Proactive risk and threat simulations in the cloud
The increase in use of cloud-based services e.g. Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP) - and IT as a service with organizations world-wide has created new opportunities but also created risks. The purpose of the project is to develop a prototype for risk and threat simulations in cloud environments in order to automate risk analyses for prioritization of vulnerabilities and investments in cyber security, enabling a proactive, cost effective way of creating more secure systems.
The project intends to develop a risk and threat simulation language for cloud environments and a tested and verified prototype, capable of generating a digital representation of an organization´s cloud environment that can be subjected to quantitative risk and threat simulations that can be carried out without affecting availability and cost of the actual target environment. With the simulation results, an organization is expected to be able to prioritize vulnerabilities found and quantify cost/benefit of potential future security investments in an effective way.
The project will be using the Meta Attack Language (MAL) as a framework to create a cloudLang. MAL can be found at the MAL-Lang GitHub repo .