TY  - GEN
A1  - Torkura, Kennedy A.
A1  - Sukmana, Muhammad Ihsan Haikal
A1  - Meinig, Michael
A1  - Kayem, Anne V. D. M.
A1  - Cheng, Feng
A1  - Meinel, Christoph
A1  - Graupner, Hendrik
T1  - Securing cloud storage brokerage systems through threat models
T2  - Proceedings IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA)
N2  - Cloud storage brokerage is an abstraction aimed at providing value-added services. However, Cloud Service Brokers are challenged by several security issues including enlarged attack surfaces due to integration of disparate components and API interoperability issues. Therefore, appropriate security risk assessment methods are required to identify and evaluate these security issues, and examine the efficiency of countermeasures. A possible approach for satisfying these requirements is employment of threat modeling concepts, which have been successfully applied in traditional paradigms. In this work, we employ threat models including attack trees, attack graphs and Data Flow Diagrams against a Cloud Service Broker (CloudRAID) and analyze these security threats and risks. Furthermore, we propose an innovative technique for combining Common Vulnerability Scoring System (CVSS) and Common Configuration Scoring System (CCSS) base scores in probabilistic attack graphs to cater for configuration-based vulnerabilities which are typically leveraged for attacking cloud storage systems. This approach is necessary since existing schemes do not provide sufficient security metrics, which are imperatives for comprehensive risk assessments. We demonstrate the efficiency of our proposal by devising CCSS base scores for two common attacks against cloud storage: Cloud Storage Enumeration Attack and Cloud Storage Exploitation Attack. These metrics are then used in Attack Graph Metric-based risk assessment. Our experimental evaluation shows that our approach caters for the aforementioned gaps and provides efficient security hardening options. Therefore, our proposals can be employed to improve cloud security.
KW  - Cloud-Security
KW  - Threat Models
KW  - Security Metrics
KW  - Security Risk Assessment
KW  - Secure Configuration
Y1  - 2018
SN  - 978-1-5386-2195-0
U6  - https://doi.org/10.1109/AINA.2018.00114
SN  - 1550-445X
SP  - 759
EP  - 768
PB  - IEEE
CY  - New York
ER  -