Formalizing Threat Models for Virtualized Systems

Abstract : We propose a framework, called FATHoM (FormAlizing THreat Models), to define threat models for virtualized systems. For each component of a virtualized system, we specify a set of security properties that defines its control responsibility, its vulnerability and protection states. Relations are used to represent how assumptions made about a component’s security state restrict the assumptions that can be made on the other components. FATHoM includes a set of rules to compute the derived security states from the assumptions and the components’ relations. A further set of relations and rules is used to define how to protect the derived vulnerable components. The resulting system is then analysed, among others, for consistency of the threat model. We have developed a tool that implements FATHoM, and have validated it with use-cases adapted from the literature.
Type de document :
Communication dans un congrès
Silvio Ranise; Vipin Swarup. 30th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2016, Trento, Italy. Springer International Publishing, Lecture Notes in Computer Science, LNCS-9766, pp.251-267, 2016, Data and Applications Security and Privacy XXX. 〈10.1007/978-3-319-41483-6_18〉
Liste complète des métadonnées

Littérature citée [15 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01633687
Contributeur : Hal Ifip <>
Soumis le : lundi 13 novembre 2017 - 11:46:50
Dernière modification le : lundi 13 novembre 2017 - 11:48:22

Fichier

 Accès restreint
Fichier visible le : 2019-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Daniele Sgandurra, Erisa Karafili, Emil Lupu. Formalizing Threat Models for Virtualized Systems. Silvio Ranise; Vipin Swarup. 30th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2016, Trento, Italy. Springer International Publishing, Lecture Notes in Computer Science, LNCS-9766, pp.251-267, 2016, Data and Applications Security and Privacy XXX. 〈10.1007/978-3-319-41483-6_18〉. 〈hal-01633687〉

Partager

Métriques

Consultations de la notice

19