Threat Modeling and Analysis for the Cloud Ecosystem

Abstract

As the usage of the Cloud proliferates, the need for security evaluation of the Cloud also grows. The process of threat modeling and analysis is advocated to assess potential vulnerabilities that can undermine the Cloud security goals. However, given the plethora of distinct services involved in the Cloud ecosystem and the varied attack surfaces entailed in the Cloud-specific architectures, performing threat analysis for the Cloud is a challenging task. Consequently, contemporary Cloud threat analysis approaches, typically using relational security models (e.g., attack graphs, trees...), primarily focus on specific services/layers of the Cloud. Also, these schemes often fail to include the variants of the identified vulnerabilities in their analysis. Hence, a comprehensive threat analysis approach is required that can (a) model and analyze threats across the multilayer Cloud operational stack, and (b) include variants of the vulnerabilities in the threat analysis procedure. We target achieving a holistic Cloud threat analysis by designing a novel multi-layer Cloud model, using Petri Nets, to comprehensively profile the operational behavior of the services involved in the Cloud operations. We subsequently conduct threat modeling to identify threats within and across the different layers of the Cloud operations. Our proposed threat analysis approach also investigates the variants of the potential vulnerabilities to comprehensively infer the Cloud attack surface.