Rights statement: © ACM, 2022. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, http://doi.acm.org/10.1145/3548606.3563515
Accepted author manuscript, 644 KB, PDF document
Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License
Final published version
Research output: Contribution to conference - Without ISBN/ISSN › Poster › peer-review
| Publication date | 7/11/2022 |
|---|---|
| Number of pages | 3 |
| Pages | 3419-3421 |
| <mark>Original language</mark> | English |
| Event | ACM Conference on Computer and Communications Security - Los Angeles, United States Duration: 7/11/2022 → 11/11/2022 https://www.sigsac.org/ccs/CCS2022/ |
| Conference | ACM Conference on Computer and Communications Security |
|---|---|
| Abbreviated title | CCS |
| Country/Territory | United States |
| City | Los Angeles |
| Period | 7/11/22 → 11/11/22 |
| Internet address |
A variety of Threat Analysis (TA) techniques exist that typically target exploring threats to discrete assets (e.g., services, data, etc.) and reveal potential attacks pertinent to these assets. Furthermore, these techniques assume that the interconnection among the assets is static. However, in the Cloud, resources can instantiate or migrate across physical hosts at run-time, thus making the Cloud a dynamic environment. Additionally, the number of attacks targeting multiple assets/layers emphasizes the need for threat analysis approaches developed for Cloud environments. Therefore, this proposal presents a novel threat analysis approach that specifically addresses multi-layer attacks. The proposed approach facilitates threat analysis by developing a technology-agnostic information flow model. It contributes to exploring a threat's propagation across the operational stack of the Cloud and, consequently, holistically assessing the security of the Cloud.