Risiko in der Wolke? : Die Sicherheitsanalyse von Cloud-Anwendungen

GND
105233167X
LSF
4333
Heisel, Maritta;
GND
1026786479
LSF
10259
Hatebur, Denis;
Affiliation
ITESYS Institut für technische Systeme GmbH mit Sitz in Dortmund
Goeke, Ludger;
GND
1032008415
LSF
11655
Côté, Isabelle
Für Cloud-Kund*innen ergeben sich durch die Nutzung von Cloud-Computing-Diensten verschiedene Vorteile. So entfallen beispielsweise die Kosten für den Betrieb einer eigenen IT-Infrastruktur, und der Umfang der genutzten Ressourcen kann je nach Bedarf flexibel angepasst werden. Die Nutzung von Cloud-Computing-Diensten bringt allerdings auch Risiken mit sich.
We present a structured method for performing risk analysis for cloud applications according to the ISO 27001 standard. Our method relies on patterns to describe the context and structure of a cloud computing system (using CSAP), to identify threats, to elicit the security requirements, and to select controls. Our ClouDA tool supports the application of this method. Our approach delivers the following main benefits: • Systematic pattern-based identification of threats using threat patterns and their relationship to CSAP elements, which facilitates and accelerates the threat analysis • Systematic pattern-based identification of security requirements to be fulfilled by appropriate controls using security requirement patterns and their relationship to threat patterns • Systematic pattern-based identification of controls using their relationship to security requirement patterns • Tool support for our approach • Increased effectiveness of risk analysis by applying the method and reduced documentation effort by hierarchical refinement of assets. In the future, we want to extend the tool for supporting other types of patterns for performing risk analysis. In addition, we intend to enrich the tool so as to check the complete and coherent instantiation of the patterns.
Zur Startseite

Cite

Citation style:
Could not load citation form.

Rights

Use and reproduction:
All rights reserved