Requirements-based threat analysis


ESCUDO-CLOUD developed an innovative solution to ascertain data ownership threats in Cloud systems by analyzing the system’s functional requirements. The Requirements-Based Theat Analysis (RBTA) process (see figure) assesses the assumptions (direct or indirect) that underlie a requirement, determines the dependencies across the requirements along with capturing the likelihood and severity of the assumptions getting violated.

 

rbta

 

The viability and effectiveness of the RBTA process was established by its ability to identify specific requirement level threats in the ESCUDO-CLOUD Use Cases. The basic RBTA ideology led to the development of a generalized Cloud threat model that can capture both functional and operational behavior.  The overall innovations covered:

  • Development of a novel dependency analysis schema to capture horizontal and vertical dependencies across requirements and services.
  • Development of a holistic Cloud threat model applicable to diverse Cloud instantiations.
  • Tool support for automation of Cloud threat analysis.

Related Publications