Tool-based Risk Assessment of Cloud Infrastructures as Socio-Technical Systems

Michael Nidd, Marieta Georgieva Ivanova, Christian W. Probst, Axel Tanner

Research output: Chapter in Book/Report/Conference proceedingBook chapterResearchpeer-review

279 Downloads (Pure)

Abstract

Assessing risk in cloud infrastructures is difficult. Typical cloud infrastructures contain potentially thousands of nodes that are highly interconnected and dynamic. Another important component is the set of human actors who get access to data and computing infrastructure. The cloud infrastructure therefore constitutes a socio-technical system. Attacks on socio-technical systems are still mostly identified through expert brainstorming. However, formal risk assessment for systems including human actors requires modeling human behavior, which is difficult at best. In this chapter, we present a modeling exercise for cloud infrastructures using the socio-technical model developed in the TRESPASS project; after showing how to model typical components of a cloud infrastructure, we show how attacks are identified on this model and discuss their connection to risk assessment. The technical part of the model is extracted automatically from the configuration of the cloud infrastructure, which is especially important for systems so dynamic and complex.
Original languageEnglish
Title of host publicationThe Cloud Security Ecosystem: Technical, Legal, Business and Management Issues
PublisherElsevier
Publication date2015
Pages495-517
Chapter22
ISBN (Print)978-0-12-801595-7
DOIs
Publication statusPublished - 2015

Cite this

Nidd, M., Ivanova, M. G., Probst, C. W., & Tanner, A. (2015). Tool-based Risk Assessment of Cloud Infrastructures as Socio-Technical Systems. In The Cloud Security Ecosystem: Technical, Legal, Business and Management Issues (pp. 495-517). Elsevier. https://doi.org/10.1016/B978-0-12-801595-7.00022-7