Les services Web sont basés sur l'Architecture Orientée Services (SOA, pour son nom en anglais). Ils peuvent être invoqués en utilisant des standards pour le Web (normalement, SOAP, UDDI, XML, HTTP, WSDL). Dan les dernières années, l'utilisation des services Web s'est incrémentée à cause de la flexibilité qu'ils offrent, ainsi comme de l’intégration des systèmes hétérogènes. En plus, SOA ajoute de la valeur dans le sens où les services peuvent être réutilisés et partagés; cela fait les systèmes plus flexibles et adaptables en cas où il y a des changements dans les processus de l’entreprise, et améliore l'intégration des systèmes. Aussi, des nouvelles façons d'utiliser les services Web se sont développées, en combinant pour créer des services plus complets et complexes. Le processus de réutiliser les services Web pour créer des nouveaux s'appelle composition des services Web, et son but principal est de permettre la réutilisation des fonctionnalités proposées par les services Web. C'est pour cette raison que l'architecture SOA a été bien acceptée par les entreprises partout dans le monde: elle aide à réduire le coût et le temps qu'il faut pour créer des solutions, et c'est la composition des services Web qu'on étudie dans cette thèse. Plus spécifiquement, on veut assurer leur correct comportement en utilisant des techniques du test pour détecter des possibles erreurs. / Web services are pieces of software offering functionalities to other (remote) machines over the Internet that work based on the Service-Oriented Architecture (SOA). They can be invoked by means of Web related standards (usually, SOAP, UDDI, XML, HTTP, WSDL. In the recent years, the usage of Web services has increased due to the flexibility and interoperability among heterogeneous platforms and operative systems that they provide. SOA adds value in terms of low coupling, re-usability of services and sharing; it makes the systems flexible and adaptive in case of changes in the business process and improves the integration of heterogeneous systems. Besides, new ways of using Web services have emerged, by combining them in order to create more complete (and complex) services. This process of re-using and combining Web services is called Web service composition, and its main objective is to allow the re-usability of the functionalities proposed by the Web services. This is why this architecture has been widely accepted by the companies all over the world: it helps reducing the cost and time to create business processes, and this is the type of systems we work with in this thesis, more specifically, we aim at ensuring their correct behavior by using testing techniques in order to detect possible errors.

Architecture orientée services

Services web

SOA

Orchestrators

Symbolic testing

Estratégias para o suporte a ambientes de execução confiável em sistemas de computação na nuvem.

SAMPAIO, Lília Rodrigues.

06 September 2018

Submitted by Emanuel Varela Cardoso (emanuel.varela@ufcg.edu.br) on 2018-09-06T19:50:33Z No. of bitstreams: 1 LÍLIA RODRIGUES SAMPAIO – DISSERTAÇÃO (PPGCC) 2018.pdf: 2337190 bytes, checksum: bfef42889bed89a3860b61f38016b02d (MD5) / Made available in DSpace on 2018-09-06T19:50:33Z (GMT). No. of bitstreams: 1 LÍLIA RODRIGUES SAMPAIO – DISSERTAÇÃO (PPGCC) 2018.pdf: 2337190 bytes, checksum: bfef42889bed89a3860b61f38016b02d (MD5) Previous issue date: 2018-02-15 / Capes / O alto poder computacional oferecido por provedores de nuvem, aliado às suas características de flexibilidade, eficiência e custo reduzido, têm levado cada vez mais usuários a utilizar recursos em nuvem para implantação de aplicações. Como consequência, uma grande quantidade de dados de diversas aplicações críticas, e de alta demanda de processamento, passam a trafegar livremente pela nuvem. Considerando isso, especialmente para aplicações que lidam com dados sensíveis, como sistemas bancários, medidores inteligentes de energia, entre outros, é de grande importância assegurar a integridade e confidencialidade de tais dados. Assim, é cada vez mais frequente que usuários de recursos de uma nuvem exijam garantias de que suas aplicações estão executando em um ambiente de execução confiável. Abordagens tradicionais, como criptografia de dados em repouso e em comunicação, combinadas com políticas rígidas de controle de acesso têm sido usadas com algum êxito, mas ainda têm permitido sérios ataques. No entanto, mais recentemente,Trusted Execution Environments(TEE) têm prometido garantias de integridade e confidencialidade de dados e códigos ao carregá-los e executálos em áreas seguras e isoladas do processador da máquina. Assim, para dar suporte a implementações de TEE, tecnologias de segurança em hardware podem ser utilizadas, como ARM Trustzone e Intel SGX. No contexto deste trabalho, usamos Intel SGX, que se propõe a garantir confidencialidade e integridade de dados e aplicações executadas dentro de áreas protegidas de memória, denominadas enclaves. Assim, o código é protegido até de software com acesso privilegiado, como o próprio sistema operacional, hipervisores, entre outros. Diversos recursos da nuvem podem fazer uso de tais tecnologias de segurança, entre eles máquinas virtuais e contêineres. Neste estudo, propomos estratégias para o suporte de TEE em ambientes de nuvem, integrando Intel SGX e OpenStack, uma plataforma de nuvem de código berto amplamente conhecida e utilizada por grandes empresas. Apresentamos uma nova bordagem no processo de provisionamento e escalonamento de máquinas virtuais e contêineres numa nuvem OpenStack segura, que considera aspectos essenciais para o SGX, como a quantidade de memória segura sendo utilizada, oEnclave Page Cache(EPC). Porfim, validamos esta nuvem com uma aplicação que exige processamento de dados sensíveis. / The high level of computing power offered by cloud providers, together with theflexibility, efficiency and reduced cost they also offer, have increased the number of users wanting to deploy their applications on the cloud. As a consequence, a big amount of data from many critical and high performance applications start to traffic on the cloud. Considering this, specially for applications that deal with sensitive data, such as bank transactions, smart metering, and others, is very important to assure data integrity and confidentiality. Thus, it is increasingly common that users of cloud resources demand guarantees that their applications are running on trusted execution environments. Traditional approaches, such as data cryptography, combined with strict access control policies have been used with a level of success, but still allowing serious attacks. However, more recently, Trusted Execution Environments (TEE) are promising guarantees of data and code integrity and confidentiality by loading and executing them in isolated secure areas of the machine’s processor. This way, to support TEE implementations, hardware technologies such as ARM TrustZone and Intel SGX can be used. In the context of this research, we use Intel SGX, which proposes integrity and confidentiality guarantees for data and applications executed inside protected memory areas called enclaves. Thus, the code is protected even from high privileged software, such as the operational system, hypervisors and others. Many cloud resources can use such security technologies, like virtual machines and containers. In this research, we propose strategies to support TEE in cloud environments, integrating Intel SGX and OpenStack, an open-source cloud platform widely known and used by many big companies. We present a new approach in the provisioning and scheduling of instances in a secure OpenStack cloud, considering essential aspects to SGX such as the amount of secure memory being used, the Enclave Page Cache (EPC). Finally, we validated this cloud by deploying an application that requires processing of sensitive data.

Ciência da Computação

Computação na nuvem

OpenStack

Orquestradores de contêineres

Intel SGX

KVM-SGX

Contêineres seguros

Cloud computing

Container Orchestrators

Containers insurance