Enabling Multi-Layer Threat Analysis in Dynamic Cloud Environments

Manzoor, Salman and Gouglidis, Antonios and Bradbury, Matthew and Suri, Neeraj (2024) Enabling Multi-Layer Threat Analysis in Dynamic Cloud Environments. IEEE Transactions on Cloud Computing, 12 (1). pp. 319-336. ISSN 2168-7161

[thumbnail of IEEE_TCC_ThreatPro]
Text (IEEE_TCC_ThreatPro)
IEEE_TCC_ThreatPro.pdf - Accepted Version
Available under License Creative Commons Attribution.

Download (1MB)

Abstract

Most Threat Analysis (TA) techniques analyze threats to targeted assets (e.g., components, services) by considering static interconnections among them. However, in dynamic environments, e.g., the Cloud, resources can instantiate, migrate across physical hosts, or decommission to provide rapid resource elasticity to its users. Existing TA techniques are not capable of addressing such requirements. Moreover, complex multi-layer/multi-asset attacks on Cloud systems are increasing, e.g., the Equifax data breach; thus, TA approaches must be able to analyze them. This paper proposes ThreatPro, which supports dynamic interconnections and analysis of multi-layer attacks in the Cloud. ThreatPro facilitates threat analysis by developing a technology-agnostic information flow model, representing the Cloud's functionality through conditional transitions. The model establishes the basis to capture the multi-layer and dynamic interconnections during the life cycle of a Virtual Machine. ThreatPro contributes to (1) enabling the exploration of a threat's behavior and its propagation across the Cloud, and (2) assessing the security of the Cloud by analyzing the impact of multiple threats across various operational layers/assets. Using public information on threats from the National Vulnerability Database, we validate ThreatPro's capabilities, i.e., identify and trace actual Cloud attacks and speculatively postulate alternate potential attack paths.

Item Type:
Journal Article
Journal or Publication Title:
IEEE Transactions on Cloud Computing
Uncontrolled Keywords:
Research Output Funding/no_not_funded
Subjects:
?? no - not fundedsoftwareinformation systemscomputer science applicationshardware and architecturecomputer networks and communications ??
ID Code:
214342
Deposited By:
Deposited On:
08 Feb 2024 09:20
Refereed?:
Yes
Published?:
Published
Last Modified:
19 Oct 2024 23:57