Threat Modeling for Cloud Infrastructures

Today’s businesses are increasingly relying on the cloud as an alternative IT solution due to its fexibility and lower cost. Compared to traditional enterprise networks, a cloud infrastructure is typically much larger and more complex. Understanding the potential security threats in such infrastructures is naturally more challenging than in traditional networks. This is evidenced by the fact that there are limited efforts on threat modeling for cloud infrastructures. In this paper, we conduct comprehensive threat modeling exercises based on two representative cloud infrastructures using several popular threat modeling methods, including attack surface, attack trees, attack graphs, and security metrics based on attack trees and attack graphs, respectively. Those threat modeling efforts may provide cloud providers useful lessons toward better understanding and improving the security of their cloud infrastructures. In addition, we show how hardening solution can be applied based on the threat models and security metrics through extended exercises. Such results may not only beneft the cloud provider but also embed more confdence in cloud tenants by providing them a clearer picture of the potential threats and mitigation solutions.

[1]  Indrajit Ray,et al.  Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.

[2]  Sushil Jajodia,et al.  Minimum-cost network hardening using attack graphs , 2006, Comput. Commun..

[3]  Indrajit Ray,et al.  Using Attack Trees to Identify Malicious Attacks from Authorized Insiders , 2005, ESORICS.

[4]  Indrajit Ray,et al.  Optimal security hardening using multi-objective optimization on attack tree models of networks , 2007, CCS '07.

[5]  Dieter Gollmann,et al.  Computer Security - ESORICS 2005, 10th European Symposium on Research in Computer Security, Milan, Italy, September 12-14, 2005, Proceedings , 2005, ESORICS.

[6]  Jackie Rees Ulmer,et al.  Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach , 2006, Decis. Support Syst..

[7]  Talal Halabi,et al.  Towards quantification and evaluation of security of Cloud Service Providers , 2017, J. Inf. Secur. Appl..

[8]  Kamal Dahbur,et al.  A survey of risks, threats and vulnerabilities in cloud computing , 2011, ISWSA '11.

[9]  Marcus Pendleton,et al.  A Survey on Systems Security Metrics , 2016, ACM Comput. Surv..

[10]  Sushil Jajodia,et al.  An Attack Graph-Based Probabilistic Security Metric , 2008, DBSec.

[11]  Jeannette M. Wing,et al.  An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.

[12]  Yacine Rezgui,et al.  Risk assessment in service provider communities , 2011, Future Gener. Comput. Syst..

[13]  Sushil Jajodia,et al.  Network Security Metrics , 2017, Springer International Publishing.

[14]  Mohammad Abdollahi Azgomi,et al.  Mean privacy: A metric for security of computer systems , 2014, Comput. Commun..

[15]  Sajjad Haider,et al.  Security threats in cloud computing , 2011, 2011 International Conference for Internet Technology and Secured Transactions.

[16]  Neeraj Suri,et al.  A security metrics framework for the Cloud , 2011, Proceedings of the International Conference on Security and Cryptography.

[17]  Henrique Santos,et al.  What is Missing for Trust in the Cloud Computing? , 2016, CPR.

[18]  Soichi Shigeta,et al.  Design and Implementation of a Multi-objective Optimization Mechanism for Virtual Machine Placement in Cloud Computing Data Center , 2012, CloudComp.

[19]  Sushil Jajodia,et al.  Diversifying Network Services Under Cost Constraints for Better Resilience Against Unknown Attacks , 2016, DBSec.

[20]  Anderson Santana de Oliveira,et al.  A risk assessment model for selecting cloud service providers , 2016, Journal of Cloud Computing.

[21]  Indrajit Ray,et al.  Optimal security hardening on attack tree models of networks: a cost-benefit analysis , 2012, International Journal of Information Security.

[22]  Karim Djemame,et al.  A Risk Assessment Framework for Cloud Computing , 2016, IEEE Transactions on Cloud Computing.

[23]  Sushil Jajodia,et al.  Threat Modeling for Cloud Data Center Infrastructures , 2016, FPS.

[24]  Nils Gruschka,et al.  Attack Surfaces: A Taxonomy for Attacks on Cloud Services , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[25]  Ben Walters,et al.  QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[26]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[27]  Sushil Jajodia,et al.  Measuring the Overall Security of Network Configurations Using Attack Graphs , 2007, DBSec.

[28]  Sushil Jajodia,et al.  Securing Networks Against Unpatchable and Unknown Vulnerabilities Using Heterogeneous Hardening Options , 2017, DBSec.

[29]  Youki Kadobayashi,et al.  Exploring attack graph for cost-benefit security hardening: A probabilistic approach , 2013, Comput. Secur..

[30]  Bernd Grobauer,et al.  Understanding Cloud Computing Vulnerabilities , 2011, IEEE Security & Privacy.

[31]  Ali Mostashari,et al.  Measuring systems security , 2013, Syst. Eng..

[32]  R.F. Mills,et al.  Using Attack and Protection Trees to Analyze Threats and Defenses to Homeland Security , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[33]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[34]  Sushil Jajodia,et al.  Toward measuring network security using attack graphs , 2007, QoP '07.

[35]  Sushil Jajodia,et al.  Network Hardening: An Automated Approach to Improving Network Security , 2014 .

[36]  Karen Scarfone,et al.  Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[37]  Lingyu Wang,et al.  Measuring Network Security Using Bayesian Network-Based Attack Graphs , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[38]  Jeffrey A. Ingalsbe,et al.  Threat Modeling the Cloud Computing, Mobile Device Toting, Consumerized Enterprise - an overview of considerations , 2011, AMCIS.