In analyzing project regressions, automation has emerged as a major agenda in managing changes in software which requires minimum manual intervention. For rapid testing environment, software development processes such as Agile, Scrum, and XP processes depend on continuous integration tools. There is no single tool to handle the project automation, and the main challenge is dependency on multiple tools. The proposed automation tool should support configuration, execution, and debugging facility. Integrating the project automation works such as software configuration management tools Mercurial and Git, job scheduling tools like Jenkins and Apache Continuum, test management tools like TestNG and Selenium need tight integration which is a challenge. The existing PKI infrastructure for access control does not share data among the software tools and processes increasing the complexity when an organization needs to leverage the existing cloud services. The proposed approach optimizes the execution time by taking single CSV with input test case and metadata information and efficiently group and executes the tests automatically. The proposed method includes implementation of security access control mechanism for the jobs execution platform in cloud environment.

1. Introduction

We provide the network telemetry data in a safe manner via approved third parties, while maintaining the ability to search on the encrypted network telemetry while maintaining privacy. We conducted an experimental investigation into the construction of a privacy-preserving search algorithm employing upgraded security algorithms such as ID-PKC and ABE [1].

It is necessary to have a quick development environment for the software that will be distributed on the cloud platform in order to check for flaws in the produced software before providing it. This fast software development necessitates the establishment of a scalable and secure infrastructure that is infallible [2]. However, even while cloud systems allow for the rapid development of products, they still need the assistance of automation tools in order to fully use the build and test environments [3]. With the help of cloud virtualization services, the suggested solution handles the issue of building and testing a framework in a cloud environment [4].

The proposed architecture employs an integrated security framework that makes use of identity-based cryptosystems and ABE to ensure that tasks are executed securely and with greater resistance against vulnerabilities associated with cloud deployment. [5].

It is only via the implementation of appropriate defensive measures that cloud security architecture can be considered effective [6].

When designing a cloud security architecture, it is important to think ahead and anticipate the issues that may arise throughout the security management process.

[7] Security controls are implemented in order to address the issues highlighted by the security management team. It is necessary to have these controls in place in order to safeguard the system from any faults and to minimize the effect of an attack [8]. Despite the fact that there are multiple different types of controls behind a cloud security [9] architecture, they are all susceptible to being exploited. Most of the time, they may be found in one of the following classifications: it is possible to safeguard a system against occurrences by preventing them from happening, which is what preventive controls are designed to do [10]. Minimizing or lowering, if not fully eliminating, certain vulnerabilities, examples include cloud customers who require strong authentication, which reduces the likelihood that unauthorized users will be able to access cloud systems and increases the likelihood that authorized users will be able to access cloud systems when they can be positively identified by the cloud service provider [11]. The goal of detective controls is to detect and react appropriately to any irregularities that may occur [12]. The detective has complete influence over the events that go happen. In the event of an attack, a detective control will notify those responsible for taking preventative or defensive actions. Corrective actions are being implemented in order to resolve the issue [13]. Monitor the security of your systems and networks, including intrusion detection and prevention. Cloud system attacks are often recognized and stopped by the use of detection and prevention processes, which are implemented in the network architecture that facilitates communication. Correlative controls aid in mitigating the consequences of an occurrence, often by preventing them from happening in the first place [14].

Keeping the amount of damage to a bare minimum, they have an influence on the situation either during or shortly after it occurs. Information is stored in the database, which is the backup of the system.

Corrective controls, such as the need to repair a compromised system, are instances of this kind of regulation. The importance of cloud security is widely acknowledged in its many dimensions, with the general consensus being that information security safeguards should be implemented, chosen, and executed according to and in proportion to the risks, which is frequently accomplished through threat assessment [15].

Some of the cloud’s numerous service models, such as IAAS, PaaS, and SAAS, are included below, as well as the many deployment options available, which are listed below. Security issues/concerns impact a wide range of organizations, including private, public, hybrid, and community-based organizations that use cloud computing services to operate [16]. However, these difficulties develop as a consequence of the following factors:

There have been concerns made regarding cloud security by both cloud providers (organizations that supply software, platform, or infrastructure as a service through the cloud) and cloud customers (companies or organizations that employ clouds services) [17].

Cloud computing is a technique for hosting programs and storing data in a remote location. It is likely that the major culpability is split between the two parties in this situation. To evaluate whether or not a cloud provider’s cloud environment is safe, as well as whether or not their users’ cloud environments are safe, we must first assess if the cloud provider’s cloud environment is safe [18]. In the case of a cloud-based application or data, all of the associated information and data is safeguarded and transferred to a safe place. Now, the cloud client is generating very strong passwords and performing all of the necessary authentication processes in the background.

Cloud administrators are those who choose to utilize a cloud application that has already been saved in the cloud. When a cloud manager or agency makes the decision to use a cloud application that has already been stored in the cloud, the cloud management or agency is referred to as a cloud administrator [19]. Users upload their data to the public cloud, which is housed inside the data center. A significant amount of potential exists in its manufacturing.

There is the possibility that some attacks may reveal critical and secret information. In the wake of a recent cloud security incident, many attacks on cloud computing infrastructure have been reported, causing widespread worry [20]. It is now the cloud service provider’s obligation to ensure that all of the background information with details is accurate. Using cloud computing, organizations may save resources, cut costs, and retain efficiency [21]. Keeping the data of a number of clients on the same server is standard practice among service providers. There is a consequent rise in the possibility that other users will be able to view private information belonging to a single individual as a result of this development (possibly even competitors). It is necessary for cloud service providers to ensure that data segregation and logical storage are effectively implemented segregated in order to cope with sensitive circumstances [22]. It is clear that the extensive usage of virtualization in the development of cloud infrastructure is a major benefit in this context. Customers or tenants of a public cloud service could be concerned about the security of their data. The relationship between the operating system and the underlying hardware—whether it be for computing, storage, or networking—is transformed as a consequence of virtualization [23]. This is the point at which everything starts. An additional layer—virtualization—must be properly configured, regulated, and maintained in order to be secure. Concerning virtualization software in particular, there is the potential of compromising the program or the danger of data loss in the “hypervisor.” However, despite the fact that these concerns are mostly hypothetical, they do exist [24].

Cloud infrastructures are nothing more than a new kind of computer network that is hosted on the internet. This indicates that clouds will have the same characteristics that they have now. Any network infrastructure will be protected to some extent (for example, by intrusion detection and prevention systems). It is up to the cloud to make the decision.

It is the vendor’s obligation (whether you or a third party) to determine the level of security that is required. The International Organization for Standardization (ISO) is a nongovernmental organization that sets international standards (ISO). Several information security standards have been created by the International Organization for Standardization (ISO) in the field of information security.

ISO 27001 and ISO 27002 are standards for information security management. The ISO 27001 standard is applicable to all sorts of enterprises. The International Organization for Standardization (ISO) 27002 is likewise tailored to the specific requirements of the business, but it is meant to assist in meeting those criteria. Security risks are assessed by a security risk assessment (ISO (2), 2008) [25]. There is a continuing argument between IT and the rest of the world private clouds that are more secure than public clouds, according to industry experts. Some researchers and experts believe that consequently, there has been no lack of discussion and concern about the security risks associated with public cloud computing [26]. The challenges that computers present are as follows. It is fair to be concerned, particularly if sensitive data and critical applications are in the hands of a third party who is not under your immediate control [27]. Aside from the widely held belief that owning property is a good investment, clouds should be more secure, and there are two types of cloud computing: public cloud computing and private cloud computing. Security Matters 8 discusses some of the fascinating characteristics and aspects of public clouds that should be taken into consideration. The National Institute of Standards and Technology (NIST) is the meaning of the term “public.” The term “clouds” refers to information that is made accessible to the general public or a huge industry group [28]. As a result, public cloud service providers are significantly more attractive targets for hackers than private cloud service providers. Public [29] clouds also attract the most qualified security personnel available; the largest and most successful cloud service companies have the most qualified security personnel. They have millions of clients who depend on them. They would almost certainly be picky about who they hired in the first place [30]. Also, the public cloud providers, particularly the bigger corporations such as Google, Amazon, and Facebook, would benefit from this. It is significantly simpler for a small to midsize private corporation to get the most up-to-date security equipment. Concerning public cloud computing, there are many factors to consider [31].

Cloud storage is defined as “the storage of data online in the cloud,” in which case a company’s data is kept in various dispersed and linked resources that make up a cloud and is accessible from anywhere in the world. Cloud storage can provide the advantages of greater accessibility and reliability; rapid deployment; strong protection for data backup, archival, and disaster recovery purposes; and lower overall storage costs as a result of not having to purchase, manage, and maintain expensive hardware [32]. Cloud storage can be used for a variety of purposes, including backup, archival, and disaster recovery, but there is the possibility of security and compliance issues when using cloud storage services.

2. Literature Survey on Automation Frameworks and Secure Jobs Execution

The different phases of software development demand various different automation tools in the cloud environment. For example, to enable automatic job configure, schedule and monitor tools such as Puppet, Juju, Apache Continuum, Jenkins, and Cobbler enable automatic job are used in different phases [33]. To improve quality and address customer issues rapidly, we require a tool which is capable of continuous integration, test-driven development, and debugging.

Based on the project requirement, automation can be triggered in various methods some of them includes [34] the following: (i)On-demand run: using scripts or user-interface user manually triggers the jobs(ii)Scheduled run: tests are grouped into test suites and executed as per the schedule(iii)On event occurrence: these test will run as soon as the build is available or a change set is identified (pushed) in the source repository

It is devised a scheme to measure Cloud Service Level Agreement (SLA) in real time environment and proposed a security management system for monitoring alerts, security of cloud incidents, and vulnerabilities [35].

The primary run time environment is Google Colab which is a part of the google app engine [36, 37].

Cloud computing represents the next step in the growth of the Internet. For coherence to be achieved throughout a network, it is necessary to share resources [38]. In recent years, it has developed as a new computing standard that has implications for a variety of academic domains, including software testing.

There are many different software approaches that may be used to test an application.

It not only alters the method in which computer resources are obtained but it also alters the manner in which computing services, technologies, and solutions are administered and delivered [39]. Meanwhile, it generates new concerns, challenges, and requirements in the field of software testing. Software testing in the cloud may lower the demand for hardware and software resources while also providing a more flexible and efficient alternative to the conventional software testing method, according to the cloud computing community. This paper presents an overview of the latest trends, opportunities, problems, concerns, and requirements in cloud testing and cloud-based application development and deployment [40].

3. Proposed Approach

The proposed methodology includes two major parts. First, for complete testing and validation of cloud software projects, we propose framework for automated jobs execution. The new code change tests are crucial as it allow any project functioning to regressing new source code changes. We propose an end-to-end approach which scale and run the tests using the cloud resources and as per the configuration (serial or parallel), respectively.

The proposed approach optimizes the execution time by taking single CSV (comma separated file) with input test case and metadata information and efficiently group and executes the tests automatically.

The test configuration information is present in CSV (comma separated) file. Each entry in test definition (CSV) file has test details such as <UNIQUE_ID, TEST_NAME, EXECUTION_MODE, MACHINE_CONFIG ...>.

Later, we propose a security access control mechanism for the jobs execution platform leveraging the cloud environment. The role-based access control policies are integrated, and the security aspects of the tool are experimented.

Dynamical systems with multiscroll are more complex dynamics than chaotic systems with monoscroll attractors. The state-space equation for automatic chaotic system is given by

The above Eqs. (1)–(3) can be adapted using hyperbolic function and modified in Eq. (6).

Equations (4) and (5) are similar to Eqs. (1) and (2).

Over the last several years, chaotic systems have been extensively studied in a variety of engineering applications. Using Julia’s fractal process, chaotic attractors, and logistic map in a complex set, this work provides a novel chaotic system that may be used in many applications. A number of complex dynamic properties, including equilibrium points, bifurcation, Lyapunov exponents, and the chaotic behavior of the suggested chaotic system, were investigated. Previously, we learned that a single positive Lyapunov exponent demonstrated the chaotic condition. It is shown in the numerical simulation that there are several complicated dynamic behaviors that coexist with an antagonist form that is a mixture of bifurcation and attractor. Afterwards, we provide a chaotic system-inspired picture encryption technique that is both fast and secure. The algorithm is comprised of two major stages: confusion and diffusion, which are interconnected. The experimental findings have shown that the suggested maps employed are more sophisticated and have a key space with a suitable amount of key space to be useful. Comparing the proposed picture encryption algorithm to other current image encryption methods is done by utilizing several security analysis elements such as differential attacks analysis, statistical testing, key space analysis, information entropy test, and running time, among others. Based on the findings, it was determined that the suggested picture encryption approach achieves superior outcomes in terms of both security and speed.

Chaotic attractor is obtained when , , , , , , , and , and the preferred initial conditions include. Once the hyperbolic function is activated with the parameter, , and for the initial conditions generated, Figure 1 illustrates various conditions of hyperbolic function. The second phase is initiated with the parameters and with the newly defined initial conditions as . Figure 2 illustrates the function regarding the new initial condition values. In the third phase, the parameters and and initial conditions are similar to the initially chosen values . This is demonstrated in Figure 3 which shows a single scroll. From the models, it is evident that the scheme is multiscroll property.

Cryptography has been around for a long time. The exchange of a secret key, which was used both for encryption and decryption, required two parties to employ a secure channel in the early phases of the technology’s development. This kind of encryption is referred to as private or symmetric key cryptography. Although such a technique was somewhat secure, there were flaws in its implementation. In addition, a secure route is not always accessible, which is why we want an encryption technique in the first place in the first place. The use of public key cryptography may help to mitigate these disadvantages. When two communicating parties agree on a shared secret key, they may exchange it without having to exchange their secret keys themselves via the communication channel. Instead, it is generated from a set of parameters, none of which are publicly available. When Whitfield Diffie and Martin Hellman presented an algorithm for key exchange in 1976, they were inspired by Ralph Merkle’s work on public key distribution. The approach used exponentiation on a finite field, which was later refined by others. Diffie Hellman is a cryptographic algorithm that is utilized in a number of protocols and applications today. As opposed to a batch transfer from one sender to another, it is utilized in interactive transactions between two parties. The algorithm is utilized when data is encrypted on the web using SSL or TLS, as well as in virtual private networks (VPNs).

The newly derived models include

As a result, its safety is of the highest significance. Although it is more secure than other security algorithms, it is still subject to a variety of attacks, such as plaintext assaults and man in the middle attacks. Consequently, we suggest a version of the original technique that is more tolerant and secure due to the use of a random parameter in the computation. Plaintext assaults are one of the most widely utilized cryptanalysis techniques today, accounting for around a third of all attacks. The attacker has access to sample plaintext and cypher text, as well as the plaintext itself. From a collection of known plaintext and cypher text, an attacker may extract further critical information, such as secret keys and code books, which can be used against them. The random parameter added in the proposed technique significantly reduces the potential of a known plaintext attack of this kind.

4. Design and Implementation of Fully Automated Test Framework for Cloud

Unlike the on-premise deployments, additional controls are required for development and deployment of software for cloud environment.

Some important changes in the cloud environment included the following: compatibility issues since cloud providers support different ways of managing user data, reduced control over physical cloud data security, compliance to appropriate regulations applicable to data domain, and data security during entire tenure of data (newly created persisted, processed, transit and destroyed).

Cloud software developers should follow Secure Coding Guidelines (OWASP Security Guide) as shown in Figure 1. Security aspects need to be considered in every phase right from requirements to deployment. In the production environment, the execution logs, debug statements, and error messages have very valuable information about the code.

Static analysis checks code statically, and the dynamic code analysis tools analyze as it executes and checks for possible security vulnerabilities. The dynamic code analysis tool analyzes the runtime code execution paths.

Upon execution, the input is specified in a CSV file with test case information. Later, the result aggregator tool groups the result which generates failure analysis.

User-interface test automation tool, Selenium, is used to run the tests on infrastructure machines depending on configuration with test inputs file in TestNG format. Connected in master-slave architecture, it runs tests in parallel or serial mode on a single host or multiple host.

This user-interface disseminates tests to slave machines of different OS, platform version, and browser versions; then, the results are aggregated in xml format in serial fashion.

4.1. Experimental Results

To experiment and validate the results of automation framework, the user-interface tests are chosen. Generally, the tests are often categorized into back-end tests, database tests, application programming interface tests, and user-interface tests.

The user-interface tests demand different browsers and operating systems and considered to be the most complex due to permutations and combinations of browsers, operating system support, requirement for pre- and postconfiguration of virtual machines, and runtime environment.

Execution of this tests demands careful selection of target machine configuration, and execution takes longer time compared to other tests. The execution time growth was almost linear with number of test cases. The performance measure of a single client machine running all the test case is shown in Figure 2.

When 70 tests cases are executed in a single machine, it took 112 minutes and when the test cases was increased to 200 and 300, it took 458 minutes and 503 minutes, respectively, as shown in Table 1. The speed of execution can increase by adding more number of tests machines as the cloud environment supports easy scalability.

Figure 2 shows the results of Selenium grid-hub environment in master-slave architecture with multiple registered client machines.

One of the host has selenium grid-hub software installed which acts like master and other hosts have slave configuration which register with master for jobs execution.

We could observe from the graph that the time consumed decreased with increasing the number of virtual machines.

For example, the execution time for 200 test cases costs 458 minutes and when the slave machines or test machines are increased to 20 as shown in Table 2, it took 22 minutes to run the same number of test cases; further, the time reduced to 12 minutes when the slave machines are increased to 30 numbers.

4.2. Discussion

We observed that the proposed system provided with sufficient test virtual machines could run any number of test cases. Further we found (after 800 test cases) that framework designed was stable and able to distribute the test across heterogeneous work environment. Running test automation jobs on a cloud ease scaling based on project requirement.

Recent automation tools like Puppet, Chef help in automation of virtual machine deployment and configuration and can be integrated into the process to improve the efficiency further.

5. To Improve Security in Jobs Execution Platform

We need to ensure security and data confidentiality in automation jobs execution platform (JEP). CSP has large pool of resources (machines) which the user can use to run on JEPs. The type of jobs or test cases depends on the CSP and users.

5.1. Technical Architecture of the System

The job configuration file consists of two parts: job parameters and job configurations.

The job parameters consist of job-name, run-schedule, start-at, and recurring-job which have permissions READ-EXECUTE for normal users and administrator has READ-WRITE-EXECUTE permission. The job configuration includes programming commands, and it processes on data. It can be of any type such as a software program for data analytics operations or script of security forensic tool. The job information comprises of Db_column_list, and Db_result_column is also part of job configuration file.

The JEP computes the data as per the job configuration, and the results are stored back in the database repository.

Using the ID-PKC encryption algorithm, the job configuration file is encrypted using identity information, security identifiers, and access structure as inputs.

The jobs execution platform retrieves the job file from the database and checks for user signature. If the user signature is verified using a public key component, the secret key is validated. If the verification is successful, then the corresponding job file is obtained. From the obtained job file, the corresponding JEP finds the operations to be carried out and fetch the relevant data from the underlying database, and the computation is done accordingly.

It has become common for cloud computing to incorporate platforms for developing and executing bespoke applications, a notion referred to as “platform as a service” (or PaaS). This strategy might be seen of as the next step beyond the SaaS model, where on-demand distribution includes not just the particular piece of software that is needed but also the customers’ operating system and browser. When it comes to running apps over the Internet, PaaS offers the whole infrastructure required. When it comes to delivery, it is similar to that of a utility like electricity or water.

Users just “tap in” and take what they need; all of the complexity are concealed behind the scenes of the application. As with any utility model, PaaS is based on metering or subscriptions; so, customers only pay for what they use. The delivery channel in this model is the “Cloud,” as is the case with any other utility model.

5.2. Example Policy Settings
5.2.1. Policy String Protecting Job Metadata

5.2.2. Policy String Protecting the Job Script Contents

There are new automated test methods for cloud interoperability. Because both cloud and SaaS apps provide connection protocols and APIs, test engineers should ensure the interoperability quality of cloud applications.

The data required for job execution is fetched from underlying data repository and processed.

The results from the processed job operations are encrypted and delivered in the user site. The results arrived at the user site is then decrypted using specific secret key, public parameters, and policy string by the decryption algorithm. In this methodology, we concentrated only the time spends on cryptographic techniques for various job executions. This paper does not considered the time spends on data computation before encryption and decryption techniques. Here, the proposed security framework, ID-PKC algorithms, namely, Boneh-Boyen [7] and Bethencourt, Waters, and Sahai [9] model, is evaluated for implementing access control. We used network telemetry dataset of size 2,000 to 20,000 records, and bilinear pairings are generated using MNT159 asymmetric curves. Data encryption [13] includes ciphering the job configuration file and the actual network telemetry as shown in Figure 3.

Data encryption task using BB scheme has consumed more time when compared to the BSW scheme, and this is due to the fact that earlier scheme requires one pairing operation in addition [36].

For example, to execute 11000 NetFlow records, BB scheme took 0.72 seconds, whereas the BSW took only 0.4 second.

Decryption task involves CEK key decryption and later, a symmetric key algorithm for actual content decryption, and took same time for both the schemes as shown in Figure 4.

Cloud engineers will be unable to construct a cost-effective cloud test environment with the existing cloud technology since there are no supporting solutions available for it. The results of a study conducted by Gao and colleagues revealed that many of the published articles have explored performance testing and solutions.

In terms of scalability and performance testing, they are only concerned with metrics and methods for evaluating scalability in parallel and distributed systems. In the present state of metrics development, frameworks, and solutions, aspects such as dynamic scalability are not supported.

Regression testing is complicated by software problems and bug fixes, which creates issues and obstacles for regression testing. The cloud testing services that are available on demand should be able to solve a wide range of difficulties and concerns.

Providing suitable test models and criteria for cloud testing, test engineers should be supplied with adequate test models and criteria that are effective in cloud computing.

Continuous validation and regression testing solution are as follows: if software has been modified as a result of bug fixes or feature updates, test engineers must offer automated retesting methodologies that handle the multitenancy aspect of cloud computing environments.

Test engineers should ensure the interoperability quality of cloud applications since both cloud and SaaS apps provide connection protocols and APIs. There are new automated test solutions for cloud interoperability.

6. Conclusion

Fast software product development demands flexible infrastructure. The elasticity provided by cloud environment can be leveraged to build such products. The existing cloud environment should be equipped with automation of build and test environments to develop swift products. Security is paramount when it comes to cloud and data computations. This methodology is targeted in proposing a scheme for the secure cloud environment.

This method discussed the need of data encryption while accessing public cloud services such as auditing, computation, and security forensics. This work also highlighted importance of secure SDLC for scalable test automation framework build on top of the cloud environment.

Functional testing makes extensive use of hardware and software to replicate human activities, and it is becoming more sophisticated. When compared to functional testing, nonfunctional testing allows for the measurement and association of the testing of nonfunctional characteristics of software systems. Few benefits and testing issues associated with cloud computing have been recognized so far, according to experts. Testing is a recurring operation, and for each project, new requirements must be defined and documented.

Data Availability

The data that support the findings of this study are available on request from the corresponding author.

Conflicts of Interest

All authors declared that they do not have any conflict of interest.