Tool-based Risk Assessment of Cloud Infrastructures as Socio-Technical Systems

Michael Nidd, Marieta Georgieva Ivanova, Christian W. Probst, Axel Tanner

    Research output: Chapter in Book/Report/Conference proceedingChapterAcademicpeer-review

    2 Citations (Scopus)


    Assessing risk in cloud infrastructures is difficult. Typical cloud infrastructures contain potentially thousands of nodes that are highly interconnected and dynamic. Another important component is the set of human actors who get access to data and computing infrastructure. The cloud infrastructure therefore constitutes a socio-technical system. Attacks on socio-technical systems are still mostly identified through expert brainstorming. However, formal risk assessment for systems including human actors requires modeling human behavior, which is difficult at best. In this chapter, we present a modeling exercise for cloud infrastructures using the socio-technical model developed in the TRESPASS project; after showing how to model typical components of a cloud infrastructure, we show how attacks are identified on this model and discuss their connection to risk assessment. The technical part of the model is extracted automatically from the configuration of the cloud infrastructure, which is especially important for systems so dynamic and complex.
    Original languageEnglish
    Title of host publicationThe Cloud Security Ecosystem
    EditorsRyan Ko, Raymond Choo
    Place of PublicationAmsterdam
    Number of pages23
    ISBN (Print)978-0-12-801595-7
    Publication statusPublished - 3 Jun 2015


    • EC Grant Agreement nr.: FP7/2007-2013
    • EC Grant Agreement nr.: FP7/318003
    • System models
    • Risk assessment
    • Attack trees
    • Cloud computing

    Cite this