EEMCS

Home > Publications
Home University of Twente
Education
Research
Prospective Students
Jobs
Publications
Intranet (internal)
 
 Nederlands
 Contact
 Search
 Organisation

EEMCS EPrints Service


24074 Defining the cloud battlefield - supporting security assessments by cloud customers
Home Policy Brochure Browse Search User Area Contact Help

Bleikertz, S. and Mastelic, T. and Pape, S. and Pieters, W. and Dimkov, T. (2013) Defining the cloud battlefield - supporting security assessments by cloud customers. In: International Conference on Cloud Engineering (IC2E 2013), 25-27 Mar 2013 , Redwood City, CA . pp. 78-87. IEEE Computer Society. ISBN 978-1-4673-6473-7

Full text available as:

PDF
- Univ. of Twente only
582 Kb

Official URL: http://dx.doi.org/10.1109/IC2E.2013.31

Exported to Metis

Abstract

Cloud computing is becoming more and more popular, but security concerns overshadow its technical and economic benefits. In particular, insider attacks and malicious insiders are considered as one of the major threats and risks in cloud computing. As physical boundaries disappear and a variety of parties are involved in cloud services, it is becoming harder to define a security perimeter that divides insiders from outsiders, therefore making security assessments by cloud customers more difficult. In this paper, we propose a model that combines a comprehensive system model of infrastructure clouds with a security model that captures security requirements of cloud customers as well as characteristics of attackers. This combination provides a powerful tool for systematically analyzing attacks in cloud environments, supporting cloud customers in their security assessment by providing a better understanding of existing attacks and threats. Furthermore, we use the model to construct "what-if" scenarios that could possible lead to new attacks and to raise concerns about unknown threats among cloud customers.

Item Type:Conference or Workshop Paper (Full Paper, Talk)
Research Group:EWI-DIES: Distributed and Embedded Security
Research Program:UT-CST: Crime Science Twente, CTIT-ISTRICE: Integrated Security and Privacy in a Networked World
Research Project:TREsPASS: Technology-supported Risk Estimation By Predictive Assessment Of Socio-technical Security
Additional Information:Foreground = 10%; Type of activity = Conference; Main leader = IBM; Type of audience = scientific community; Size of audience = 30; Countries addressed = international;
ID Code:24074
Status:Published
Deposited On:11 December 2013
Refereed:Yes
International:Yes
More Information:statisticsmetis

Export this item as:

To request a copy of the PDF please email us request copy

To correct this item please ask your editor

Repository Staff Only: edit this item