Data-Driven Threat Analysis for Ensuring Security in Cloud Enabled Systems

Alwaheidi, Mohammed KS ORCID logoORCID: https://orcid.org/0000-0002-4457-8774 and Islam, Shareeful ORCID logoORCID: https://orcid.org/0000-0003-0885-1881 (2022) Data-Driven Threat Analysis for Ensuring Security in Cloud Enabled Systems. Sensors, 22 (15). p. 5726. ISSN 1424-8220

[img]
Preview
Text
Published Version
Available under the following license: Creative Commons Attribution.

Download (8MB) | Preview
Official URL: https://www.mdpi.com/1424-8220/22/15/5726

Abstract

Cloud computing offers many benefits including business flexibility, scalability and cost savings but despite these benefits, there exist threats that require adequate attention for secure service delivery. Threats in a cloud-based system need to be considered from a holistic perspective that accounts for data, application, infrastructure and service, which can pose potential risks. Data certainly plays a critical role within the whole ecosystem and organisations should take account of and protect data from any potential threats. Due to the variation of data types, status, and location, understanding the potential security concerns in cloud-based infrastructures is more complex than in a traditional system. The existing threat modeling approaches lack the ability to analyse and prioritise data-related threats. The main contribution of the paper is a novel data-driven threat analysis (d-TM) approach for the cloud-based systems. The main motivation of d-TM is the integration of data from three levels of abstractions, i.e., management, control, and business and three phases, i.e., storage, process and transmittance, within each level. The d-TM provides a systematic flow of attack surface analysis from the user agent to the cloud service provider based on the threat layers in cloud computing. Finally, a cloud-based use case scenario was used to demonstrate the applicability of the proposed approach. The result shows that d-TM revealed four critical threats out of the seven threats based on the identified assets. The threats targeted management and business data in general, while targeting data in process and transit more specifically.

Item Type: Journal Article
Keywords: Science & Technology, Physical Sciences, Technology, Chemistry, Analytical, Engineering, Electrical & Electronic, Instruments & Instrumentation, Chemistry, Engineering, threat modelling, data level, cloud based system, data flow diagram, control, cloud service provider
Faculty: Faculty of Science & Engineering
SWORD Depositor: Symplectic User
Depositing User: Symplectic User
Date Deposited: 06 Sep 2022 10:40
Last Modified: 06 Sep 2022 10:45
URI: https://arro.anglia.ac.uk/id/eprint/707876

Actions (login required)

Edit Item Edit Item