Alhebaishi, N.
, Wang, L.
, Jajodia, S.
and Singhal, A.
(2016),
Threat Modeling for Cloud Data Center Infrastructures, 9th International Conference on Foundations and Practice of Security, Quebec City, CA, [online], https://doi.org/10.1007/978-3-319-51966-1_20, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=921695
(Accessed April 25, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Threat Modeling for Cloud Data Center Infrastructures
Published
Author(s)
Nawaf Alhebaishi, Lingyu Wang, Sushil Jajodia,
Abstract
Cloud computing has undergone rapid expansion throughout the last decade. Many companies and organizations have made the transition from traditional data centers to the cloud due to its flexibility and lower cost. However, traditional data centers are still being relied upon by those who are less certain about the security of cloud. This problem is highlighted by the fact that there only exist limited efforts on threat modeling for cloud data centers. In this paper, we conduct comprehensive threat modeling exercises based on two representative cloud infrastructures using several popular threat modeling methods, including attack surface, attack trees, attack graphs, and security metrics based on attack trees and attack graphs, respectively. Those threat modeling efforts give cloud providers practical lessons and means toward better evaluating, understanding and improving their cloud infrastructures. Our results may also imbed more confidence in potential cloud tenants by providing them a clearer picture about potential threats in cloud infrastructures and corresponding solutions.Proceedings Title
9th International Conference on Foundations and Practice of Security
Conference Dates
October 24-26, 2016
Conference Location
Quebec City, CA
Pub Type
Conferences
Download Paper
Keywords
Security Metrics, Cloud Security, Attack Surface, Attack Graphs, Attack Trees
Citation
Created December 28, 2016, Updated October 12, 2021