Talks and Poster Presentations (with Proceedings-Entry):
S. Bleikertz, T. Mastelic, S. Pape, W. Pieters, T. Dimkov:
"Defining the Cloud Battlefield - Supporting Security Assessments by Cloud Customers";
Talk: IEEE International Conference on Cloud Engineering, IC2E 2013,
San Francisco, California, USA;
03-25-2013
- 03-28-2013; in: "Proceedings of the IEEE International Conference on Cloud Engineering, IC2E 2013",
R. Campbell, H. Lei, V. Markl (ed.);
IEEE Computer Society,
(2013),
ISBN: 978-0-7695-4945-3;
78
- 87.
English abstract:
Cloud computing is becoming more and more popular,
but security concerns overshadow its technical and economic
benefits. In particular, insider attacks and malicious insiders
are considered as one of the major threats and risks in cloud
computing. As physical boundaries disappear and a variety of
parties are involved in cloud services, it is becoming harder to
define a security perimeter that divides insiders from outsiders,
therefore making security assessments by cloud customers more
difficult.
In this paper, we propose a model that combines a comprehensive
system model of infrastructure clouds with a security
model that captures security requirements of cloud customers as
well as characteristics of attackers. This combination provides
a powerful tool for systematically analyzing attacks in cloud
environments, supporting cloud customers in their security assessment
by providing a better understanding of existing attacks
and threats. Furthermore, we use the model to construct "whatif"
scenarios that could possible lead to new attacks and to raise
concerns about unknown threats among cloud customers.
"Official" electronic version of the publication (accessed through its Digital Object Identifier - DOI)
http://dx.doi.org/10.1109/IC2E.2013.31
Created from the Publication Database of the Vienna University of Technology.