Tools for modeling and analysis of risks in the cloud computing environment

Authors

  • I.F. Aulov
  • K.E. Lisickiy

DOI:

https://doi.org/10.30837/rt.2018.4.195.13

Keywords:

threat modeling, cloud computing, risk analysis

Abstract

This article focuses on tools that can be used to model and analyze risks in a cloud computing environment. The article discusses free open source software: OWASP Threat Dragon, CAIRIS, Mozilla Seasponge and commercial with closed code: Microsoft Threat Modeling Tool, RiskWatch, vsRisk, as well as an analysis of its advantages and disadvantages. The article proposes requirements for modeling programs and risk analysis in the cloud computing environment. Based on the compliance assessment, a comparison was made of existing software, which resulted in the determination that although the Microsoft Threat Modeling Tool does not fully comply with them, it is currently the best for modeling and analyzing risks in the clouds.

References

OWASP Threat Dragon [Електронний ресурс]. Режим доступу: https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project.

OWASP Threat Dragon on Github [Електронний ресурс]. Режим доступу: https://github.com/mike-goodwin/owasp-threat-dragon-desktop.

The Open Web Application Security Project (OWASP) Електронний ресурс]. Режим доступу: https://www.owasp.org.

CAIRIS [Електронний ресурс]. Режим доступу: https://cairis.org/.

CAIRIS [Електронний ресурс]. https://github.com/failys/cairis.

Mozilla launches free, online threat modelling tool [Електронний ресурс]. Режим доступу: https://siliconangle.com/blog/2015/04/01/mozilla-launches-free-online-threat-modelling-tool/.

Microsoft Threat Modeling Tool [Електронний ресурс]. Режим доступу: https://docs.microsoft.com/en-us/azure/security/azure-security-threat-modeling-tool.

Threat Modeling [Електронний ресурс]. Режим доступу: https://msdn.microsoft.com/en-us/library/ff648644.aspx.

RiskWatch technical specifications [Електронний ресурс]. Режим доступу: http://www.riskwatch.com/wp-content/uploads/2014/05/SWDataSheet.pdf.

RiskWatch [Електронний ресурс]. Режим доступу: http://www.riskwatch.com/.

vsRisk [Електронний ресурс]. Режим доступу: https://www.vigilantsoftware.co.uk/product/vsrisk-standalone.

Published

2018-12-28

How to Cite

Aulov, I., & Lisickiy, K. (2018). Tools for modeling and analysis of risks in the cloud computing environment. Radiotekhnika, 4(195), 138–143. https://doi.org/10.30837/rt.2018.4.195.13

Issue

Section

Articles