Defining the cloud battlefield - supporting security assessments by cloud customers

Sören Bleikertz; Toni Mastelic; Sebastian Pape; Wolter Pieters; T. Dimkov

doi:10.1109/IC2E.2013.31

Defining the cloud battlefield - supporting security assessments by cloud customers

Sören Bleikertz, Toni Mastelic, Sebastian Pape, Wolter Pieters, T. Dimkov

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

9 Citations (Scopus)

1 Downloads (Pure)

Abstract

Cloud computing is becoming more and more popular, but security concerns overshadow its technical and economic benefits. In particular, insider attacks and malicious insiders are considered as one of the major threats and risks in cloud computing. As physical boundaries disappear and a variety of parties are involved in cloud services, it is becoming harder to define a security perimeter that divides insiders from outsiders, therefore making security assessments by cloud customers more difficult. In this paper, we propose a model that combines a comprehensive system model of infrastructure clouds with a security model that captures security requirements of cloud customers as well as characteristics of attackers. This combination provides a powerful tool for systematically analyzing attacks in cloud environments, supporting cloud customers in their security assessment by providing a better understanding of existing attacks and threats. Furthermore, we use the model to construct "what-if" scenarios that could possible lead to new attacks and to raise concerns about unknown threats among cloud customers.

Original language	Undefined
Title of host publication	International Conference on Cloud Engineering (IC2E 2013)
Place of Publication	Piscataway, New Jersey
Publisher	IEEE
Pages	78-87
Number of pages	10
ISBN (Print)	978-1-4673-6473-7
DOIs	https://doi.org/10.1109/IC2E.2013.31
Publication status	Published - Mar 2013
Event	International Conference on Cloud Engineering, IC2E 2013 - Redwood City, CA, USA Duration: 25 Mar 2013 → 27 Mar 2013

Publication series

Name
Publisher	IEEE Computer Society

Conference

Conference	International Conference on Cloud Engineering, IC2E 2013
Period	25/03/13 → 27/03/13
Other	25-27 March 2013

Keywords

EWI-24074
SCS-Cybersecurity
EC Grant Agreement nr.: FP7/2007-2013
METIS-302561
EC Grant Agreement nr.: FP7/257243
EC Grant Agreement nr.: FP7/318003
IR-88139
EC Grant Agreement nr.: FP7/261696

Access to Document

10.1109/IC2E.2013.31

http://eprints.eemcs.utwente.nl/secure2/24074/01/06529271.pdf

Cite this

@inproceedings{a2f0cb439a3749c89eb2f14a8ae8c3a0,

title = "Defining the cloud battlefield - supporting security assessments by cloud customers",

abstract = "Cloud computing is becoming more and more popular, but security concerns overshadow its technical and economic benefits. In particular, insider attacks and malicious insiders are considered as one of the major threats and risks in cloud computing. As physical boundaries disappear and a variety of parties are involved in cloud services, it is becoming harder to define a security perimeter that divides insiders from outsiders, therefore making security assessments by cloud customers more difficult. In this paper, we propose a model that combines a comprehensive system model of infrastructure clouds with a security model that captures security requirements of cloud customers as well as characteristics of attackers. This combination provides a powerful tool for systematically analyzing attacks in cloud environments, supporting cloud customers in their security assessment by providing a better understanding of existing attacks and threats. Furthermore, we use the model to construct {"}what-if{"} scenarios that could possible lead to new attacks and to raise concerns about unknown threats among cloud customers.",

keywords = "EWI-24074, SCS-Cybersecurity, EC Grant Agreement nr.: FP7/2007-2013, METIS-302561, EC Grant Agreement nr.: FP7/257243, EC Grant Agreement nr.: FP7/318003, IR-88139, EC Grant Agreement nr.: FP7/261696",

author = "S{\"o}ren Bleikertz and Toni Mastelic and Sebastian Pape and Wolter Pieters and T. Dimkov",

note = "Foreground = 10%; Type of activity = Conference; Main leader = IBM; Type of audience = scientific community; Size of audience = 30; Countries addressed = international;; International Conference on Cloud Engineering, IC2E 2013 ; Conference date: 25-03-2013 Through 27-03-2013",

year = "2013",

month = mar,

doi = "10.1109/IC2E.2013.31",

language = "Undefined",

isbn = "978-1-4673-6473-7",

publisher = "IEEE",

pages = "78--87",

booktitle = "International Conference on Cloud Engineering (IC2E 2013)",

address = "United States",

}

TY - GEN

T1 - Defining the cloud battlefield - supporting security assessments by cloud customers

AU - Bleikertz, Sören

AU - Mastelic, Toni

AU - Pape, Sebastian

AU - Pieters, Wolter

AU - Dimkov, T.

N1 - Foreground = 10%; Type of activity = Conference; Main leader = IBM; Type of audience = scientific community; Size of audience = 30; Countries addressed = international;

PY - 2013/3

Y1 - 2013/3

N2 - Cloud computing is becoming more and more popular, but security concerns overshadow its technical and economic benefits. In particular, insider attacks and malicious insiders are considered as one of the major threats and risks in cloud computing. As physical boundaries disappear and a variety of parties are involved in cloud services, it is becoming harder to define a security perimeter that divides insiders from outsiders, therefore making security assessments by cloud customers more difficult. In this paper, we propose a model that combines a comprehensive system model of infrastructure clouds with a security model that captures security requirements of cloud customers as well as characteristics of attackers. This combination provides a powerful tool for systematically analyzing attacks in cloud environments, supporting cloud customers in their security assessment by providing a better understanding of existing attacks and threats. Furthermore, we use the model to construct "what-if" scenarios that could possible lead to new attacks and to raise concerns about unknown threats among cloud customers.

AB - Cloud computing is becoming more and more popular, but security concerns overshadow its technical and economic benefits. In particular, insider attacks and malicious insiders are considered as one of the major threats and risks in cloud computing. As physical boundaries disappear and a variety of parties are involved in cloud services, it is becoming harder to define a security perimeter that divides insiders from outsiders, therefore making security assessments by cloud customers more difficult. In this paper, we propose a model that combines a comprehensive system model of infrastructure clouds with a security model that captures security requirements of cloud customers as well as characteristics of attackers. This combination provides a powerful tool for systematically analyzing attacks in cloud environments, supporting cloud customers in their security assessment by providing a better understanding of existing attacks and threats. Furthermore, we use the model to construct "what-if" scenarios that could possible lead to new attacks and to raise concerns about unknown threats among cloud customers.

KW - EWI-24074

KW - SCS-Cybersecurity

KW - EC Grant Agreement nr.: FP7/2007-2013

KW - METIS-302561

KW - EC Grant Agreement nr.: FP7/257243

KW - EC Grant Agreement nr.: FP7/318003

KW - IR-88139

KW - EC Grant Agreement nr.: FP7/261696

U2 - 10.1109/IC2E.2013.31

DO - 10.1109/IC2E.2013.31

M3 - Conference contribution

SN - 978-1-4673-6473-7

SP - 78

EP - 87

BT - International Conference on Cloud Engineering (IC2E 2013)

PB - IEEE

CY - Piscataway, New Jersey

T2 - International Conference on Cloud Engineering, IC2E 2013

Y2 - 25 March 2013 through 27 March 2013

ER -