Abstract

As the usage of the Cloud proliferates, the need for security evaluation of the Cloud also grows. The process of threat modeling and analysis is advocated to assess potential vulnerabilities that can undermine the Cloud security goals. However, given the plethora of distinct services involved in the Cloud ecosystem and the varied attack surfaces entailed in the Cloud-specific architectures, performing threat analysis for the Cloud is a challenging task. Consequently, contemporary Cloud threat analysis approaches, typically using relational security models (e.g., attack graphs, trees...), primarily focus on specific services/layers of the Cloud. Also, these schemes often fail to include the variants of the identified vulnerabilities in their analysis. Hence, a comprehensive threat analysis approach is required that can (a) model and analyze threats across the multilayer Cloud operational stack, and (b) include variants of the vulnerabilities in the threat analysis procedure. We target achieving a holistic Cloud threat analysis by designing a novel multi-layer Cloud model, using Petri Nets, to comprehensively profile the operational behavior of the services involved in the Cloud operations. We subsequently conduct threat modeling to identify threats within and across the different layers of the Cloud operations. Our proposed threat analysis approach also investigates the variants of the potential vulnerabilities to comprehensively infer the Cloud attack surface.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.