An Automated Security Analysis Framework and Implementation for Cloud
作者: Masood Niazi Torshiz , Dong Seong Kim , Julian Jang-Jaccard , Hooman Alavizadeh , Hootan Alavizadeh
DOI:
关键词: Web application 、 Cloud computing 、 Graphical user interface 、 Attack surface 、 Distributed computing 、 Cloud computing security 、 Computer security model 、 Vulnerability 、 Security analysis 、 Computer science 、 Automation
摘要: Cloud service providers offer their customers with on-demand and cost-effective services, scalable computing, network infrastructures. Enterprises migrate services to the cloud utilize benefit of computing such as eliminating capital expense need. There are security vulnerabilities threats in cloud. Many researches have been proposed analyze using Graphical Security Models (GSMs) metrics. In addition, it has widely researched finding appropriate defensive strategies for Moving Target Defense (MTD) techniques can elasticity features change attack surface confuse attackers. Most previous work incorporating MTDs into GSMs theoretical performance was evaluated based on simulation. this paper, we realized framework designed, implemented tested a assessment tool real platform named UniteCloud. Our solution (1) monitor real-time, (2) automate modeling analysis visualize User Interface via web application, (3) deploy three MTD including Diversity, Redundancy, Shuffle infrastructure. We analyzed automation process APIs showed practicality feasibility deploying all
arxiv.org
harvard.edu参考文章(23)
Gustavo Gonzalez Granadillo, Hervé Débar, Grégoire Jacob, Chrystel Gaber, Mohammed Achemlal, Individual Countermeasure Selection Based on the Return On Response Investment Index Lecture Notes in Computer Science. ,vol. 7531, pp. 156- 170 ,(2012) , 10.1007/978-3-642-33704-8_14
Jin Bum Hong, Dong Seong Kim, HARMs: Hierarchical Attack Representation Models for Network Security Analysis australian information security management conference. pp. 74- 81 ,(2012) , 10.4225/75/57B559A3CD8DA
Igor Kotenko, Andrey Chechulin, None, Computer attack modeling and security evaluation based on attack graphs intelligent data acquisition and advanced computing systems: technology and applications. ,vol. 02, pp. 614- 619 ,(2013) , 10.1109/IDAACS.2013.6662998
Dimitrios Zissis, Dimitrios Lekkas, Addressing cloud computing security issues Future Generation Computer Systems. ,vol. 28, pp. 583- 592 ,(2012) , 10.1016/J.FUTURE.2010.12.006
Chun-Jen Chung, Pankaj Khatkar, Tianyi Xing, Jeongkeun Lee, Dijiang Huang, NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems IEEE Transactions on Dependable and Secure Computing. ,vol. 10, pp. 198- 211 ,(2013) , 10.1109/TDSC.2013.8
Arpan Roy, Dong Seong Kim, Kishor S. Trivedi, Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees Security and Communication Networks. ,vol. 5, pp. 929- 943 ,(2012) , 10.1002/SEC.299
Rinku Dewri, Indrajit Ray, Nayot Poolsappasit, Darrell Whitley, Optimal security hardening on attack tree models of networks: a cost-benefit analysis International Journal of Information Security. ,vol. 11, pp. 167- 188 ,(2012) , 10.1007/S10207-012-0160-Y
Peter Mell, Karen Scarfone, Sasha Romanosky, Common Vulnerability Scoring System ieee symposium on security and privacy. ,vol. 4, pp. 85- 89 ,(2006) , 10.1109/MSP.2006.145
Kyle Ingols, Matthew Chu, Richard Lippmann, Seth Webster, Stephen Boyer, Modeling Modern Network Attacks and Countermeasures Using Attack Graphs annual computer security applications conference. pp. 117- 126 ,(2009) , 10.1109/ACSAC.2009.21
B. Kordy, S. Mauw, S. Radomirovic, P. Schweitzer, Attack-Defense Trees Journal of Logic and Computation. ,vol. 24, pp. 55- 87 ,(2014) , 10.1093/LOGCOM/EXS029