research-article

Cloud risk analysis by textual models

Authors:

Michael Felderer,

Ruth BreuAuthors Info & Claims

MDHPCL '12: Proceedings of the 1st International Workshop on Model-Driven Engineering for High Performance and CLoud computing

Article No.: 5, Pages 1 - 6

https://doi.org/10.1145/2446224.2446229

Published: 02 October 2012 Publication History

Abstract

The development of secure software systems strongly relies on the availability of a known risk profile. In cloud computing, such a known risk profile does not exist yet, resulting in highly insecure cloud deployments. In our paper we propose a textual modeling language for cloud deployments making it possible to derive a risk profile using a risk analysis, based on stable model semantics.

References

[1]

DLV. http://www.dlvsystem.com/dlvsystem/index.php/Home {accessed: Sept. 12, 2012}.

[2]

Eclipse Framework. http://www.eclipse.org/ {accessed: Sept 12, 2012}.

[3]

XPand. http://www.eclipse.org/Xtext/ {accessed: Sept. 12, 2012}.

[4]

Xtext. http://www.eclipse.org/modeling/m2t/?project=xpand {accessed: Sept. 12, 2012}.

[5]

G. Brewka, T. Eiter, and M. Truszczyński. Answer set programming at a glance. Communications of the ACM, 54(12): 92--103, 2011.

Digital Library

[6]

CSA. Top Threats to Cloud computing, v1.0, 2010.

[7]

M. Felderer, B. Agreiter, P. Zech, and R. Breu. A classification for model-based security testing. In The Third International Conference on Advances in System Testing and Validation Lifecycle(VALID 2011), pages 109--114, 2011.

[8]

I. T. Foster and C. Kesselman. The Grid: Blueprint for a new computing infrastructure. Morgan Kaufmann Publishers, 1999.

Digital Library

[9]

M. Gelfond and V. Lifschitz. The stable model semantics for logic programming. In Proceedings of the 5th International Conference on Logic programming, volume 161, 1988.

[10]

P. Institute. Security of Cloud Computing, Provider Study, 2011.

[11]

S. Jajodia, S. Noel, and B. OŠBerry. Topological analysis of network attack vulnerability. Managing Cyber Threats, pages 247--266, 2005.

[12]

B. Karabacak and I. Sogukpinar. Isram: information security risk analysis method. Computers & Security, 24(2): 147--159, 2005.

Digital Library

[13]

R. Lewis and C. Roberts. Using non-monotonic reasoning to manage uncertainty in railway asset diagnostics. Expert Systems with Applications, 37(5): 3616--3623, 2010.

Digital Library

[14]

V. Lifschitz. Answer set programming and plan generation. Artificial Intelligence, 138(1): 39--54, 2002.

Digital Library

[15]

R. Lippmann, K. Ingols, C. Scott, K. Piwowarski, K. Kratkiewicz, M. Artz, and R. Cunningham. Validating and restoring defense in depth using attack graphs. In Military Communications Conference, 2006. MILCOM 2006. IEEE, pages 1--10. Ieee, 2006.

Digital Library

[16]

J. Lloyd. Foundations of Logic Programmin ~. Berlin: Springer-Verlag, 1987.

Digital Library

[17]

MITRE. Common Vulnerabilities and Exposures. https://cve.mitre.org/ {accessed: June 27, 2012}.

[18]

M. Nogueira, M. Balduccini, M. Gelfond, R. Watson, and M. Barry. An a-prolog decision support system for the space shuttle. Practical Aspects of Declarative Languages, pages 169--183, 2001.

Digital Library

[19]

OMG. OMG Unified Modeling Language (OMG UML), Infrastructure, v2.4.1, 2011.

[20]

OMG. OMG Unified Modeling Language (OMG UML), Superstructure, v2.4.1, 2011.

[21]

S. Roschke, F. Cheng, R. Schuppenies, and C. Meinel. Towards unifying vulnerability information for attack graph construction. Information Security, pages 218--233, 2009.

Digital Library

Cited By

Zech PFelderer MBreu R(2019)Knowledge-based security testing of web applications by logic programmingInternational Journal on Software Tools for Technology Transfer (STTT)10.1007/s10009-017-0472-321:2(221-246)Online publication date: 17-May-2019
https://dl.acm.org/doi/10.1007/s10009-017-0472-3
Al-Rousan T(2015)Cloud Computing for Global Software DevelopmentInternational Journal of Cloud Applications and Computing10.4018/ijcac.20150101055:1(58-68)Online publication date: 1-Jan-2015
https://dl.acm.org/doi/10.4018/ijcac.2015010105
Alturkistani FEmam A(2014)A Review of Security Risk Assessment Methods in Cloud ComputingNew Perspectives in Information Systems and Technologies, Volume 110.1007/978-3-319-05951-8_42(443-453)Online publication date: 2014
https://doi.org/10.1007/978-3-319-05951-8_42
Show More Cited By

Index Terms

Cloud risk analysis by textual models
1. Computer systems organization

Recommendations

A Cloud Adoption Risk Assessment Model
UCC '14: Proceedings of the 2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing

Cloud Adoption Risk Assessment Model is designed for cloud customers to assess the risks that they face by selecting a specific cloud service provider. It is an expert system to evaluate various background information obtained from cloud customers, ...
Cloud computing

Cloud computing has gained vast attention due to its technological advancement and availability. Possible benefits of adopting cloud computing in organizations are ease-of-use, convenience, on-demand access, flexibility, and least management from the ...
Security risk analysis of IaaS based on the abstract state machine model

In order to handle the problem of a lack of formal modelling for the IaaS and its validation, this paper focuses on the interactions between internal components triggered by user behaviour, modelling the IaaS service as the interactions between the users ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

MDHPCL '12: Proceedings of the 1st International Workshop on Model-Driven Engineering for High Performance and CLoud computing

October 2012

42 pages

ISBN:9781450318105

DOI:10.1145/2446224

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 October 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

QE LaB - Living Models for Open Systems (FFG 822740)
Austrian Science Fund

Conference

MODELS '12

Sponsor:

SIGSOFT

MODELS '12: ACM/IEEE 15th International Conference on Model Driven Engineering Languages and Systems

October 2, 2012

Innsbruck, Austria

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
226
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zech PFelderer MBreu R(2019)Knowledge-based security testing of web applications by logic programmingInternational Journal on Software Tools for Technology Transfer (STTT)10.1007/s10009-017-0472-321:2(221-246)Online publication date: 17-May-2019
https://dl.acm.org/doi/10.1007/s10009-017-0472-3
Al-Rousan T(2015)Cloud Computing for Global Software DevelopmentInternational Journal of Cloud Applications and Computing10.4018/ijcac.20150101055:1(58-68)Online publication date: 1-Jan-2015
https://dl.acm.org/doi/10.4018/ijcac.2015010105
Alturkistani FEmam A(2014)A Review of Security Risk Assessment Methods in Cloud ComputingNew Perspectives in Information Systems and Technologies, Volume 110.1007/978-3-319-05951-8_42(443-453)Online publication date: 2014
https://doi.org/10.1007/978-3-319-05951-8_42
Zech PFelderer MFarwick MBreu R(2013)A Concept for Language-Oriented Security TestingProceedings of the 2013 IEEE Seventh International Conference on Software Security and Reliability Companion10.1109/SERE-C.2013.16(53-62)Online publication date: 18-Jun-2013
https://dl.acm.org/doi/10.1109/SERE-C.2013.16
Draheim D(2012)CASE 2.0Proceedings of the 1st International Workshop on Model-Driven Engineering for High Performance and CLoud computing10.1145/2446224.2446226(1-6)Online publication date: 2-Oct-2012
https://dl.acm.org/doi/10.1145/2446224.2446226

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents