Security Threat Modelling With Bayesian Networks and Sensitivity Analysis for IAAS Virtualization Stack
Open Access
- 1 July 2021
- journal article
- research article
- Published by IGI Global in Journal of Organizational and End User Computing
- Vol. 33 (4), 44-69
- https://doi.org/10.4018/joeuc.20210701.oa3
Abstract
Designing security mechanisms for cloud computing infrastructures has assumed importance with the widespread adoption of public clouds. Virtualization security is a crucial component of the overall cloud infrastructure security. In this article, the authors employ the concept of Bayesian networks and attack graphs to carry out sensitivity analysis on the different components involved in virtualization security for infrastructure as a service (IaaS) cloud infrastructures. They evaluate the Bayesian attack graph (BAG) for the IaaS model to reveal the sensitive regions and thus help the administrators to secure the high risk components in the stack. They present a formal definition of the sensitivity analysis and then evaluate using the BAG model for IaaS stack. The model and analysis presented here can also be used by security analysts and designers to make a selection of the security solutions based on the risk profile of vulnerable nodes and the corresponding cost involved in adding a defense against the identified vulnerabilities.Keywords
This publication has 19 references indexed in Scilit:
- Efficient Attack Graph Analysis through Approximate InferenceACM Transactions on Privacy and Security, 2017
- Cache Attacks Enable Bulk Key Recovery on the CloudPublished by Springer Science and Business Media LLC ,2016
- Virtualization layer security challenges and intrusion detection/prevention systems in cloud computing: a comprehensive reviewThe Journal of Supercomputing, 2016
- Threat as a Service?: Virtualization's Impact on Cloud SecurityIT Professional, 2011
- Dynamic Security Risk Management Using Bayesian Attack GraphsIEEE Transactions on Dependable and Secure Computing, 2011
- Extending Attack Graph-Based Security Metrics and Aggregating Their ApplicationIEEE Transactions on Dependable and Secure Computing, 2010
- Detecting (and creating !) a HVM rootkit (aka BluePill-like)Journal of Computer Virology and Hacking Techniques, 2009
- Parameterisation and evaluation of a Bayesian network for use in an ecological risk assessmentEnvironmental Modelling & Software, 2007
- Network vulnerability assessment using Bayesian networksPublished by SPIE-Intl Soc Optical Eng ,2005
- A distance measure for bounding probabilistic belief changeInternational Journal of Approximate Reasoning, 2005