Poster: Multi-Layer Threat Analysis of the Cloud
Pages 3419 - 3421
Abstract
A variety of Threat Analysis (TA) techniques exist that typically target exploring threats to discrete assets (e.g., services, data, etc.) and reveal potential attacks pertinent to these assets. Furthermore, these techniques assume that the interconnection among the assets is static. However, in the Cloud, resources can instantiate or migrate across physical hosts at run-time, thus making the Cloud a dynamic environment. Additionally, the number of attacks targeting multiple assets/layers emphasizes the need for threat analysis approaches developed for Cloud environments. Therefore, this proposal presents a novel threat analysis approach that specifically addresses multi-layer attacks. The proposed approach facilitates threat analysis by developing a technology-agnostic information flow model. It contributes to exploring a threat's propagation across the operational stack of the Cloud and, consequently, holistically assessing the security of the Cloud.
References
[1]
Hesham Abusaimeh. 2020. Security Attacks in Cloud Computing and Corresponding Defending Mechanisms. International Journal of Advanced Trends in Computer Science and Engineering 9 (2020), 4141--4148. https://doi.org/10.30534/ ijatcse/2020/243932020
[2]
Nawaf Alhebaishi, LingyuWang, Sushil Jajodia, and Anoop Singhal. 2016. Threat Modeling for Cloud Data Center Infrastructures. In International Symposium on Foundations and Practice of Security. Springer International Publishing, Québec City, Québec, Canada, 302--319. https://doi.org/10.1007/978--3--319--51966--1_20
[3]
Benjamin Edwards, Steven Hofmeyr, and Stephanie Forrest. 2016. Hype and heavy tails: A closer look at data breaches. Journal of Cybersecurity 2, 1 (12 2016), 3--14. https://doi.org/10.1093/ cybsec/tyw003 arXiv:https://academic.oup.com/cybersecurity/articlepdf/ 2/1/3/26672851/tyw003.pdf
[4]
Archana Ganapathi, Yanpei Chen, Armando Fox, Randy Katz, and David Patterson. 2010. Statistics-driven Workload Modeling for the Cloud. In International Conference on Data Engineering Workshops. IEEE, Long Beach, CA, USA, 87--92. https://doi.org/10.1109/ICDEW.2010.5452742
[5]
Shareeful Islam, Moussa Ouedraogo, Christos Kalloniatis, Haralambos Mouratidis, and Stefanos Gritzalis. 2018. Assurance of Security and Privacy Requirements for Cloud Deployment Models. IEEE Transactions on Cloud Computing 6 (2018), 387--400. https://doi.org/10.1109/TCC.2015.2511719
[6]
Kurt Jensen and Lars Kristensen. 2009. CPN ML Programming. Springer Berlin Heidelberg, Berlin, Heidelberg, Chapter 3, 43--77. https://doi.org/10.1007/b95112_ 3
[7]
Xin Jin, QixuWang, Xiang Li, Xingshu Chen, andWeiWang. 2019. Cloud Virtual Machine Llifecycle Security Framework based on Trusted Computing. Journal of Tsinghua Science and Technology 24 (2019), 520--534. https://doi.org/10.26599/ TST.2018.9010129
[8]
Fumio Machida, Ermeson Andrade, Dong Kim, and Kishor Trivedi. 2011. Candy: Component-based Availability Modeling Framework for Cloud Service Management Using SysML. In Proceedings of the International Symposium on Reliable Distributed Systems. IEEE, Madrid, Spain, 209--218. https://doi.org/10.1109/SRDS. 2011.33
[9]
Mohammad Masdari and Marzie Jalali. 2016. A Survey and Taxonomy of DoS Attacks in Cloud Computing. International Journal of Security and Communication Networks 9 (2016), 3724--3751. https://doi.org/10.1002/sec.1539
[10]
Daniele Sgandurra and Emil Lupu. 2016. Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems. Comput. Surveys 48 (2016), 1--38. https: //doi.org/10.1145/2856126
Index Terms
- Poster: Multi-Layer Threat Analysis of the Cloud
Recommendations
Poster: Effectiveness of Moving Target Defense Techniques to Disrupt Attacks in the Cloud
CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications SecurityMoving Target Defense (MTD) can eliminate the asymmetric advantage that attackers have in terms of time to explore a static system by changing a system's configuration dynamically to reduce the efficacy of reconnaissance and increase uncertainty and ...
Poster: When Adversary Becomes the Guardian -- Towards Side-channel Security With Adversarial Attacks
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications SecurityMachine learning algorithms fall prey to adversarial examples. As profiling side-channel attacks are seeing rapid adoption of machine learning-based approaches that can even defeat commonly used side-channel countermeasures, we investigate the potential ...
POSTER: Zero-Day Evasion Attack Analysis on Race between Attack and Defense
ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications SecurityDeep neural networks (DNNs) exhibit excellent performance in machine learning tasks such as image recognition, pattern recognition, speech recognition, and intrusion detection. However, the usage of adversarial examples, which are intentionally ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
November 2022
3598 pages
ISBN:9781450394505
DOI:10.1145/3548606
- General Chairs:
- Heng Yin,
- Angelos Stavrou,
- Program Chairs:
- Cas Cremers,
- Elaine Shi
Copyright © 2022 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 07 November 2022
Check for updates
Author Tags
Qualifiers
- Poster
Funding Sources
- EC H2020 CONCORDIA
- Engineering and Physical Sciences Research Council
Conference
CCS '22
Sponsor:
CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security
November 7 - 11, 2022
CA, Los Angeles, USA
Acceptance Rates
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%
Upcoming Conference
CCS '25
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 123Total Downloads
- Downloads (Last 12 months)24
- Downloads (Last 6 weeks)3
Reflects downloads up to 20 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in