Modeling Data Protection Vulnerabilities of Cloud Systems Using Risk Patterns.

Ensuring the protection of sensitive data is important for the adoption of cloud services. Cloud systems are becoming increasingly complex and dynamic, leading to various potential scenarios for attackers to get access to sensitive data. To handle such data protection risks, the concept of risk patterns was introduced previously. A risk pattern models a structural fragment of cloud systems that should not appear in the running system because it would lead to high data protection risks. At deployment and at run time, graph pattern matching and dynamic reconfiguration methods can be used to ensure that the run- time model of the cloud system contains no instance of the risk patterns. The previous work left it open, however, how and to what extent real data protection vulnerabilities can be modeled in the form of risk patterns. Therefore, this paper focuses on the design of risk patterns based on vulnerabilities described in the literature. Based on an analysis of 87 papers, we determined 45 risk patterns. Our findings (i) demonstrate that risk patterns can indeed capture many of the vulnerabilities described in the cloud literature, (ii) give insight into the typical structure of risk patterns, and (iii) show the limits of the applicability of the risk pattern approach.