Skip to Main content Skip to Navigation

Generation and Dynamic Update of Attack Graphs in Cloud Providers Infrastructures

Abstract : In traditional environments, attack graphs can paint a picture of the security exposure of the environment. Indeed, they represent a model allowing to depict the many steps an attacker can take to compromise an asset. They can represent a basis for automated risk assessment, relying on an identification and valuation of critical assets in the network. This allows to design pro-active and reactive counter-measures for risk mitigation and can be leveraged for security monitoring and network hardening.Our thesis aims to apply a similar approach in Cloud environments, which implies to consider new challenges incurred by these modern infrastructures, since the majority of attack graph methods were designed with traditional environments in mind. Novel virtualization attack scenarios, as well as inherent properties of the Cloud, namely elasticity and dynamism are a cause for concern.To realize this objective, a thorough inventory of virtualization vulnerabilities was performed, for the extension of existing vulnerability templates. Based on an attack graph representation model suitable to the Cloud scale, we were able to leverage Cloud and SDN technologies, with the purpose of building Cloud attack graphs and maintain them in an up-to-date state. Algorithms able to cope with the frequent rate of change occurring in virtualized environments were designed and extensively tested on a real scale Cloud platform for performance evaluation, confirming the validity of the methods proposed in this thesis, in order to enable Cloud administrator to dispose of an up-to-date Cloud attack graph.
Complete list of metadata

Cited literature [144 references]  Display  Hide  Download
Contributor : ABES STAR :  Contact
Submitted on : Friday, June 5, 2020 - 4:10:27 PM
Last modification on : Wednesday, November 3, 2021 - 6:05:42 AM


Files produced by the author(s)


  • HAL Id : tel-02416305, version 2


Pernelle Mensah. Generation and Dynamic Update of Attack Graphs in Cloud Providers Infrastructures. Networking and Internet Architecture [cs.NI]. CentraleSupélec, 2019. English. ⟨NNT : 2019CSUP0011⟩. ⟨tel-02416305v2⟩



Record views


Files downloads