Modern Secure Development Life Cycles recognize that there is a need to (i) perform a risk assessment to identify the threats that a system is facing and (ii) a risk rating procedure to prioritize the development and maintenance activities. However, such processes are hardly applicable in the development of Cloud-based applications, due to the cost (money and time) that such procedures imply. This article aims at addressing such an issue by proposing a technique, compatible with the Security-By-Design development methodologies, that automates the threat modeling and risk evaluation of a system, reducing the costs and requiring the developers with just a limited set of security skills. Through the proposed approach, the software system is analyzed to identify the threats that affect the system assets, ranking the level of risk associated with each threat and suggesting a set of countermeasures in standard terms; the process requires minimal user interaction. The proposed technique was implemented through a dedicated tool and validated against a simple case study.

Risk Analysis Automation Process in IT Security for Cloud Applications / Granata, D.; Rak, M.; Salzillo, G.. - 1607:(2022), pp. 47-68. [10.1007/978-3-031-21637-4_3]

Risk Analysis Automation Process in IT Security for Cloud Applications

Granata D.;Rak M.;
2022

Abstract

Modern Secure Development Life Cycles recognize that there is a need to (i) perform a risk assessment to identify the threats that a system is facing and (ii) a risk rating procedure to prioritize the development and maintenance activities. However, such processes are hardly applicable in the development of Cloud-based applications, due to the cost (money and time) that such procedures imply. This article aims at addressing such an issue by proposing a technique, compatible with the Security-By-Design development methodologies, that automates the threat modeling and risk evaluation of a system, reducing the costs and requiring the developers with just a limited set of security skills. Through the proposed approach, the software system is analyzed to identify the threats that affect the system assets, ranking the level of risk associated with each threat and suggesting a set of countermeasures in standard terms; the process requires minimal user interaction. The proposed technique was implemented through a dedicated tool and validated against a simple case study.
2022
Risk Analysis Automation Process in IT Security for Cloud Applications / Granata, D.; Rak, M.; Salzillo, G.. - 1607:(2022), pp. 47-68. [10.1007/978-3-031-21637-4_3]
File in questo prodotto:
File Dimensione Formato  
CLOSER_ESTESO_2021.pdf

non disponibili

Licenza: Non specificato
Dimensione 391.17 kB
Formato Adobe PDF
391.17 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11588/986046
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 8
  • ???jsp.display-item.citation.isi??? ND
social impact