Bayesian attack graphs for platform virtualized infrastructures in clouds. (April 2020)
- Record Type:
- Journal Article
- Title:
- Bayesian attack graphs for platform virtualized infrastructures in clouds. (April 2020)
- Main Title:
- Bayesian attack graphs for platform virtualized infrastructures in clouds
- Authors:
- Asvija, B.
Eswari, R.
Bijoy, M.B. - Abstract:
- Abstract: Virtualization security is an important aspect to be carefully addressed while provisioning cloud services. In this paper, we propose a novel model using Bayesian Attack Graphs (BAG) to perform security risk assessment for platform virtualized infrastructures that are used for building cloud services. BAGs are powerful mechanisms that can be used to model the uncertainties inherent in security attacks. We build upon the reference conditional probability tables for the BAG nodes using the reported attacks on virtualized systems from the Common Vulnerabilities and Exposures (CVE) database. We employ Bayesian probabilistic inference techniques on the model presented and showcase the results obtained that can be used by system architects for the risk assessment of such infrastructures. In addition to the probabilistic model, we also present a deterministic approach with security metrics for attack graphs and derive the values for the modeled BAG, which can be used for assessing and comparing with other architectures. The approach described here to draw inferences from the BAG can be employed by system architects to find explanations to critical queries in security design and also to carefully select the countermeasures to be installed. The model can also be used to learn from future a-posteriori evidence data from actual security breaches to provide an efficient risk assessment.
- Is Part Of:
- Journal of information security and applications. Volume 51(2020)
- Journal:
- Journal of information security and applications
- Issue:
- Volume 51(2020)
- Issue Display:
- Volume 51, Issue 2020 (2020)
- Year:
- 2020
- Volume:
- 51
- Issue:
- 2020
- Issue Sort Value:
- 2020-0051-2020-0000
- Page Start:
- Page End:
- Publication Date:
- 2020-04
- Subjects:
- Security -- Virtualization -- Bayesian attack graphs -- Risk assessment -- Cloud computing
Computer security -- Periodicals
Information technology -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/ ↗
- DOI:
- 10.1016/j.jisa.2020.102455 ↗
- Languages:
- English
- ISSNs:
- 2214-2126
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 19140.xml