Generating Threat Profiles for Cloud Service Certification Systems

Cloud service certification aims at automatically validating whether a cloud service satisfies a predefined set of requirements. To that end, certification systems collect and evaluate sensitive data from various sources of a cloud service. At the same time, the certification system itself has to be...

Full description

Saved in:
Bibliographic Details
Published in2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE) pp. 260 - 267
Main Authors Stephanow, Philipp, Banse, Christian, Schutte, Julian
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.01.2016
Subjects
certification
Cloud computing
cloud services
Engines
Monitoring
Security
threat analysis
Time measurement
Virtual machining
Online AccessGet full text

Cover

More Information
Summary:Cloud service certification aims at automatically validating whether a cloud service satisfies a predefined set of requirements. To that end, certification systems collect and evaluate sensitive data from various sources of a cloud service. At the same time, the certification system itself has to be resilient to attacks to generate trustworthy statements about the cloud service. Thus system architects are faced with the task of assessing the trustworthiness of different certification system designs. To cope with that challenge, we propose a method to model different architecture variants of cloud service certification systems and analyze threats these systems face. By applying our method to a specific cloud service certification system, we show how threats to such systems can be derived in a standardized way that allows us to evaluate different architecture configurations.
ISSN:1530-2059
2640-7507
DOI:10.1109/HASE.2016.43