Threat Modeling for Cloud Infrastructures

EAI Endorsed Trans. Security Safety Pub Date : 2019-01-10 DOI:10.4108/eai.10-1-2019.156246

Nawaf Alhebaishi, Lingyu Wang, A. Singhal

{"title":"Threat Modeling for Cloud Infrastructures","authors":"Nawaf Alhebaishi, Lingyu Wang, A. Singhal","doi":"10.4108/eai.10-1-2019.156246","DOIUrl":null,"url":null,"abstract":"Today’s businesses are increasingly relying on the cloud as an alternative IT solution due to its fexibility and lower cost. Compared to traditional enterprise networks, a cloud infrastructure is typically much larger and more complex. Understanding the potential security threats in such infrastructures is naturally more challenging than in traditional networks. This is evidenced by the fact that there are limited efforts on threat modeling for cloud infrastructures. In this paper, we conduct comprehensive threat modeling exercises based on two representative cloud infrastructures using several popular threat modeling methods, including attack surface, attack trees, attack graphs, and security metrics based on attack trees and attack graphs, respectively. Those threat modeling efforts may provide cloud providers useful lessons toward better understanding and improving the security of their cloud infrastructures. In addition, we show how hardening solution can be applied based on the threat models and security metrics through extended exercises. Such results may not only beneft the cloud provider but also embed more confdence in cloud tenants by providing them a clearer picture of the potential threats and mitigation solutions.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"EAI Endorsed Trans. Security Safety","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4108/eai.10-1-2019.156246","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

Today’s businesses are increasingly relying on the cloud as an alternative IT solution due to its fexibility and lower cost. Compared to traditional enterprise networks, a cloud infrastructure is typically much larger and more complex. Understanding the potential security threats in such infrastructures is naturally more challenging than in traditional networks. This is evidenced by the fact that there are limited efforts on threat modeling for cloud infrastructures. In this paper, we conduct comprehensive threat modeling exercises based on two representative cloud infrastructures using several popular threat modeling methods, including attack surface, attack trees, attack graphs, and security metrics based on attack trees and attack graphs, respectively. Those threat modeling efforts may provide cloud providers useful lessons toward better understanding and improving the security of their cloud infrastructures. In addition, we show how hardening solution can be applied based on the threat models and security metrics through extended exercises. Such results may not only beneft the cloud provider but also embed more confdence in cloud tenants by providing them a clearer picture of the potential threats and mitigation solutions.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

云基础设施的威胁建模

由于云计算的灵活性和较低的成本，当今的企业越来越依赖云计算作为替代IT解决方案。与传统的企业网络相比，云基础设施通常更大、更复杂。理解此类基础设施中的潜在安全威胁自然比理解传统网络中的潜在安全威胁更具挑战性。在云基础设施的威胁建模方面的努力有限，这一事实证明了这一点。在本文中，我们使用几种流行的威胁建模方法，包括攻击面、攻击树、攻击图以及基于攻击树和攻击图的安全度量，基于两种具有代表性的云基础设施进行了全面的威胁建模练习。这些威胁建模工作可以为云提供商提供有用的经验，以更好地理解和提高其云基础设施的安全性。此外，我们还通过扩展的练习展示了如何基于威胁模型和安全度量来应用加固解决方案。这样的结果不仅可能使云提供商受益，而且通过向云租户提供更清晰的潜在威胁和缓解解决方案，使他们更有信心。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

EAI Endorsed Trans. Security Safety

自引率

0.00%

发文量