Defining the cloud battlefield - supporting security assessments by cloud customers

Sören Bleikertz, Toni Mastelic, Sebastian Pape, Wolter Pieters, T. Dimkov

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    9 Citations (Scopus)

    Abstract

    Cloud computing is becoming more and more popular, but security concerns overshadow its technical and economic benefits. In particular, insider attacks and malicious insiders are considered as one of the major threats and risks in cloud computing. As physical boundaries disappear and a variety of parties are involved in cloud services, it is becoming harder to define a security perimeter that divides insiders from outsiders, therefore making security assessments by cloud customers more difficult. In this paper, we propose a model that combines a comprehensive system model of infrastructure clouds with a security model that captures security requirements of cloud customers as well as characteristics of attackers. This combination provides a powerful tool for systematically analyzing attacks in cloud environments, supporting cloud customers in their security assessment by providing a better understanding of existing attacks and threats. Furthermore, we use the model to construct "what-if" scenarios that could possible lead to new attacks and to raise concerns about unknown threats among cloud customers.
    Original languageUndefined
    Title of host publicationInternational Conference on Cloud Engineering (IC2E 2013)
    Place of PublicationPiscataway, New Jersey
    PublisherIEEE Computer Society
    Pages78-87
    Number of pages10
    ISBN (Print)978-1-4673-6473-7
    DOIs
    Publication statusPublished - Mar 2013
    EventInternational Conference on Cloud Engineering, IC2E 2013 - Redwood City, CA, USA
    Duration: 25 Mar 201327 Mar 2013

    Publication series

    Name
    PublisherIEEE Computer Society

    Conference

    ConferenceInternational Conference on Cloud Engineering, IC2E 2013
    Period25/03/1327/03/13
    Other25-27 March 2013

    Keywords

    • EWI-24074
    • SCS-Cybersecurity
    • EC Grant Agreement nr.: FP7/2007-2013
    • METIS-302561
    • EC Grant Agreement nr.: FP7/257243
    • EC Grant Agreement nr.: FP7/318003
    • IR-88139
    • EC Grant Agreement nr.: FP7/261696

    Cite this