Home > Research > Publications & Outputs > Threat Modeling the Cloud


Text available via DOI:

View graph of relations

Threat Modeling the Cloud: An Ontology Based Approach

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review



Critical Infrastructures (CIs) such as e-commerce, energy, transportation, defense, monitoring etc., form the basis of the modern ICT society, and these CI’s increasingly utilize ICT services such as the Cloud to provide for scalable, robust and cost-efficient services. Consequently, the resilience of the CI is directly connected with the resilience of the underlying Cloud infrastructure. However, performing a Cloud threat analysis (TA) is a challenging task given the complex interconnection of underlying computing and communication services. Thus, the need is of a comprehensive TA approach that can holistically analyze the relation across system level requirements and Cloud vulnerabilities. We target achieving such a requirement based threat analysis by developing an ontology depicting the relations among actors involved in the Cloud ecosystem. The ontology comprehensively covers requirement specifications, interaction among the Cloud services and vulnerabilities violating the requirements. By mapping the ontology to a design structure matrix, our approach obtains security assessments from varied actor perspectives. We demonstrate the effectiveness of our approach by assessing the security of OpenStack, an open source Cloud platform, covering user requirements and services involved in Cloud operations.