D2.4 Progress Report on Threat Analysis and Security Requirements

Contributing Partners


Executive Summary 

Absolute security does not exist and, in any system, security definition has, first, to start with a threat analysis (attacker profiling) and a definition of the information to protect (and against what), second, to define security policies (how to protect the assets, which part of the system is in charge of protecting what) and third, to identify the security limitation of each component or subsystem and to implement counter measures at the component level or at the system level (adding security features at one upper level to counter weaknesses of the lower levels).
There are various methods supporting this kind of analysis, EBIOS at the system level (identifying risks)[1][2], Common Criteria at the component level (rating the effective resistance) [3][4]. The objective of this deliverable is to perform a risk analysis of two use cases which are typical of the cloud based services. In the first one an application is hosted by a cloud service provider and sensitive personal data may be manipulated by a third party and in the second scenario the cloud service provider is the same entity that manages the application offered to customers. These risk analysis studies are conducted with the EBIOS method which is dedicated to risk evaluation for information system. The remaining use cases of the project will be evaluated in deliverable D2.5.
The three core chapters of this deliverable describe the EBIOS methodology and the application to PRISMACLOUD use cases.

Chapter 4: Description of EBIOS method
EBIOS is a risk management method, developed and promoted by ANSSI, the French network and information security agency [1][5]. This chapter provides a description of this method that will be applied to the security analysis of the use cases.

Chapter 5: Smart Cities – European disable badge for public parking areas
The first use case is named “European Disable Badge for public parking areas”. It offers a service helping disable persons to find dedicated park places in a city. It is based on a badge which can be read by a smartphone with the NFC technology. The badge ID is used to connect to the centralized application which is hosted by a cloud service provider [6]. The security of this service relies on the security of the implementation of the application in the smartphone and on the security of the cloud infrastructure provided by a third party. The implementation of this service should prevent illegal use of a badge and also must not leak personal data.
The risk analysis identifies high risk level related to the availability, disclosure or modification of sensitive data. However it is possible to reduce significantly the likelihood of threat scenarios if ISO 27002 security measures are implemented. On the other hand, there is no impact on the severity of the security breaches. For instance, as long as sensitive personal data are stored in the cloud, the severity of a disclosure remains critical. One way to reduce further the risk would be to apply cryptographic procedures that avoid the direct storage of these personal data.

Chapter 6: E-Government
The second use case is named “e-Government”. It implements a cloud service for public bodies in the Lombardia region [6]. The security of this service relies mainly on the security offered by the infrastructure controlled by LIPSA. There is thus a difference compared to the previous use case, the cloud provider is also the service provider. The conclusion of the risk analysis are analog to those derived for the European disable badge use case.