ALCOL : Probabilistic Threat Modelling of the Amazon Elastic Container Service Domain

Sammanfattning: Cloud computing is becoming an increasingly popular computation model for IT-infrastructures which has changed the notion of computing resources. Another concept that has become popular is containers which provides the capability to run applications isolated from each other while sharing the host’s operating system kernel. These two concepts have been combined to run containerised environments in the cloud, a cloud service type which has become popular among customers. The increased deployment of IT-infrastructures built on cloud environments running containers results in an increased exposure to cyber attacks within this domain which requires that proper security measures are taken. Assessing the security of a system can, however, be difficult. Attack simulations can be used to provide an overview of how an adversary can attack the system to simplify this task. This thesis proposes a probabilistic threat modelling language which can be used to simulate attacks against infrastructures based on Amazon Elastic Container Service (ECS), a cloud service provided by Amazon Web Services which allow customers to run containerised applications in the cloud. The language, called ALCOL (Amazon eLastic COntainer Language), is based on the Meta Attack Language and the domain-specific language AWSLang. The language was developed using multiple literature studies to discover the different components in Amazon ECS that should be modelled in the language, as well as the different attacks possible to perform against Amazon ECS infrastructures. The language was evaluated using test cases representing different attack scenarios and also through an interview with a domain expert. The developed language is able to accurately simulate cyber attacks against Amazon ECS infrastructures, although with some limitations, which lead to propositions for future research.