Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - Threat modeling and analysis for the cloud ecosystem
AU - Manzoor, S.
AU - Zhang, H.
AU - Suri, Neeraj
AU - J., Li
AU - A., Chandra
AU - T., Guo
AU - Y., Cai
PY - 2018/4/17
Y1 - 2018/4/17
N2 - As the usage of the Cloud proliferates, the need for security evaluation of the Cloud also grows. The process of threat modeling and analysis is advocated to assess potential vulnerabilities that can undermine the Cloud security goals. However, given the plethora of distinct services involved in the Cloud ecosystem and the varied attack surfaces entailed in the Cloud-specific architectures, performing threat analysis for the Cloud is a challenging task. Consequently, contemporary Cloud threat analysis approaches, typically using relational security models (e.g., attack graphs, trees...), primarily focus on specific services/layers of the Cloud. Also, these schemes often fail to include the variants of the identified vulnerabilities in their analysis. Hence, a comprehensive threat analysis approach is required that can (a) model and analyze threats across the multilayer Cloud operational stack, and (b) include variants of the vulnerabilities in the threat analysis procedure. We target achieving a holistic Cloud threat analysis by designing a novel multi-layer Cloud model, using Petri Nets, to comprehensively profile the operational behavior of the services involved in the Cloud operations. We subsequently conduct threat modeling to identify threats within and across the different layers of the Cloud operations. Our proposed threat analysis approach also investigates the variants of the potential vulnerabilities to comprehensively infer the Cloud attack surface. © 2018 IEEE.
AB - As the usage of the Cloud proliferates, the need for security evaluation of the Cloud also grows. The process of threat modeling and analysis is advocated to assess potential vulnerabilities that can undermine the Cloud security goals. However, given the plethora of distinct services involved in the Cloud ecosystem and the varied attack surfaces entailed in the Cloud-specific architectures, performing threat analysis for the Cloud is a challenging task. Consequently, contemporary Cloud threat analysis approaches, typically using relational security models (e.g., attack graphs, trees...), primarily focus on specific services/layers of the Cloud. Also, these schemes often fail to include the variants of the identified vulnerabilities in their analysis. Hence, a comprehensive threat analysis approach is required that can (a) model and analyze threats across the multilayer Cloud operational stack, and (b) include variants of the vulnerabilities in the threat analysis procedure. We target achieving a holistic Cloud threat analysis by designing a novel multi-layer Cloud model, using Petri Nets, to comprehensively profile the operational behavior of the services involved in the Cloud operations. We subsequently conduct threat modeling to identify threats within and across the different layers of the Cloud operations. Our proposed threat analysis approach also investigates the variants of the potential vulnerabilities to comprehensively infer the Cloud attack surface. © 2018 IEEE.
KW - Cloud model
KW - Cloud security
KW - Petri nets
KW - Threat modeling
KW - Cloud computing
KW - Trees (mathematics)
KW - Cloud ecosystems
KW - Cloud modeling
KW - Cloud securities
KW - Different layers
KW - Multi-layer clouds
KW - Operational behavior
KW - Security evaluation
KW - Ecosystems
U2 - 10.1109/IC2E.2018.00056
DO - 10.1109/IC2E.2018.00056
M3 - Conference contribution/Paper
SP - 278
EP - 281
BT - 2018 IEEE International Conference on Cloud Engineering (IC2E)
PB - IEEE
ER -