Finding risk patterns in cloud system models

The risk of unauthorized access to confidential data is a major problem in cloud computing. In previous work, the notion of risk patterns was introduced to capture configurations of cloud systems that are prone to data protection issues. In this paper, we devise a program for the automatic detection of risk patterns in cloud system models. Our program makes use of the Eclipse Modeling Framework, the model transformation library Henshin, and the modeling workbench Sirius to (i) enable security experts to describe cloud risk patterns in a compact way, (ii) enable the efficient automatic detection of risk patterns in the model of a cloud system, and (iii) support cloud experts in experimenting with the security implications of different cloud configurations. A case study and experiments demonstrate the applicability and scalability of the proposed approach.