Threat Modeling for Cloud Data Center Infrastructures

Alhebaishi, Nawaf; Wang, Lingyu; Jajodia, Sushil; Singhal, Anoop

doi:10.1007/978-3-319-51966-1_20

Cited by 20 publications

(18 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The preliminary version of this paper has previously appeared in [6]. In this paper, we have substantially improved and extended the previous version.…”

Section: Introductionmentioning

confidence: 94%

Threat Modeling for Cloud Infrastructures

Alhebaishi¹,

Wang²,

Singhal³

2019

ICST Transactions on Security and Safety

Self Cite

View full text Add to dashboard Cite

Today's businesses are increasingly relying on the cloud as an alternative IT solution due to its flexibility and lower cost. Compared to traditional enterprise networks, a cloud infrastructure is typically much larger and more complex. Understanding the potential security threats in such infrastructures is naturally more challenging than in traditional networks. This is evidenced by the fact that there are limited efforts on threat modeling for cloud infrastructures. In this paper, we conduct comprehensive threat modeling exercises based on two representative cloud infrastructures using several popular threat modeling methods, including attack surface, attack trees, attack graphs, and security metrics based on attack trees and attack graphs, respectively. Those threat modeling efforts may provide cloud providers useful lessons toward better understanding and improving the security of their cloud infrastructures. In addition, we show how hardening solution can be applied based on the threat models and security metrics through extended exercises. Such results may not only benefit the cloud provider but also embed more confidence in cloud tenants by providing them a clearer picture of the potential threats and mitigation solutions.This section briefly reviews several popular threat models and existing security metrics that will be applied in this paper, including attack surface, attack tree, attack graph, attack tree-based metric (ATM), and Bayesian network (BN)-based metric.-Attack surface: Originally proposed as a metric for software security, an attack surface captures software components that may lead to potential vulnerabilities, including entry and exit points (i.e., methods in a software program that either take user inputs or generate outputs), communication channels (e.g., TCP or UDP), and untrusted data items (e.g., configuration files or registry keys read by the software) [7]. Since the attack surface requires examining the source code of a software, due to the complexity of such a task, most existing work applies the concept in a high-level and intuitive manner. For example, six attack surfaces are said to exist between an end user, the cloud provider, and cloud services [8], although the exact meaning of such attack surface is not specified.-Attack tree: While the attack surface focuses on what may provide attackers initial privileges or accesses to a system, attack trees demonstrate the possible attack paths which may be followed by the attacker to further infiltrate the system [9].

show abstract

“…The preliminary version of this paper has previously appeared in [6]. In this paper, we have substantially improved and extended the previous version.…”

Section: Introductionmentioning

confidence: 94%

Threat Modeling for Cloud Infrastructures

Alhebaishi¹,

Wang²,

Singhal³

2019

ICST Transactions on Security and Safety

Self Cite

View full text Add to dashboard Cite

show abstract

“…The Cloud reference architecture is intended to be a simplified representation of the key components that are important for CAVs. It is sufficiently detailed for an analysis of how attacks on the Cloud will impact a CAV, however, more detailed reference architectures and threat models should be used to analyse the Cloud in greater depth (such as References [64][65][66]).…”

Section: Cloud Reference Architecturementioning

confidence: 99%

A Connected and Autonomous Vehicle Reference Architecture for Attack Surface Analysis

Maple

Bradbury

et al. 2019

Applied Sciences

View full text Add to dashboard Cite

Connected autonomous vehicles (CAVs) will be deployed over the next decade with autonomous functionalities supported by new sensing and communication capabilities. Such functionality exposes CAVs to new attacks that current vehicles will not face. To ensure the safety and security of CAVs, it is important to be able to identify the ways in which the system could be attacked and to build defences against these attacks. One possible approach is to use reference architectures to perform an attack surface analysis. Existing research has developed a variety of reference architectures but none for the specific purpose of attack surface analysis. Existing approaches are either too simple for sufficiently detailed modelling or require too many details to be specified to easily analyse a CAV’s attack surface. Therefore, we propose a reference architecture using a hybrid Functional-Communication viewpoint for attack surface analysis of CAVs, including the Devices, Edge and Cloud systems CAVs interact with. Using two case studies, we demonstrate how attack trees can be used to understand the attack surface of CAV systems.

show abstract

“…The problem with many approaches is the lack of formalization, which leads to their ambiguous interpretation and subjectivity of the resulting list of threats. There are works that use the mathematical apparatus of graph theory, but they are aimed at formalizing the description of attacks, not threats themselves [25][26][27]. Some works are aimed at the description of attackers and does not allow to determine the list of threats [28].…”

Section: Related Workmentioning

confidence: 99%

Model of Threats to Computer Network Software

2019

View full text Add to dashboard Cite

This article highlights the issue of identifying information security threats to computer networks. The aim of the study is to increase the number of identified threats. Firstly, it was carried out the analysis of computer network models used to identify threats, as well as in approaches to building computer network threat models. The shortcomings that need to be corrected are highlighted. On the basis of the mathematical apparatus of attributive metagraphs, a computer network model is developed that allows to describe the software components of computer networks and all possible connections between them. On the basis of elementary operations on metagraphs, a model of threats to the security of computer network software is developed, which allows compiling lists of threats to the integrity and confidentiality of computer network software. These lists include more threats in comparison with the considered analogues.

show abstract

Threat Modeling for Cloud Data Center Infrastructures

Cited by 20 publications

References 12 publications

Threat Modeling for Cloud Infrastructures

Threat Modeling for Cloud Infrastructures

A Connected and Autonomous Vehicle Reference Architecture for Attack Surface Analysis

Model of Threats to Computer Network Software

Contact Info

Product

Resources

About