Accepted author manuscript, 424 KB, PDF document
Final published version
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
| Publication date | 23/03/2023 |
|---|---|
| Host publication | 2023 International Conference on Computing, Networking and Communications, ICNC 2023 |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| Pages | 506-510 |
| Number of pages | 5 |
| ISBN (electronic) | 9781665457194 |
| <mark>Original language</mark> | English |
| Event | 2023 International Conference on Computing, Networking and Communications, ICNC 2023 - Honolulu, United States Duration: 20/02/2023 → 22/02/2023 |
| Conference | 2023 International Conference on Computing, Networking and Communications, ICNC 2023 |
|---|---|
| Country/Territory | United States |
| City | Honolulu |
| Period | 20/02/23 → 22/02/23 |
| Name | 2023 International Conference on Computing, Networking and Communications, ICNC 2023 |
|---|
| Conference | 2023 International Conference on Computing, Networking and Communications, ICNC 2023 |
|---|---|
| Country/Territory | United States |
| City | Honolulu |
| Period | 20/02/23 → 22/02/23 |
Threat analysis (TA) is a process to identify, detect, and evaluate security vulnerabilities systematically. Specifically, the TA, which focuses on threats that can potentially violate the customer's data ownership requirements of security and performance, is named Requirement Based Threat Analysis (RBTA). Despite the importance of RBTA, the current manual RBTA process is both time intensive and makes no assurance of completeness of the analysis. Thus, we develop a systematic analytic technique that enumerates customers' requirements and then determines all possible direct/indirect dependencies across them to conduct a generalized threat analysis from their requirements. The approach is validated for its effectiveness on actual Cloud customer requirements and can be generalized to apply to other requirements.