Architectural Runtime Models for Privacy Checks of Cloud Applications

Schmieders, Eric; Metzger, Andreas; Pohl, Klaus

doi:10.1109/pesos.2015.11

Cited by 4 publications

(1 citation statement)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Similarly to our approach, the work of Schmieders et al also applied modelbased adaptive methods to data protection in the cloud [24,25]. That work, however, is limited to one specific type of privacy goals: geo-location constraints.…”

Section: Model-based Approaches For Cloud Security and Privacymentioning

confidence: 99%

Modeling Data Protection Vulnerabilities of Cloud Systems Using Risk Patterns

Palm

Mann

Metzger

2018

System Analysis and Modeling. Languages, Methods, and Tools for Systems Engineering

Self Cite

View full text Add to dashboard Cite

Ensuring the protection of sensitive data is important for the adoption of cloud services. Cloud systems are becoming increasingly complex and dynamic, leading to various potential scenarios for attackers to get access to sensitive data. To handle such data protection risks, the concept of risk patterns was introduced previously. A risk pattern models a structural fragment of cloud systems that should not appear in the running system because it would lead to high data protection risks. At deployment and at run time, graph pattern matching and dynamic re-configuration methods can be used to ensure that the run-time model of the cloud system contains no instance of the risk patterns. The previous work left it open, however, how and to what extent real data protection vulnerabilities can be modeled in the form of risk patterns. Therefore, this paper focuses on the design of risk patterns based on vulnerabilities described in the literature. Based on an analysis of 87 papers, we determined 45 risk patterns. Our findings (i) demonstrate that risk patterns can indeed capture many of the vulnerabilities described in the cloud literature, (ii) give insight into the typical structure of risk patterns, and (iii) show the limits of the applicability of the risk pattern approach.

show abstract

Section: Model-based Approaches For Cloud Security and Privacymentioning

confidence: 99%