Towards a Cloud-Based Ontology for Service Model Security -- Technical Report

TL;DR

This paper proposes a cloud-based ontology linking cloud service components to improve transparency, vulnerability tracking, and security management across different cloud service models.

Contribution

It introduces an open-source ontology that maps cloud service components, enhancing security visibility and vulnerability management in cloud environments.

Findings

Ontology enables detailed tracking of vulnerabilities at sub-component level

Improves transparency and security management for cloud services

Open-source source code available on GitHub

Abstract

The adoption of cloud computing has brought significant advancements in the operational models of businesses. However, this shift also brings new security challenges by expanding the attack surface. The offered services in cloud computing have various service models. Each cloud service model has a defined responsibility divided based on the stack layers between the service user and their cloud provider. Regardless of its service model, each service is constructed from sub-components and services running on the underlying layers. In this paper, we aim to enable more transparency and visibility by designing an ontology that links the provider's services with the sub-components used to deliver the service. Such breakdown for each cloud service sub-components enables the end user to track the vulnerabilities on the service level or one of its sub-components. Such information can result in a better understanding and management of reported vulnerabilities on the sub-components level and their impact on the offered services by the cloud provider. Our ontology and source code are published as an open-source and accessible via GitHub: \href{https://github.com/mohkharma/cc-ontology}{mohkharma/cc-ontology}