Attack Surfaces: A Taxonomy for Attacks on Cloud Services

Gruschka, Nils; Jensen, Meiko

doi:10.1109/cloud.2010.23

Cited by 160 publications

(80 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…• The SE creates a URL that points to malicious malware on a cloud-based system [59]. This URL is printed on a pamphlet and provided to job seekers who seek employment.…”

Section: Indirect Communication -Templatementioning

confidence: 99%

Social engineering attack examples, templates and scenarios

Mouton

Leenen

Venter

2016

Computers & Security

117

View full text Add to dashboard Cite

The field of information security is a fast-growing discipline. Even though the effectiveness of security measures to protect sensitive information is increasing, people remain susceptible to manipulation and thus the human element remains a weak link. A social engineering attack targets this weakness by using various manipulation techniques to elicit sensitive information. The field of social engineering is still in its early stages with regard to formal definitions, attack frameworks and templates of attacks. This paper proposes detailed social engineering attack templates that are derived from real-world social engineering examples. Current documented examples of social engineering attacks do not include all the attack steps and phases. The proposed social engineering attack templates attempt to alleviate the problem of limited documented literature on social engineering attacks by mapping the real-world examples to the social engineering attack framework. Mapping several similar real-world examples to the social engineering attack framework allows one to establish a detailed flow of the attack whilst abstracting subjects and objects. This mapping is then utilised to propose the generalised social engineering attack templates that are representative of real-world examples, whilst still being general enough to encompass several different real-world examples. The proposed social engineering attack templates cover all three types of communication, namely bidirectional communication, unidirectional communication and indirect communication. In order to perform comparative studies of different social engineering models, processes and frameworks, it is necessary to have a formalised set of social engineering attack scenarios that are fully detailed in every phase and step of the process. The social engineering attack templates are converted to social engineering attack scenarios by populating the template with both subjects and objects from real-world examples whilst still maintaining the detailed flow of the attack as provided in the template. Furthermore, this paper illustrates how the social engineering attack scenarios are applied to verify a social engineering attack detection model. These templates and scenarios can be used by other researchers to either expand on, use for comparative measures, create additional examples or evaluate models for completeness. Additionally, the proposed social engineering attack templates can also be used to develop social engineering awareness material.

show abstract

“…• The SE creates a URL that points to malicious malware on a cloud-based system [59]. This URL is printed on a pamphlet and provided to job seekers who seek employment.…”

Section: Indirect Communication -Templatementioning

confidence: 99%

Social engineering attack examples, templates and scenarios

Mouton

Leenen

Venter

2016

Computers & Security

117

View full text Add to dashboard Cite

show abstract

“…A cloud scenario can be modelled with three participants: users, cloud instances, and cloud provider [27]. Every interaction in a cloud scenario can be addressed to two entities of these participant classes.…”

Section: Characterising System With Cloud Storage Scenariomentioning

confidence: 99%

“…Cloud Service Modified from Gruschka and Jensen [27] Below are the descriptions involved in the triangle attacks:…”

Section: Usermentioning

confidence: 99%

See 1 more Smart Citation

Modelling Threats with Security Requirements in Cloud Storage

Yahya¹,

Walters²,

Wills³

2015

IJISR

View full text Add to dashboard Cite

show abstract

“…[3,21,24,44] The complexity of modern systems means that the attack surface for a malicious agent is huge. The system can be compromised at any level and leak information in hundred of possible ways, like improperly handling access rights to databases, or leaking kernel memory through improperly written implementations, or even allowing private keys to be recovered by analyzing the system's energy consumption.…”

Section: Introductionmentioning

confidence: 99%

Security and Privacy of Protocols and Software with Formal Methods

Biondi

Legay

2016

Leveraging Applications of Formal Methods, Verification and Validation: Foundational Techniques

View full text Add to dashboard Cite

Abstract. The protection of users' data conforming to best practice and legislation is one of the main challenges in computer science. Very often, large-scale data leaks remind us that the state of the art in data privacy and anonymity is severely lacking. The complexity of modern systems make it impossible for software architect to create secure software that correctly implements privacy policies without the help of automated tools. The academic community needs to invest more effort in the formal modelization of security and anonymity properties, providing a deeper understanding of the underlying concepts and challenges and allowing the creation of automated tools to help software architects and developers. This track provides numerous contributions to the formal modeling of security and anonymity properties and the creation of tools to verify them on large-scale software projects.

show abstract

Attack Surfaces: A Taxonomy for Attacks on Cloud Services

Cited by 160 publications

References 6 publications

Social engineering attack examples, templates and scenarios

Social engineering attack examples, templates and scenarios

Modelling Threats with Security Requirements in Cloud Storage

Security and Privacy of Protocols and Software with Formal Methods

Contact Info

Product

Resources

About