Home > Research > Publications & Outputs > Enabling Multi-Layer Threat Analysis in Dynamic...

Electronic data

  • IEEE_TCC_ThreatPro

    Accepted author manuscript, 1.58 MB, PDF document

    Available under license: CC BY: Creative Commons Attribution 4.0 International License

Links

Text available via DOI:

View graph of relations

Enabling Multi-Layer Threat Analysis in Dynamic Cloud Environments

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Published
<mark>Journal publication date</mark>31/03/2024
<mark>Journal</mark>IEEE Transactions on Cloud Computing
Issue number1
Volume12
Number of pages18
Pages (from-to)319-336
Publication StatusPublished
Early online date13/02/24
<mark>Original language</mark>English

Abstract

Most Threat Analysis (TA) techniques analyze threats to targeted assets (e.g., components, services) by considering static interconnections among them. However, in dynamic environments, e.g., the Cloud, resources can instantiate, migrate across physical hosts, or decommission to provide rapid resource elasticity to its users. Existing TA techniques are not capable of addressing such requirements. Moreover, complex multi-layer/multi-asset attacks on Cloud systems are increasing, e.g., the Equifax data breach; thus, TA approaches must be able to analyze them. This paper proposes ThreatPro, which supports dynamic interconnections and analysis of multi-layer attacks in the Cloud. ThreatPro facilitates threat analysis by developing a technology-agnostic information flow model, representing the Cloud's functionality through conditional transitions. The model establishes the basis to capture the multi-layer and dynamic interconnections during the life cycle of a Virtual Machine. ThreatPro contributes to (1) enabling the exploration of a threat's behavior and its propagation across the Cloud, and (2) assessing the security of the Cloud by analyzing the impact of multiple threats across various operational layers/assets. Using public information on threats from the National Vulnerability Database, we validate ThreatPro's capabilities, i.e., identify and trace actual Cloud attacks and speculatively postulate alternate potential attack paths.