A Model-Based Systems Engineering Plugin for Cloud Security Architecture Design

Yuri Gil Dantas, Vivek Nigam und Ulrich Schöpp

SN Computer Science, 5(5)

Mai 2024 · DOI: 10.1007/s42979-024-02748-x


Security is one of the biggest concerns for cloud infrastructures. Cloud infrastructures are susceptible to a wide range of threats, including external and internal threats. Without proper security mechanisms, these threats may compromise the security properties of services hosted in the cloud. To secure cloud infrastructures against threats, it is crucial to perform a threat analysis in the early stages of the system development (i.e., during the design of the system architecture). Threat Analysis and Risk Assessment (TARA) is a well-known approach used by researchers and practitioners. TARA consists of several activities, including asset identification, threat scenarios, attack paths, and risk treatment decision. The risk treatment decision activity involves selecting appropriate security measures to mitigate the identified threat scenarios. In the current state of practice, TARA activities are performed manually by engineers, leading to time-consuming processes and potential errors. In our previous article, we proposed a logic programming tool to enable the automation of TARA activities, including the recommendation of cloud-based security measures. This article proposes Security Pattern Synthesis, a Model-Based Systems Engineering (MBSE) plugin for securing cloud architectures. Security Pattern Synthesis is implemented in Java while using the previously proposed logic-programming tool as a backend to reason about the security of the cloud architecture.

Stichworte: Securing cloud architectures, Model-based Systems Engineering, MbSE, Security architecture patterns, Automation, AutoFOCUS3