Anglia Ruskin Research Online (ARRO)
Browse
Alwaheidi_et_al_2022.pdf (8.4 MB)

Data-Driven Threat Analysis for Ensuring Security in Cloud Enabled Systems

Download (8.4 MB)
journal contribution
posted on 2023-07-26, 15:58 authored by Mohammed KS Alwaheidi, Shareeful Islam
Cloud computing offers many benefits including business flexibility, scalability and cost savings but despite these benefits, there exist threats that require adequate attention for secure service delivery. Threats in a cloud-based system need to be considered from a holistic perspective that accounts for data, application, infrastructure and service, which can pose potential risks. Data certainly plays a critical role within the whole ecosystem and organisations should take account of and protect data from any potential threats. Due to the variation of data types, status, and location, understanding the potential security concerns in cloud-based infrastructures is more complex than in a traditional system. The existing threat modeling approaches lack the ability to analyse and prioritise data-related threats. The main contribution of the paper is a novel data-driven threat analysis (d-TM) approach for the cloud-based systems. The main motivation of d-TM is the integration of data from three levels of abstractions, i.e., management, control, and business and three phases, i.e., storage, process and transmittance, within each level. The d-TM provides a systematic flow of attack surface analysis from the user agent to the cloud service provider based on the threat layers in cloud computing. Finally, a cloud-based use case scenario was used to demonstrate the applicability of the proposed approach. The result shows that d-TM revealed four critical threats out of the seven threats based on the identified assets. The threats targeted management and business data in general, while targeting data in process and transit more specifically.

History

Refereed

  • Yes

Volume

22

Issue number

15

Page range

5726-5726

Publication title

Sensors

ISSN

1424-8220

Publisher

MDPI AG

File version

  • Published version

Language

  • eng

Legacy posted date

2022-09-06

Legacy creation date

2022-09-06

Legacy Faculty/School/Department

Faculty of Science & Engineering