Threat Modeling the Cloud: An Ontology Based Approach

Author (ESR): 
Salman Manzoor (Technische Universitaet Darmstadt)
Tsvetoslava Vateva-Gurova
Ruben Trapero
Neeraj Suri

In this paper, we have explored the relation among different actors involved in the Cloud ecosystem to develop an ontology. This ontology is further mapped to a design structure matrix for evaluating threats from varied actors’ perspectives. Our DSM-based threat analysis can be utilized to identify the most critical/influential as well as least critical/influential actor in the Cloud. However, our DSM-based approach is flexible and thus, it can be used to reveal other critical information such as classifying vulnerabilities that achieve a common goal. We believe that by systematically identifying the Cloud vulnerabilities, the CI based on using the Cloud can consequentially be better protected.

IOSec 2018