Authors: Ahmad Salah Al-Ahmad; Syed Ahmad Aljunid; Normaly Kamal Ismail
Addresses: Faculty of Computer and Mathematical Sciences, UniversitiTeknologi MARA, 40450 Shah Alam, Selangor, Malaysia ' Faculty of Computer and Mathematical Sciences, UniversitiTeknologi MARA, 40450 Shah Alam, Selangor, Malaysia ' Faculty of Computer and Mathematical Sciences, UniversitiTeknologi MARA, 40450 Shah Alam, Selangor, Malaysia
Abstract: Mobile cloud computing (MCC) is a promising technology due to its features that mitigate mobile computing limitations and enhances cloud services. However, penetration testing is more challenging when conducted on MCC applications. These applications use offloading, and thus another layer of complexity in generating, selecting and executing test cases, which implies and requires an MCC applications penetration testing offloading-awareness model. To overcome these challenges, a penetration testing model for mobile cloud computing applications is designed. This model defines the process of penetration testing over MCC applications including penetration test preparation, test case generation, selection and execution processes. Key components of this offloading-awareness model are state management and mobile agent while other components are adapted from previous penetration testing models for the web, cloud or mobile applications. This model will enable penetration testers to tackle the mobile cloud computing complexity and uniqueness. Currently, we are preparing the evaluation of the model against these MCC applications.
Keywords: mobile cloud computing; MCC; penetration testing; offloading; mobile agent; offloading-awareness model.
International Journal of Information and Computer Security, 2020 Vol.13 No.2, pp.210 - 226
Received: 18 Sep 2018
Accepted: 06 Nov 2018
Published online: 30 Apr 2020 *