Title: Mobile cloud computing applications penetration testing model design

Authors: Ahmad Salah Al-Ahmad; Syed Ahmad Aljunid; Normaly Kamal Ismail

Addresses: Faculty of Computer and Mathematical Sciences, UniversitiTeknologi MARA, 40450 Shah Alam, Selangor, Malaysia ' Faculty of Computer and Mathematical Sciences, UniversitiTeknologi MARA, 40450 Shah Alam, Selangor, Malaysia ' Faculty of Computer and Mathematical Sciences, UniversitiTeknologi MARA, 40450 Shah Alam, Selangor, Malaysia

Abstract: Mobile cloud computing (MCC) is a promising technology due to its features that mitigate mobile computing limitations and enhances cloud services. However, penetration testing is more challenging when conducted on MCC applications. These applications use offloading, and thus another layer of complexity in generating, selecting and executing test cases, which implies and requires an MCC applications penetration testing offloading-awareness model. To overcome these challenges, a penetration testing model for mobile cloud computing applications is designed. This model defines the process of penetration testing over MCC applications including penetration test preparation, test case generation, selection and execution processes. Key components of this offloading-awareness model are state management and mobile agent while other components are adapted from previous penetration testing models for the web, cloud or mobile applications. This model will enable penetration testers to tackle the mobile cloud computing complexity and uniqueness. Currently, we are preparing the evaluation of the model against these MCC applications.

Keywords: mobile cloud computing; MCC; penetration testing; offloading; mobile agent; offloading-awareness model.

DOI: 10.1504/IJICS.2020.108849

International Journal of Information and Computer Security, 2020 Vol.13 No.2, pp.210 - 226

Accepted: 06 Nov 2018
Published online: 05 Aug 2020 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article