The cloud use case in TREsPASS can serve as an example exhibiting many challenges: the cloud is situated in multiple spheres of interest: a physical setting with rooms, doors and windows where e.g., physical infrastructure pieces of a cloud environment are situated and where the different actors have access and can move,software-defined virtual parts, like virtual machines (VMs), virtual network and storage,situated in an abstract and completely separate space, or the social space where a distance between actors defines weak or strong relation-ships. At the same time, the physical elements (e.g., servers, network) can range in the tens of thousands, the virtual, software-defined components (e.g., virtual machines) can range in hundreds of thousands. In addition, there is typically a very large number of users of the cloud infrastructure and rather few, but very powerful, administrators. All these elements will interact (cooperating or interacting maliciously) leading to a complex behaviour over time, which leads in effect to a Complex Adaptive System.
Here under are some visualisation examples showing how changes on servers, including VMs can be visualised so that a general vulnerability-score can be read from it.