Home > Research > Publications & Outputs > Threat Modeling the Cloud

Links

Text available via DOI:

View graph of relations

Threat Modeling the Cloud: An Ontology Based Approach

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published
Close
Publication date30/01/2019
Host publicationIOSec 2018: Information and Operational Technology Security Systems
EditorsA. Fournaris, K. Lampropoulos, E. Marin Tordera
Place of PublicationCham
PublisherSpringer-Verlag
Pages61-72
Number of pages12
ISBN (electronic)9783030120856
ISBN (print)9783030120849
<mark>Original language</mark>English

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume11398
ISSN (Print)0302-9743

Abstract

Critical Infrastructures (CIs) such as e-commerce, energy, transportation, defense, monitoring etc., form the basis of the modern ICT society, and these CI’s increasingly utilize ICT services such as the Cloud to provide for scalable, robust and cost-efficient services. Consequently, the resilience of the CI is directly connected with the resilience of the underlying Cloud infrastructure. However, performing a Cloud threat analysis (TA) is a challenging task given the complex interconnection of underlying computing and communication services. Thus, the need is of a comprehensive TA approach that can holistically analyze the relation across system level requirements and Cloud vulnerabilities. We target achieving such a requirement based threat analysis by developing an ontology depicting the relations among actors involved in the Cloud ecosystem. The ontology comprehensively covers requirement specifications, interaction among the Cloud services and vulnerabilities violating the requirements. By mapping the ontology to a design structure matrix, our approach obtains security assessments from varied actor perspectives. We demonstrate the effectiveness of our approach by assessing the security of OpenStack, an open source Cloud platform, covering user requirements and services involved in Cloud operations.