Secure cloud computing : Risk analysis for secure cloud reference architecture in legal metrology

Abstract

In the field of Legal Metrology, a risk assessment is demanded by European directives for certain measuring instruments. In this paper, a previously published reference cloud architecture will be subjected to such an assessment to demonstrate its suitability for providing adequate software protection. A specially tailored and standardized method is used to identify essential threats and common attack vectors for the reference architecture. With the help of calculated probability score and risk factors, the fulfillment of the essential requirements of the applicable European directives are shown. Furthermore, Attack Probability Trees are applied to more complex scenarios to identify suitable countermeasures to increase the resilience level where necessary.