Risiko in der Wolke? : Die Sicherheitsanalyse von Cloud-Anwendungen

Heisel, Maritta GND; Hatebur, Denis GND; Goeke, Ludger; Côté, Isabelle GND

Für Cloud-Kund*innen ergeben sich durch die Nutzung von Cloud-Computing-Diensten verschiedene Vorteile. So entfallen beispielsweise die Kosten für den Betrieb einer eigenen IT-Infrastruktur, und der Umfang der genutzten Ressourcen kann je nach Bedarf flexibel angepasst werden. Die Nutzung von Cloud-Computing-Diensten bringt allerdings auch Risiken mit sich.

We present a structured method for performing risk analysis for cloud applications according to the ISO 27001 standard. Our method relies on patterns to describe the context and structure of a cloud computing system (using CSAP), to identify threats, to elicit the security requirements, and to select controls. Our ClouDA tool supports the application of this method. Our approach delivers the following main benefits: • Systematic pattern-based identification of threats using threat patterns and their relationship to CSAP elements, which facilitates and accelerates the threat analysis • Systematic pattern-based identification of security requirements to be fulfilled by appropriate controls using security requirement patterns and their relationship to threat patterns • Systematic pattern-based identification of controls using their relationship to security requirement patterns • Tool support for our approach • Increased effectiveness of risk analysis by applying the method and reduced documentation effort by hierarchical refinement of assets. In the future, we want to extend the tool for supporting other types of patterns for performing risk analysis. In addition, we intend to enrich the tool so as to check the complete and coherent instantiation of the patterns.

Logo

Cite

Citation style:
Heisel, M., Hatebur, D., Goeke, L., Côté, I., 2017. Risiko in der Wolke?: Die Sicherheitsanalyse von Cloud-Anwendungen. Natur-, Ingenieur- und Wirtschaftswissenschaften - High-Performance und Cloud Computing. https://doi.org/10.17185/duepublico/70372
Could not load citation form.

Rights

Use and reproduction:
All rights reserved

Export