Threat Modeling the Cloud: An Ontology Based Approach

  • Salman ManzoorEmail author
  • Tsvetoslava Vateva-Gurova
  • Ruben Trapero
  • Neeraj Suri
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11398)


Critical Infrastructures (CIs) such as e-commerce, energy, transportation, defense, monitoring etc., form the basis of the modern ICT society, and these CI’s increasingly utilize ICT services such as the Cloud to provide for scalable, robust and cost-efficient services. Consequently, the resilience of the CI is directly connected with the resilience of the underlying Cloud infrastructure. However, performing a Cloud threat analysis (TA) is a challenging task given the complex interconnection of underlying computing and communication services. Thus, the need is of a comprehensive TA approach that can holistically analyze the relation across system level requirements and Cloud vulnerabilities.

We target achieving such a requirement based threat analysis by developing an ontology depicting the relations among actors involved in the Cloud ecosystem. The ontology comprehensively covers requirement specifications, interaction among the Cloud services and vulnerabilities violating the requirements. By mapping the ontology to a design structure matrix, our approach obtains security assessments from varied actor perspectives. We demonstrate the effectiveness of our approach by assessing the security of OpenStack, an open source Cloud platform, covering user requirements and services involved in Cloud operations.



Research supported in part by grants NECS GA# 675320 and CIPSEC GA# 700378.


  1. 1.
    NIST. National Vulnerability Database.
  2. 2.
    Eppinger, S., Browning, T.: Design Structure Matrix Methods and Applications. MIT Press, Cambridge (2012)CrossRefGoogle Scholar
  3. 3.
    Gebala, D., Eppinger, S.: Methods for analyzing design procedures. In: Proceedings of Design Theory and Methodology, pp. 227–233 (1991)Google Scholar
  4. 4.
    Hernan, S., Lambert, S., Ostwald, T., Shostack, A.: Uncover security design flaws using the STRIDE approach. MSDN Magazine (2006)Google Scholar
  5. 5.
    Hiller, M., Jhumka, A., Suri, N.: An approach for analysing the propagation of data errors in software. In: International Conference on Dependable Systems and Networks, DSN 2001, pp. 161–170. IEEE (2001)Google Scholar
  6. 6.
    Hiller, M., Jhumka, A., Suri, N.: EPIC: profiling the propagation and effect of data errors in software. IEEE Trans. Comput. 53(5), 512–530 (2004)CrossRefGoogle Scholar
  7. 7.
    Kamongi, P., et al.: VULCAN: vulnerability assessment framework for cloud computing. In: Proceedings of IEEE Software Security and Reliability (SERE), pp. 218–226 (2013)Google Scholar
  8. 8.
    Manzoor, S., Luna, J., Suri, N.: AttackDive: diving deep into the cloud ecosystem to explore attack surfaces. In: Proceedings of IEEE Services Computing (SCC), pp. 499–502 (2017)Google Scholar
  9. 9.
    Manzoor, S., Taha, A., Suri, N.: Trust validation of cloud IaaS: a customer-centric approach. In: Proceedings of IEEE Conference on Trust, Security and Privacy in Computing and Communications (Trustcom), pp. 97–104 (2016)Google Scholar
  10. 10.
    Milojičić, D., Llorente, I., Montero, R.: Opennebula: a cloud management tool. IEEE Internet Comput. 15, 11–14 (2011)CrossRefGoogle Scholar
  11. 11.
    Myagmar, S., Lee, A., Yurcik, W.: Threat modeling as a basis for security requirements. In: Symposium on Requirements Engineering for Information Security (SREIS), pp. 1–8 (2005)Google Scholar
  12. 12.
    Nurmi, D., et al.: The eucalyptus open-source cloud-computing system. In: Proceedings of Cluster Computing and the Grid (CCGRID), pp. 124–131 (2009)Google Scholar
  13. 13.
    Oladimeji, E., Supakkul, S., Chung, L.: Security threat modeling and analysis: a goal-oriented approach. In: Proceedings of IEEE International Conference on Software Engineering and Applications (IASTED), pp. 13–15 (2006)Google Scholar
  14. 14.
    Perez-Botero, D., et al.: Characterizing hypervisor vulnerabilities in cloud computing servers. In: Proceedings of the International Workshop on Security in Cloud Computing, pp. 3–10 (2013)Google Scholar
  15. 15.
    Sefraoui, O., Aissaoui, M., Eleuldj, M.: OpenStack: toward an open-source solution for cloud computing. Int. J. Comput. Appl. 55, 38–42 (2012)Google Scholar
  16. 16.
    Swiderski, F., Snyder, W.: Threat Modeling. Microsoft Press (2004)Google Scholar
  17. 17.
    Tsai, H., et al.: Threat as a service?: virtualization’s impact on cloud security. IT Prof. 14, 32–37 (2012)CrossRefGoogle Scholar
  18. 18.
    Walter, C.J., Suri, N., Hugue, M.M.: Continual on-line diagnosis of hybrid faults. In: Cristian, F., Le Lann, G., Lunt, T. (eds.) Dependable Computing for Critical Applications 4. DEPENDABLECOMP, vol. 9, pp. 233–249. Springer, Vienna (1995). Scholar
  19. 19.
    Wang, J.A., Guo, M.: Security data mining in an ontology for vulnerability management. In: Proceedings of IEEE Bioinformatics, Systems Biology and Intelligent Computing (IJCBS), pp. 597–603 (2009)Google Scholar
  20. 20.
    Wang, P., Lin, W.-H., Kuo, P.-T., Lin, H.-T., Wang, T.C.: Threat risk analysis for cloud security based on attack-defense trees. In: Proceedings of Computing Technology and Information Management (ICCM), pp. 106–111 (2012)Google Scholar
  21. 21.
    Winter, S., Sârbu, C., Suri, N., Murphy, B.: The impact of fault models on software robustness evaluations. In: Proceedings of International Conference on Software Engineering (ICSE), pp. 51–60 (2011)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Salman Manzoor
    • 1
    Email author
  • Tsvetoslava Vateva-Gurova
    • 1
  • Ruben Trapero
    • 2
  • Neeraj Suri
    • 1
  1. 1.Department of Computer ScienceTechnische Universität DarmstadtDarmstadtGermany
  2. 2.Atos Research and InnovationMadridSpain

Personalised recommendations