CONCEPTUAL FRAMEWORK OF ANALYSIS OF INFORMATION SECURITY MODELS OF CLOUD SYSTEMS OF THE CLASS «INFRASTRUCTURE AS A SERVICE»

A process based on the role approach for the synthesis of information security models of cloud computing systems based on applied system and threat models is described; the result is a security model, expressed, for example, in recommendations for improving information security or containing elements of the security configuration. The architecture of the system for analyzing models of information security of cloud computing systems is proposed. It includes a subsystem of analysis and modeling, a knowledge base and a subsystem of integration with external sources of knowledge. The system is model-oriented (detailed, high-level, applied, synthesized) and involves automatic processing of knowledge in the field of vulnerability management and software configuration. It is proposed an approach to solve the problem of constructing hierarchies of architectures models and threat models, realizing a combined analysis of functions and components.  

1. Listopad N.I., Olizarovich E.V., Brazhuk A.I. Prakticheskie aspekty vnedrenija oblachnyh tehnologij v uchrezhdenii obrazovanija // Informatizacija obrazovanija. 2014. № 2 (74). S. 55–65. (in Russ.)

2. GOST R 57100-2016/ISO/IEC/IEEE 42010:2011. Sistemnaja i programmnaja inzhenerija. Opisanie arhitektury. (in Russ.)

3. STB 34.101.1-2014. Informacionnye tehnologii i bezopasnost'. Kriterii ocenki bezopasnosti informacionnyh tehnologij. Ch. 1. Vvedenie i obshhaja model'. (in Russ.)

4. Toward a unified ontology of cloud computing. / L. Youseff [et al.] // Grid Computing Environments Workshop. 2008. P. 1–10.

5. Moscato F., Di Martino B., Aversa R. Enabling model driven engineering of cloud services by using mosaic ontology //Scalable Computing: Practice and Experience. 2011. Vol. 13. №. 1. P. 29–44.

6. Intercloud architecture for interoperability and integration / Y. Demchenko [et al.] // Cloud Computing Technology and Science. 2012. P. 666–674.

7. Dukaric R., Juric M. Towards a unified taxonomy and architecture of cloud frameworks // Future Generation Computer Systems. 2013. T. 29. №. 5. P. 1196–1210.

8. SEcure Cloud computing for CRitical infrastructure IT [Electronic resource]. URL: https://www.seccrit.eu/. (date of access: 20.04.2018).

9. Scandariato R., Wuyts K., Joosen W. A descriptive study of Microsoft’s threat modeling technique // Requirements Engineering. 2015. T. 20, №. 2. P. 163–180.

10. A semantic-web approach for modeling computing infrastructures / M. Ghijsen [et al.] // Computers & Electrical Engineering. 2013. № 39 (8). P. 2553–2565.

11. Common Information Model [Electronic resource]. / DMTF. URL: https://www.dmtf.org/standards/cim (date of access: 20.04.2018).

12. Upravlenie programmnym obespecheniem i arhitektura otkazoustojchivogo IaaS-oblaka na osnove universal'nyh uzlov. / Ju.I. Vorotnickij [i dr.] // Jelektronika INFO. 2013. № 9. S. 21–24. (in Russ.)

13. Cloud Computing Risk Assessment [Electronic resource]. / ENISA, 2009. URL: https://www.enisa.europa.eu/publications/cloud-computing-risk-assessment/at_download/fullReport (date of access: 20.04.2018).

14. Saripalli P., Walters B. Quirc: A quantitative impact and risk assessment framework for cloud security // 2010 IEEE 3rd International Conference on Cloud Computing. 2010. P. 280–288.

15. Takahashi T., Kadobayashi Y. Reference ontology for cybersecurity operational information // The Computer Journal. 2014. Vol. 58, № 10. P. 2297–2312.

16. Security Content Automation Protocol [Electronic resource] / NIST. URL: https://csrc.nist.gov/projects/security-content-automation-protocol (date of access: 20.04.2018).