Cloud computing is a fast-emerging technology. It is an attractive system for companies and has been embraced by many due to its benefits of economy, reliability, scalability, and guaranteed quality of service. Due to the increasing use of cloud platforms, it is important to be able to ensure its security. One way of assessing security in a cloud platform is to use threat modeling and attack graphs. But to assess the security in a cloud platform with the help of threat modeling could be challenging due to big and complex IT-system which are hard to overlook and gather relevant information about. One way to simplify this task is by simulating cyber attacks. By using attack simulations it makes the threat modeling to an easier process as the need to find weaknesses of the system is passed over to the domain-specific language and the attack simulations.
In this thesis, the Meta Attack Language will be used to create a domain-specific probabilistic modeling language, StackLang, used to simulate attacks against OpenStack environments. The result of the simulations will show the most probable attack scenario one attacker could make, and which assets of the system that are most probable to be compromised. The aim of the thesis was to investigate which attacks that were possible to simulate through StackLang. To investigate this, two literature studies were conducted to first understand the components of OpenStack and secondly to discover the attacks. The results show that it is possible to simulate some of the most common attacks against cloud platforms, such as DoS-attacks and account hijacking. In terms of the completeness and correctness of the language, it is shown that further work needs to be done to extend StackLang to improve these aspects.