Rights statement: © ACM, 2022. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, http://doi.acm.org/10.1145/3548606.3563515
Accepted author manuscript, 644 KB, PDF document
Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License
Final published version
Research output: Contribution to conference - Without ISBN/ISSN › Poster › peer-review
Research output: Contribution to conference - Without ISBN/ISSN › Poster › peer-review
}
TY - CONF
T1 - Poster: Multi-Layer Threat Analysis of the Cloud
AU - Manzoor, Salman
AU - Gouglidis, Antonios
AU - Bradbury, Matthew
AU - Suri, Neeraj
N1 - © ACM, 2022. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, http://doi.acm.org/10.1145/3548606.3563515
PY - 2022/11/7
Y1 - 2022/11/7
N2 - A variety of Threat Analysis (TA) techniques exist that typically target exploring threats to discrete assets (e.g., services, data, etc.) and reveal potential attacks pertinent to these assets. Furthermore, these techniques assume that the interconnection among the assets is static. However, in the Cloud, resources can instantiate or migrate across physical hosts at run-time, thus making the Cloud a dynamic environment. Additionally, the number of attacks targeting multiple assets/layers emphasizes the need for threat analysis approaches developed for Cloud environments. Therefore, this proposal presents a novel threat analysis approach that specifically addresses multi-layer attacks. The proposed approach facilitates threat analysis by developing a technology-agnostic information flow model. It contributes to exploring a threat's propagation across the operational stack of the Cloud and, consequently, holistically assessing the security of the Cloud.
AB - A variety of Threat Analysis (TA) techniques exist that typically target exploring threats to discrete assets (e.g., services, data, etc.) and reveal potential attacks pertinent to these assets. Furthermore, these techniques assume that the interconnection among the assets is static. However, in the Cloud, resources can instantiate or migrate across physical hosts at run-time, thus making the Cloud a dynamic environment. Additionally, the number of attacks targeting multiple assets/layers emphasizes the need for threat analysis approaches developed for Cloud environments. Therefore, this proposal presents a novel threat analysis approach that specifically addresses multi-layer attacks. The proposed approach facilitates threat analysis by developing a technology-agnostic information flow model. It contributes to exploring a threat's propagation across the operational stack of the Cloud and, consequently, holistically assessing the security of the Cloud.
U2 - 10.1145/3548606.3563515
DO - 10.1145/3548606.3563515
M3 - Poster
SP - 3419
EP - 3421
T2 - ACM Conference on Computer and Communications Security
Y2 - 7 November 2022 through 11 November 2022
ER -