{"title":"云服务的威胁建模","authors":"Muhammad Kazim, David Evans","doi":"10.1109/SOSE.2016.55","DOIUrl":null,"url":null,"abstract":"Cloud computing offers various services ranging from infrastructure to computation, software and application. These services have gained popularity in both public and enterprise domains, and they process large amount of user data with varying privacy levels. However, due to the dynamic nature of cloud services, many enterprise level security policies, standards and practices cannot be implemented in cloud which leads to different security threats. These threats can be exploited by various attackers to compromise the cloud services. In this paper threat modeling for cloud services has been done by considering various attackers such as hackers, malicious administrators, malicious users and service providers. After describing possible threats to cloud services from these attackers, methodologies to exploit those threats have been presented. Moreover, the generalization of threat model has been done to determine the threats related to a specific service functionality for various attackers in cloud.","PeriodicalId":153118,"journal":{"name":"2016 IEEE Symposium on Service-Oriented System Engineering (SOSE)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Threat Modeling for Services in Cloud\",\"authors\":\"Muhammad Kazim, David Evans\",\"doi\":\"10.1109/SOSE.2016.55\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cloud computing offers various services ranging from infrastructure to computation, software and application. These services have gained popularity in both public and enterprise domains, and they process large amount of user data with varying privacy levels. However, due to the dynamic nature of cloud services, many enterprise level security policies, standards and practices cannot be implemented in cloud which leads to different security threats. These threats can be exploited by various attackers to compromise the cloud services. In this paper threat modeling for cloud services has been done by considering various attackers such as hackers, malicious administrators, malicious users and service providers. After describing possible threats to cloud services from these attackers, methodologies to exploit those threats have been presented. Moreover, the generalization of threat model has been done to determine the threats related to a specific service functionality for various attackers in cloud.\",\"PeriodicalId\":153118,\"journal\":{\"name\":\"2016 IEEE Symposium on Service-Oriented System Engineering (SOSE)\",\"volume\":\"38 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE Symposium on Service-Oriented System Engineering (SOSE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SOSE.2016.55\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Symposium on Service-Oriented System Engineering (SOSE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SOSE.2016.55","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Cloud computing offers various services ranging from infrastructure to computation, software and application. These services have gained popularity in both public and enterprise domains, and they process large amount of user data with varying privacy levels. However, due to the dynamic nature of cloud services, many enterprise level security policies, standards and practices cannot be implemented in cloud which leads to different security threats. These threats can be exploited by various attackers to compromise the cloud services. In this paper threat modeling for cloud services has been done by considering various attackers such as hackers, malicious administrators, malicious users and service providers. After describing possible threats to cloud services from these attackers, methodologies to exploit those threats have been presented. Moreover, the generalization of threat model has been done to determine the threats related to a specific service functionality for various attackers in cloud.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
