Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Generating threat profiles for cloud service certification systems

: Stephanow, P.; Banse, C.; Schütte, J.


Babiceanu, R. ; Institute of Electrical and Electronics Engineers -IEEE-; IEEE Computer Society:
IEEE 17th International Symposium on High Assurance Systems Engineering, HASE 2016. Proceedings : 7-9 January 2016, Orlando, Florida, USA
Los Alamitos, Calif.: IEEE Computer Society Conference Publishing Services (CPS), 2016
ISBN: 978-1-4673-9912-8
International Symposium on High Assurance Systems Engineering (HASE) <17, 2016, Orlando/Fla.>
Fraunhofer AISEC ()

Cloud service certification aims at automatically validating whether a cloud service satisfies a predefined set of requirements. To that end, certification systems collect and evaluate sensitive data from various sources of a cloud service. At the same time, the certification system itself has to be resilient to attacks to generate trustworthy statements about the cloud service. Thus system architects are faced with the task of assessing the trustworthiness of different certification system designs. To cope with that challenge, we propose a method to model different architecture variants of cloud service certification systems and analyze threats these systems face. By applying our method to a specific cloud service certification system, we show how threats to such systems can be derived in a standardized way that allows us to evaluate different architecture configurations.