Home > Research > Publications & Outputs > ThreatPro

Links

Text available via DOI:

View graph of relations

ThreatPro: Multi-Layer Threat Analysis in the Cloud

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Published

Standard

ThreatPro: Multi-Layer Threat Analysis in the Cloud. / Manzoor, Salman; Gouglidis, Antonios; Bradbury, Matthew et al.
In: arXiv, Vol. abs/2209.14795, 29.09.2022.

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Harvard

APA

Vancouver

Manzoor S, Gouglidis A, Bradbury M, Suri N. ThreatPro: Multi-Layer Threat Analysis in the Cloud. arXiv. 2022 Sept 29;abs/2209.14795. doi: 10.48550/arXiv.2209.14795

Author

Bibtex

@article{aeb3c691419d44e893f83b5b90d8be37,
title = "ThreatPro: Multi-Layer Threat Analysis in the Cloud",
abstract = "Many effective Threat Analysis (TA) techniques exist that focus on analyzing threats to targeted assets (e.g., components, services). These techniques consider static interconnections among the assets. However, in dynamic environments, such as the Cloud, resources can instantiate, migrate across physical hosts, or decommission to provide rapid resource elasticity to the users. It is evident that existing TA techniques cannot address all these requirements. In addition, there is an increasing number of complex multi-layer/multi-asset attacks on Cloud systems, such as the Equifax data breach. Hence, there is a need for threat analysis approaches that are designed to analyze threats in complex, dynamic, and multi-layer Cloud environments. In this paper, we propose ThreatPro that addresses the analysis of multi-layer attacks and supports dynamic interconnections in the Cloud. ThreatPro facilitates threat analysis by developing a technology-agnostic information flow model, which represents the Cloud's functionality through a set of conditional transitions. The model establishes the basis to capture the multi-layer and dynamic interconnections during the life-cycle of a Virtual Machine (VM). Specifically, ThreatPro contributes in (a) enabling the exploration of a threat's behavior and its propagation across the Cloud, and (b) assessing the security of the Cloud by analyzing the impact of multiple threats across various operational layers/assets. Using public information on threats from the National Vulnerability Database (NVD), we validate ThreatPro's capabilities, i.e., (a) identify and trace actual Cloud attacks and (b) speculatively postulate alternate potential attack paths.",
author = "Salman Manzoor and Antonios Gouglidis and Matthew Bradbury and Neeraj Suri",
year = "2022",
month = sep,
day = "29",
doi = "10.48550/arXiv.2209.14795",
language = "English",
volume = "abs/2209.14795",
journal = "arXiv",
issn = "2331-8422",

}

RIS

TY - JOUR

T1 - ThreatPro

T2 - Multi-Layer Threat Analysis in the Cloud

AU - Manzoor, Salman

AU - Gouglidis, Antonios

AU - Bradbury, Matthew

AU - Suri, Neeraj

PY - 2022/9/29

Y1 - 2022/9/29

N2 - Many effective Threat Analysis (TA) techniques exist that focus on analyzing threats to targeted assets (e.g., components, services). These techniques consider static interconnections among the assets. However, in dynamic environments, such as the Cloud, resources can instantiate, migrate across physical hosts, or decommission to provide rapid resource elasticity to the users. It is evident that existing TA techniques cannot address all these requirements. In addition, there is an increasing number of complex multi-layer/multi-asset attacks on Cloud systems, such as the Equifax data breach. Hence, there is a need for threat analysis approaches that are designed to analyze threats in complex, dynamic, and multi-layer Cloud environments. In this paper, we propose ThreatPro that addresses the analysis of multi-layer attacks and supports dynamic interconnections in the Cloud. ThreatPro facilitates threat analysis by developing a technology-agnostic information flow model, which represents the Cloud's functionality through a set of conditional transitions. The model establishes the basis to capture the multi-layer and dynamic interconnections during the life-cycle of a Virtual Machine (VM). Specifically, ThreatPro contributes in (a) enabling the exploration of a threat's behavior and its propagation across the Cloud, and (b) assessing the security of the Cloud by analyzing the impact of multiple threats across various operational layers/assets. Using public information on threats from the National Vulnerability Database (NVD), we validate ThreatPro's capabilities, i.e., (a) identify and trace actual Cloud attacks and (b) speculatively postulate alternate potential attack paths.

AB - Many effective Threat Analysis (TA) techniques exist that focus on analyzing threats to targeted assets (e.g., components, services). These techniques consider static interconnections among the assets. However, in dynamic environments, such as the Cloud, resources can instantiate, migrate across physical hosts, or decommission to provide rapid resource elasticity to the users. It is evident that existing TA techniques cannot address all these requirements. In addition, there is an increasing number of complex multi-layer/multi-asset attacks on Cloud systems, such as the Equifax data breach. Hence, there is a need for threat analysis approaches that are designed to analyze threats in complex, dynamic, and multi-layer Cloud environments. In this paper, we propose ThreatPro that addresses the analysis of multi-layer attacks and supports dynamic interconnections in the Cloud. ThreatPro facilitates threat analysis by developing a technology-agnostic information flow model, which represents the Cloud's functionality through a set of conditional transitions. The model establishes the basis to capture the multi-layer and dynamic interconnections during the life-cycle of a Virtual Machine (VM). Specifically, ThreatPro contributes in (a) enabling the exploration of a threat's behavior and its propagation across the Cloud, and (b) assessing the security of the Cloud by analyzing the impact of multiple threats across various operational layers/assets. Using public information on threats from the National Vulnerability Database (NVD), we validate ThreatPro's capabilities, i.e., (a) identify and trace actual Cloud attacks and (b) speculatively postulate alternate potential attack paths.

U2 - 10.48550/arXiv.2209.14795

DO - 10.48550/arXiv.2209.14795

M3 - Journal article

VL - abs/2209.14795

JO - arXiv

JF - arXiv

SN - 2331-8422

ER -