Cloud Security Requirement Based Threat Analysis

被引：0

作者：

Taha, Ahmed ^{[1
]}

Lawall, Alexander ^{[1
]}

Suri, Neeraj ^{[2
]}

机构：

[1] IUAS, Bad Honnef, Germany

[2] Univ Lancaster, Lancaster, England

来源：

2023 INTERNATIONAL CONFERENCE ON COMPUTING, NETWORKING AND COMMUNICATIONS, ICNC | 2023年

关键词：

Threat Analysis; Cloud Security; Service's dependencies;

D O I：

10.1109/ICNC57223.2023.10074275

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Threat analysis (TA) is a process to identify, detect, and evaluate security vulnerabilities systematically. Specifically, the TA, which focuses on threats that can potentially violate the customer's data ownership requirements of security and performance, is named Requirement Based Threat Analysis (RBTA). Despite the importance of RBTA, the current manual RBTA process is both time intensive and makes no assurance of completeness of the analysis. Thus, we develop a systematic analytic technique that enumerates customers' requirements and then determines all possible direct/indirect dependencies across them to conduct a generalized threat analysis from their requirements. The approach is validated for its effectiveness on actual Cloud customer requirements and can be generalized to apply to other requirements.

引用

页码：506 / 510

页数：5

共 50 条

[1] Threat risk analysis for cloud security based on Attack-Defense Trees
Wang, Ping
Lin, Hui-Tang
Wang, Tzu Chia
Lin, Wen-Hui
Kuo, Pu-Tsun
[J]. International Journal of Advancements in Computing Technology, 2012, 4 (17) : 607 - 617
[2] Cloud Threat Defense - a Threat Protection and Security Compliance Solution
Bharadwaj, Deepak R.
Bhattacharya, Anamika
Chakkaravarthy, Manivannan
[J]. 2018 SEVENTH IEEE INTERNATIONAL CONFERENCE ON CLOUD COMPUTING IN EMERGING MARKETS (CCEM), 2018, : 95 - 99
[3] A Hybrid Threat Model for Software Security Requirement Specification
Omotunde, Habeeb
Ibrahim, Rosziati
[J]. 2016 INTERNATIONAL CONFERENCE ON INFORMATION SCIENCE AND SECURITY (ICISS), 2014, : 56 - 59
[4] Data-Driven Threat Analysis for Ensuring Security in Cloud Enabled Systems
Alwaheidi, Mohammed K. S.
Islam, Shareeful
[J]. SENSORS, 2022, 22 (15)
[5] Network Security Analysis Based on Consolidated Threat Resources
Garasym, Oleg
Chyrun, Liliya
Chcrnovol, Nadija
Gazhyj, Aleksandr
Gozhyj, Victor
Kalinina, Irina
Rusyn, Bohdan
Pohreliuk, Liubomyr
Korobchynskyi, Maksym
[J]. COMPUTATIONAL LINGUISTICS AND INTELLIGENT SYSTEMS (COLINS 2020), VOL I: MAIN CONFERENCE, 2020, 2604
[6] Threat-based Security Analysis for the Internet of Things
Atamli, Ahmad W.
Martin, Andrew
[J]. 2014 INTERNATIONAL WORKSHOP ON SECURE INTERNET OF THINGS (SIOT), 2014, : 35 - 43
[7] Cloud Security Analysis Based on Virtualization Technology
Zhang, Jiaxing
[J]. 2022 INTERNATIONAL CONFERENCE ON BIG DATA, INFORMATION AND COMPUTER NETWORK (BDICN 2022), 2022, : 519 - 522
[8] Threat-Specific Security Risk Evaluation in the Cloud
Nhlabatsi, Armstrong
Hong, Jin B.
Kim, Dong Seong
Fernandez, Rachael
Hussein, Alaa
Fetais, Noora
Khan, Khaled M.
[J]. IEEE TRANSACTIONS ON CLOUD COMPUTING, 2021, 9 (02) : 793 - 806
[9] Threat as a Service? Virtualization's Impact on Cloud Security
Tsai, Hsin-Yi
Siebenhaar, Melanie
Miede, Andre
Huang, Yu-Lun
Steinmetz, Ralf
[J]. IT PROFESSIONAL, 2012, 14 (01) : 32 - 37
[10] Threat-Specific Security Risk Evaluation in the Cloud
Roobini, M. S.
TejaSatyanrayana, B.
SaiVenkataGirish, B.
Sridevi, N.
Pothumani, S.
[J]. 2024 INTERNATIONAL CONFERENCE ON ADVANCES IN COMPUTING, COMMUNICATION AND APPLIED INFORMATICS, ACCAI 2024, 2024,

← 1 2 3 4 5 →