Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Threat Modeling for Cloud Data Center Infrastructures



Nawaf Alhebaishi, Lingyu Wang, Sushil Jajodia, Anoop Singhal


Cloud computing has undergone rapid expansion throughout the last decade. Many companies and organizations have made the transition from traditional data centers to the cloud due to its flexibility and lower cost. However, traditional data centers are still being relied upon by those who are less certain about the security of cloud. This problem is highlighted by the fact that there only exist limited efforts on threat modeling for cloud data centers. In this paper, we conduct comprehensive threat modeling exercises based on two representative cloud infrastructures using several popular threat modeling methods, including attack surface, attack trees, attack graphs, and security metrics based on attack trees and attack graphs, respectively. Those threat modeling efforts give cloud providers practical lessons and means toward better evaluating, understanding and improving their cloud infrastructures. Our results may also imbed more confidence in potential cloud tenants by providing them a clearer picture about potential threats in cloud infrastructures and corresponding solutions.
Proceedings Title
9th International Conference on Foundations and Practice of Security
Conference Dates
October 24-26, 2016
Conference Location
Quebec City, -1


Security Metrics, Cloud Security, Attack Surface, Attack Graphs, Attack Trees
Created December 29, 2016, Updated November 10, 2018