Your browser doesn't support javascript. This means that the content or functionality of our website will be limited or unavailable. If you need more information about Vinnova, please contact us.

To main content To sitemap To news Check availability details

Proactive risk and threat simulations in the cloud

Reference number
Coordinator Foreseeti AB
Funding from Vinnova SEK 1 895 000
Project duration November 2018 - January 2020
Status Completed
Venture Collaboration projects in cybersecurity and digital infrastructure

Important results from the project

The increasing use of cloud environments has created new opportunities, but also risks. The flexibility and scalability offered by a cloud-based architecture makes it difficult to manually map environments, possible vulnerabilities, and potential threats. A clear understanding of the threat landscape is a prerequisite for an effective defense strategy. Our project has developed and tested a prototype for proactive threat simulations in the cloud. The simulated attacks give us important knowledge about how to secure the cloud against threats and prioritize its vulnerabilities.

Expected long term effects

The project has resulted in an improved framework for threat modeling and attack simulations (MAL - Meta Attack Language), a for cloud (specifically Amazon Web Services) domain-specific language (awsLang), a prototype where awsLang is used in an efficient and user-friendly way in foreseeti´s platform securiCAD, as well as testing it in large cloud environments at Klarna and validating it in external environments (CloudGoat). Foreseeti has been classified a Selected Technology Partner by Amazon and the product, securiCAD Vanguard, will soon be released on the Amazon Marketplace.

Approach and implementation

KTH has done research and published the results as open source. foreseeti has then (further) developed its platform adapted for these research results, which has been tested at Klarna. The process was highly iterative with several rounds of research, development, requirement elicitation, and testing. This arrangement with few partners and clear roles has worked well. We have actively made sure that the progress and results have been communicated, which has been noticed in e.g. Computer Sweden and at Amazon events.

External links

The project description has been provided by the project members themselves and the text has not been looked at by our editors.

Last updated 7 April 2021

Reference number 2018-03950