Home > Research > Publications & Outputs > Threat Modeling the Cloud

Links

Text available via DOI:

View graph of relations

Threat Modeling the Cloud: An Ontology Based Approach

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published

Standard

Threat Modeling the Cloud: An Ontology Based Approach. / Manzoor, S.; Vateva-Gurova, T.; Trapero, R. et al.
IOSec 2018: Information and Operational Technology Security Systems . ed. / A. Fournaris; K. Lampropoulos; E. Marin Tordera. Cham: Springer-Verlag, 2019. p. 61-72 (Lecture Notes in Computer Science; Vol. 11398).

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Harvard

Manzoor, S, Vateva-Gurova, T, Trapero, R & Suri, N 2019, Threat Modeling the Cloud: An Ontology Based Approach. in A Fournaris, K Lampropoulos & E Marin Tordera (eds), IOSec 2018: Information and Operational Technology Security Systems . Lecture Notes in Computer Science, vol. 11398, Springer-Verlag, Cham, pp. 61-72. https://doi.org/10.1007/978-3-030-12085-6_6

APA

Manzoor, S., Vateva-Gurova, T., Trapero, R., & Suri, N. (2019). Threat Modeling the Cloud: An Ontology Based Approach. In A. Fournaris, K. Lampropoulos, & E. Marin Tordera (Eds.), IOSec 2018: Information and Operational Technology Security Systems (pp. 61-72). (Lecture Notes in Computer Science; Vol. 11398). Springer-Verlag. https://doi.org/10.1007/978-3-030-12085-6_6

Vancouver

Manzoor S, Vateva-Gurova T, Trapero R, Suri N. Threat Modeling the Cloud: An Ontology Based Approach. In Fournaris A, Lampropoulos K, Marin Tordera E, editors, IOSec 2018: Information and Operational Technology Security Systems . Cham: Springer-Verlag. 2019. p. 61-72. (Lecture Notes in Computer Science). doi: 10.1007/978-3-030-12085-6_6

Author

Manzoor, S. ; Vateva-Gurova, T. ; Trapero, R. et al. / Threat Modeling the Cloud : An Ontology Based Approach. IOSec 2018: Information and Operational Technology Security Systems . editor / A. Fournaris ; K. Lampropoulos ; E. Marin Tordera. Cham : Springer-Verlag, 2019. pp. 61-72 (Lecture Notes in Computer Science).

Bibtex

@inproceedings{c644aa8b2302489c899f0b70355b27e2,
title = "Threat Modeling the Cloud: An Ontology Based Approach",
abstract = "Critical Infrastructures (CIs) such as e-commerce, energy, transportation, defense, monitoring etc., form the basis of the modern ICT society, and these CI{\textquoteright}s increasingly utilize ICT services such as the Cloud to provide for scalable, robust and cost-efficient services. Consequently, the resilience of the CI is directly connected with the resilience of the underlying Cloud infrastructure. However, performing a Cloud threat analysis (TA) is a challenging task given the complex interconnection of underlying computing and communication services. Thus, the need is of a comprehensive TA approach that can holistically analyze the relation across system level requirements and Cloud vulnerabilities. We target achieving such a requirement based threat analysis by developing an ontology depicting the relations among actors involved in the Cloud ecosystem. The ontology comprehensively covers requirement specifications, interaction among the Cloud services and vulnerabilities violating the requirements. By mapping the ontology to a design structure matrix, our approach obtains security assessments from varied actor perspectives. We demonstrate the effectiveness of our approach by assessing the security of OpenStack, an open source Cloud platform, covering user requirements and services involved in Cloud operations.",
keywords = "Security systems, Cloud infrastructures, Communication service, Design Structure Matrices, Requirement specification, Security assessment, System-level requirements, Threat modeling, User requirements, Ontology",
author = "S. Manzoor and T. Vateva-Gurova and R. Trapero and Neeraj Suri",
year = "2019",
month = jan,
day = "30",
doi = "10.1007/978-3-030-12085-6_6",
language = "English",
isbn = "9783030120849 ",
series = "Lecture Notes in Computer Science",
publisher = "Springer-Verlag",
pages = "61--72",
editor = "A. Fournaris and K. Lampropoulos and {Marin Tordera}, E.",
booktitle = "IOSec 2018",

}

RIS

TY - GEN

T1 - Threat Modeling the Cloud

T2 - An Ontology Based Approach

AU - Manzoor, S.

AU - Vateva-Gurova, T.

AU - Trapero, R.

AU - Suri, Neeraj

PY - 2019/1/30

Y1 - 2019/1/30

N2 - Critical Infrastructures (CIs) such as e-commerce, energy, transportation, defense, monitoring etc., form the basis of the modern ICT society, and these CI’s increasingly utilize ICT services such as the Cloud to provide for scalable, robust and cost-efficient services. Consequently, the resilience of the CI is directly connected with the resilience of the underlying Cloud infrastructure. However, performing a Cloud threat analysis (TA) is a challenging task given the complex interconnection of underlying computing and communication services. Thus, the need is of a comprehensive TA approach that can holistically analyze the relation across system level requirements and Cloud vulnerabilities. We target achieving such a requirement based threat analysis by developing an ontology depicting the relations among actors involved in the Cloud ecosystem. The ontology comprehensively covers requirement specifications, interaction among the Cloud services and vulnerabilities violating the requirements. By mapping the ontology to a design structure matrix, our approach obtains security assessments from varied actor perspectives. We demonstrate the effectiveness of our approach by assessing the security of OpenStack, an open source Cloud platform, covering user requirements and services involved in Cloud operations.

AB - Critical Infrastructures (CIs) such as e-commerce, energy, transportation, defense, monitoring etc., form the basis of the modern ICT society, and these CI’s increasingly utilize ICT services such as the Cloud to provide for scalable, robust and cost-efficient services. Consequently, the resilience of the CI is directly connected with the resilience of the underlying Cloud infrastructure. However, performing a Cloud threat analysis (TA) is a challenging task given the complex interconnection of underlying computing and communication services. Thus, the need is of a comprehensive TA approach that can holistically analyze the relation across system level requirements and Cloud vulnerabilities. We target achieving such a requirement based threat analysis by developing an ontology depicting the relations among actors involved in the Cloud ecosystem. The ontology comprehensively covers requirement specifications, interaction among the Cloud services and vulnerabilities violating the requirements. By mapping the ontology to a design structure matrix, our approach obtains security assessments from varied actor perspectives. We demonstrate the effectiveness of our approach by assessing the security of OpenStack, an open source Cloud platform, covering user requirements and services involved in Cloud operations.

KW - Security systems

KW - Cloud infrastructures

KW - Communication service

KW - Design Structure Matrices

KW - Requirement specification

KW - Security assessment

KW - System-level requirements

KW - Threat modeling

KW - User requirements

KW - Ontology

U2 - 10.1007/978-3-030-12085-6_6

DO - 10.1007/978-3-030-12085-6_6

M3 - Conference contribution/Paper

SN - 9783030120849

T3 - Lecture Notes in Computer Science

SP - 61

EP - 72

BT - IOSec 2018

A2 - Fournaris, A.

A2 - Lampropoulos, K.

A2 - Marin Tordera, E.

PB - Springer-Verlag

CY - Cham

ER -