Özet:

The threat and the intruder models of cloud services and key data management in the cloud were investigated. Based on existing standards, guidelines and publications, systematization of the main information security threats in the cloud was performed, and the formalized threat model and the intruder model for the cloud, which considers the threats to the DC support systems, hardware, hypervisor, virtualized environment, deployed cloud infrastructure, cloud resources, personnel were designed. To protect against emerging threats, it was proposed to use organizational, technical and cryptographic protection methods. In order to formalize the threat model construction process and analyze opportunities of the intruder, the intruder profile was developed. The profile includes the category of persons, the nature of their actions, the level of access and opportunities, the level of familiarization with the system, the methods and tools used and the purpose. The developed threat model of key data includes control elements of the key data in the cloud, connections between them, and the role of the user and the administrator of the cloud DC. As the main protection methods and means for the key data in the cloud, it was proposed to use secure media and cloud storages of keys, cryptographic services and HSM, secure communications, as well as secure cryptographic protocols and cryptographic algorithms. Taking into account the functioning features of the cloud as a method of a preliminary risk assessment and threat classification, it was proposed to use the threat analysis method (TAM). When carrying out a full risk analysis of the existing system, using the CHAZOP method for qualitative assessment and the Bayesian approach if necessary to obtain quantitative indicators is proposed. The research results of the threat and the intruder models may be used in the security and risk examination and assessment of cloud ITS. Author Biography Іван Федорович Аулов, Kharkiv National University of Radio Electronics 16 Lenina ave., Kharkiv, Ukraine, 61166 Postgraduate student Department of Informational security

Anahtar Kelimeler: