Professional Documents
Culture Documents
Cloud Security
Cloud Security
Cloud Computing
Ragib Hasan
Johns Hopkins University
en.600.412 Spring 2010
Lecture 2
02/01/2010
2/1/2010
Format:
Summary: A brief overview of the paper, 1 paragraph (5 / 6
sentences)
Pros: 3 or more issues
Cons: 3 or more issues
Possible improvements: Any possible suggestions to improve
the work
2/1/2010
Threat Model
A threat model helps in analyzing a security
problem, design mitigation strategies, and
evaluate solutions
Steps:
Identify attackers, assets, threats and other
components
Rank the threats
Choose mitigation strategies
Build solutions based on the strategies
2/1/2010
Threat Model
Basic components
Attacker modeling
Choose what attacker to consider
Attacker motivation and capabilities
Vulnerabilities / threats
2/1/2010
2/1/2010
SaaS / PaaS
Provider
Cloud Provider
(IaaS)
2/1/2010
Attackers
2/1/2010
Outsider?
Intruders
Network attackers?
2/1/2010
At cloud provider
Log client communication
2/1/2010
10
2/1/2010
11
Why not?
Cheaper to be honest?
Why? (again)
Third party clouds?
2/1/2010
12
2/1/2010
13
14
Assets
2/1/2010
15
2/1/2010
16
2/1/2010
17
2/1/2010
18
Threats
2/1/2010
19
Spoofing identity
Tampering with data
Repudiation
Information disclosure
Denial of service
Elevation of privilege
2/1/2010
20
Typical threats
Threat type
Mitigation technique
Spoofing identity
Authentication
Protect secrets
Do not store secrets
Authorization
Hashes
Message authentication codes
Digital signatures
Tamper-resistant protocols
Repudiation
Digital signatures
Timestamps
Audit trails
[STRIDE]
2/1/2010
21
Mitigation technique
Information disclosure
Denial of service
Elevation of privilege
Authorization
Privacy-enhanced protocols
Encryption
Protect secrets
Do not store secrets
Authentication
Authorization
Filtering
Throttling
Quality of service
Run with least privilege
[STRIDE]
2/1/2010
22
Summary
A threat model helps in designing appropriate
defenses against particular attackers
Your solution and security countermeasures
will depend on the particular threat model
you want to address
2/1/2010
23
Further Reading
Frank Swiderski and Window Snyder , Threat Modeling , Microsoft Press, 2004
The STRIDE Threat Model
2/1/2010
24