English

Towards a Cloud-Based Ontology for Service Model Security -- Technical Report

Cryptography and Security 2023-08-15 v1

Abstract

The adoption of cloud computing has brought significant advancements in the operational models of businesses. However, this shift also brings new security challenges by expanding the attack surface. The offered services in cloud computing have various service models. Each cloud service model has a defined responsibility divided based on the stack layers between the service user and their cloud provider. Regardless of its service model, each service is constructed from sub-components and services running on the underlying layers. In this paper, we aim to enable more transparency and visibility by designing an ontology that links the provider's services with the sub-components used to deliver the service. Such breakdown for each cloud service sub-components enables the end user to track the vulnerabilities on the service level or one of its sub-components. Such information can result in a better understanding and management of reported vulnerabilities on the sub-components level and their impact on the offered services by the cloud provider. Our ontology and source code are published as an open-source and accessible via GitHub: \href{https://github.com/mohkharma/cc-ontology}{mohkharma/cc-ontology}

Keywords

Cite

@article{arxiv.2308.07096,
  title  = {Towards a Cloud-Based Ontology for Service Model Security -- Technical Report},
  author = {Mohammed Kharma and Ahmed Sabbah and Mustafa Jarrar},
  journal= {arXiv preprint arXiv:2308.07096},
  year   = {2023}
}

Comments

8 pages

R2 v1 2026-06-28T11:55:04.611Z