STSM – Agnieszka Jakóbik


Name

Agnieszka Jakóbik (Krok)

Affiliation

Cracow University of Technology

Corresponding WG

WG1

Grant research topic

Security in Cloud Environment

Hosting Institution

Department of Computer Science, University of Salerno

Period

04/03/2017 to 13/03/2017

Summary of the scientific report

We selected the most complex and advanced  Cloud Computing  security assessment methods and the main threads.

 

Cloud Controls Matrix proposed by Cloud Security Alliance that fulfils the  ISO 27002/27017/27018 Security Controls norm was chosen as the most brad list of the security in the Cloud assessment methods, .  The most up to date list of Cloud systems threads was chosen as OWASP Cloud Top 10 Security Risks, . Additional methods was chosen in the form NIST Cloud Computing Standards Roadmap published by  Working Group NIST Cloud Computing Program Information Technology Laboratory.

We prepared  the model based on  Stackelberg games  dedicated of automatization of the security assessment in the Cloud systems.

The modelling include

  • defining the leader of the game (assumed as Cloud provider) and the follower of the game (assumed as attacker into Cloud system)
  • selecting the actions for the leader of the game (actions from the Cloud Controls Matrix was proposed) and the follower of the game (actions from the Cloud Top 10 Security Risks )
  • defining utility functions for the leader and the follower
  • defining the aim of the game
  • introducing the mathematical model of the game assuming different cases for example simple model for the follower , adversarial behavior uncertainty, Bayesian Stalkerberg model for the follower, model for unknown  adversary strategy, random walk adversary strategy.
  • selecting the tools for solving the game (numerical methods in the form of Simplex method was chosen ) and selecting the tools and environments for implementing the model and preliminary tests:  Java and Matlab Environment .

 

Personal notes