Home > Research > Publications & Outputs > Poster: Multi-Layer Threat Analysis of the Cloud

Electronic data

  • ACM_CCS__ThreatPro_Poster_

    Rights statement: © ACM, 2022. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, http://doi.acm.org/10.1145/3548606.3563515

    Accepted author manuscript, 644 KB, PDF document

    Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License

Links

Text available via DOI:

View graph of relations

Poster: Multi-Layer Threat Analysis of the Cloud

Research output: Contribution to conference - Without ISBN/ISSN Posterpeer-review

Published
Publication date7/11/2022
Number of pages3
Pages3419-3421
<mark>Original language</mark>English
EventACM Conference on Computer and Communications Security - Los Angeles, United States
Duration: 7/11/202211/11/2022
https://www.sigsac.org/ccs/CCS2022/

Conference

ConferenceACM Conference on Computer and Communications Security
Abbreviated titleCCS
Country/TerritoryUnited States
CityLos Angeles
Period7/11/2211/11/22
Internet address

Abstract

A variety of Threat Analysis (TA) techniques exist that typically target exploring threats to discrete assets (e.g., services, data, etc.) and reveal potential attacks pertinent to these assets. Furthermore, these techniques assume that the interconnection among the assets is static. However, in the Cloud, resources can instantiate or migrate across physical hosts at run-time, thus making the Cloud a dynamic environment. Additionally, the number of attacks targeting multiple assets/layers emphasizes the need for threat analysis approaches developed for Cloud environments. Therefore, this proposal presents a novel threat analysis approach that specifically addresses multi-layer attacks. The proposed approach facilitates threat analysis by developing a technology-agnostic information flow model. It contributes to exploring a threat's propagation across the operational stack of the Cloud and, consequently, holistically assessing the security of the Cloud.

Bibliographic note

© ACM, 2022. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, http://doi.acm.org/10.1145/3548606.3563515