Enabling Multi-Layer Threat Analysis in Dynamic Cloud Environments

Salman Manzoor, Antonios Gouglidis, Matthew Bradbury, and Neeraj Suri. Enabling Multi-Layer Threat Analysis in Dynamic Cloud Environments. IEEE Transactions on Cloud Computing, February 2024. doi:10.1109/TCC.2024.3365736.

[ bibtex] [ file] [ supplemental]

Cloud systems are now highly pervasive and provide significant opportunities for adversaries to attack these systems. Therefore, there is a need to understand how attacks can be performed in a Cloud environment. It is important to perform this analysis for historical attacks — to analyse what happened and what alternate routes an adversary could have taken to reach their goals. However, it is also important to have a capability to perform speculative analysis in terms of what potential attacks could have been performed considering a specific set of vulnerabilities. Therefore, this work investigated modelling the dynamic cloud environment, threats to it and how an adversary could reach specific goals.

Petri net modelling of a Cloud system
Petri net modelling of information flow through the Cloud system.

This work proposes to use a Petri net to model the environment. Petri nets were chosen as they provide convenient ways to model and analyse distributed systems. Using Petri net models of different threats, speculative analysis can be performed to identify different goals that an adversary could reach.

Attack tree showing that an adversary can utilise different threats to reach different goals
Potential attack paths based on the vulnerabilities chosen to evaluate.

Importance

Understanding what goals and adversary could reach and how is an important aspect of knowing where to deploy mitigations. For example, this analysis could assist in applying the Cyber Kill Chain methodology by better understanding where applying mitigations is most effective.

Perspectives

Vulnerability databases (such as CVE) are very useful in the way in which they document vulnerabilities. However, as these vulnerabilities lack a technical specification, it means that to use a vulnerability in this analysis it impact needs to be manually specified. Future work in this area could consider formal specification of vulnerabilities (either in terms of the vulnerability or its impact) as part of their reporting.

Extends

This paper extends a previous shorter paper:
Salman Manzoor, Antonios Gouglidis, Matthew Bradbury, and Neeraj Suri. Poster: Multi-Layer Threat Analysis of the Cloud. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS’22, 3419–3421. Los Angeles, CA, USA, 7–11 November 2022. ACM. doi:10.1145/3548606.3563515.