Threat Modeling the Cloud: An Ontology Based Approach

The work described in this website has been conducted within the project NeCS. This project has received funding from the European Union’s Horizon 2020 (H2020) research and innovation programme under the Grant Agreement no 675320. This website and the content displayed in it do not represent the opinion of the European Union, and the European Union is not responsible for any use that might be made of its content.

Author (ESR): 
Salman Manzoor (Technische Universitaet Darmstadt)
Authors: 
Tsvetoslava Vateva-Gurova
Ruben Trapero
Neeraj Suri

In this paper, we have explored the relation among different actors involved in the Cloud ecosystem to develop an ontology. This ontology is further mapped to a design structure matrix for evaluating threats from varied actors’ perspectives. Our DSM-based threat analysis can be utilized to identify the most critical/influential as well as least critical/influential actor in the Cloud. However, our DSM-based approach is flexible and thus, it can be used to reveal other critical information such as classifying vulnerabilities that achieve a common goal. We believe that by systematically identifying the Cloud vulnerabilities, the CI based on using the Cloud can consequentially be better protected.

Venue: 
IOSec 2018