Standard
Threat Modeling the Cloud: An Ontology Based Approach. / Manzoor, S.; Vateva-Gurova, T.; Trapero, R. et al.
IOSec 2018: Information and Operational Technology Security Systems . ed. / A. Fournaris; K. Lampropoulos; E. Marin Tordera. Cham: Springer-Verlag, 2019. p. 61-72 (Lecture Notes in Computer Science; Vol. 11398).
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Harvard
Manzoor, S, Vateva-Gurova, T, Trapero, R
& Suri, N 2019,
Threat Modeling the Cloud: An Ontology Based Approach. in A Fournaris, K Lampropoulos & E Marin Tordera (eds),
IOSec 2018: Information and Operational Technology Security Systems . Lecture Notes in Computer Science, vol. 11398, Springer-Verlag, Cham, pp. 61-72.
https://doi.org/10.1007/978-3-030-12085-6_6
APA
Manzoor, S., Vateva-Gurova, T., Trapero, R.
, & Suri, N. (2019).
Threat Modeling the Cloud: An Ontology Based Approach. In A. Fournaris, K. Lampropoulos, & E. Marin Tordera (Eds.),
IOSec 2018: Information and Operational Technology Security Systems (pp. 61-72). (Lecture Notes in Computer Science; Vol. 11398). Springer-Verlag.
https://doi.org/10.1007/978-3-030-12085-6_6
Vancouver
Manzoor S, Vateva-Gurova T, Trapero R
, Suri N.
Threat Modeling the Cloud: An Ontology Based Approach. In Fournaris A, Lampropoulos K, Marin Tordera E, editors, IOSec 2018: Information and Operational Technology Security Systems . Cham: Springer-Verlag. 2019. p. 61-72. (Lecture Notes in Computer Science). doi: 10.1007/978-3-030-12085-6_6
Author
Manzoor, S. ; Vateva-Gurova, T. ; Trapero, R. et al. /
Threat Modeling the Cloud : An Ontology Based Approach. IOSec 2018: Information and Operational Technology Security Systems . editor / A. Fournaris ; K. Lampropoulos ; E. Marin Tordera. Cham : Springer-Verlag, 2019. pp. 61-72 (Lecture Notes in Computer Science).
Bibtex
@inproceedings{c644aa8b2302489c899f0b70355b27e2,
title = "Threat Modeling the Cloud: An Ontology Based Approach",
abstract = "Critical Infrastructures (CIs) such as e-commerce, energy, transportation, defense, monitoring etc., form the basis of the modern ICT society, and these CI{\textquoteright}s increasingly utilize ICT services such as the Cloud to provide for scalable, robust and cost-efficient services. Consequently, the resilience of the CI is directly connected with the resilience of the underlying Cloud infrastructure. However, performing a Cloud threat analysis (TA) is a challenging task given the complex interconnection of underlying computing and communication services. Thus, the need is of a comprehensive TA approach that can holistically analyze the relation across system level requirements and Cloud vulnerabilities. We target achieving such a requirement based threat analysis by developing an ontology depicting the relations among actors involved in the Cloud ecosystem. The ontology comprehensively covers requirement specifications, interaction among the Cloud services and vulnerabilities violating the requirements. By mapping the ontology to a design structure matrix, our approach obtains security assessments from varied actor perspectives. We demonstrate the effectiveness of our approach by assessing the security of OpenStack, an open source Cloud platform, covering user requirements and services involved in Cloud operations.",
keywords = "Security systems, Cloud infrastructures, Communication service, Design Structure Matrices, Requirement specification, Security assessment, System-level requirements, Threat modeling, User requirements, Ontology",
author = "S. Manzoor and T. Vateva-Gurova and R. Trapero and Neeraj Suri",
year = "2019",
month = jan,
day = "30",
doi = "10.1007/978-3-030-12085-6_6",
language = "English",
isbn = "9783030120849 ",
series = "Lecture Notes in Computer Science",
publisher = "Springer-Verlag",
pages = "61--72",
editor = "A. Fournaris and K. Lampropoulos and {Marin Tordera}, E.",
booktitle = "IOSec 2018",
}
RIS
TY - GEN
T1 - Threat Modeling the Cloud
T2 - An Ontology Based Approach
AU - Manzoor, S.
AU - Vateva-Gurova, T.
AU - Trapero, R.
AU - Suri, Neeraj
PY - 2019/1/30
Y1 - 2019/1/30
N2 - Critical Infrastructures (CIs) such as e-commerce, energy, transportation, defense, monitoring etc., form the basis of the modern ICT society, and these CI’s increasingly utilize ICT services such as the Cloud to provide for scalable, robust and cost-efficient services. Consequently, the resilience of the CI is directly connected with the resilience of the underlying Cloud infrastructure. However, performing a Cloud threat analysis (TA) is a challenging task given the complex interconnection of underlying computing and communication services. Thus, the need is of a comprehensive TA approach that can holistically analyze the relation across system level requirements and Cloud vulnerabilities. We target achieving such a requirement based threat analysis by developing an ontology depicting the relations among actors involved in the Cloud ecosystem. The ontology comprehensively covers requirement specifications, interaction among the Cloud services and vulnerabilities violating the requirements. By mapping the ontology to a design structure matrix, our approach obtains security assessments from varied actor perspectives. We demonstrate the effectiveness of our approach by assessing the security of OpenStack, an open source Cloud platform, covering user requirements and services involved in Cloud operations.
AB - Critical Infrastructures (CIs) such as e-commerce, energy, transportation, defense, monitoring etc., form the basis of the modern ICT society, and these CI’s increasingly utilize ICT services such as the Cloud to provide for scalable, robust and cost-efficient services. Consequently, the resilience of the CI is directly connected with the resilience of the underlying Cloud infrastructure. However, performing a Cloud threat analysis (TA) is a challenging task given the complex interconnection of underlying computing and communication services. Thus, the need is of a comprehensive TA approach that can holistically analyze the relation across system level requirements and Cloud vulnerabilities. We target achieving such a requirement based threat analysis by developing an ontology depicting the relations among actors involved in the Cloud ecosystem. The ontology comprehensively covers requirement specifications, interaction among the Cloud services and vulnerabilities violating the requirements. By mapping the ontology to a design structure matrix, our approach obtains security assessments from varied actor perspectives. We demonstrate the effectiveness of our approach by assessing the security of OpenStack, an open source Cloud platform, covering user requirements and services involved in Cloud operations.
KW - Security systems
KW - Cloud infrastructures
KW - Communication service
KW - Design Structure Matrices
KW - Requirement specification
KW - Security assessment
KW - System-level requirements
KW - Threat modeling
KW - User requirements
KW - Ontology
U2 - 10.1007/978-3-030-12085-6_6
DO - 10.1007/978-3-030-12085-6_6
M3 - Conference contribution/Paper
SN - 9783030120849
T3 - Lecture Notes in Computer Science
SP - 61
EP - 72
BT - IOSec 2018
A2 - Fournaris, A.
A2 - Lampropoulos, K.
A2 - Marin Tordera, E.
PB - Springer-Verlag
CY - Cham
ER -