【研究發展處訊】

資管系楊欣哲特聘教授發表最新期刊論文

Novel Attack Tree Analysis Scheme to Assess the Security Risks on the Cloud Platform

作者：Shin-Jer Yang and Ya-Hui Yeh

Journal of Internet Technology

卷：20  期：4  頁碼：1027-1036

出版日期：2019年7月 (SCI)

摘要：

The security issues derived from cloud platforms are more serious, and this identifiable vulnerability risk classifies the threat paths and identifies and assesses the possible attack paths. Therefore, we employ the basis of Extended Attack Tree (EAT) Analysis and further propose the Novel Attack Tree (NAT) Analysis scheme to calculate the threat and vulnerability events that affect the Cloud Platform Service Security incidents through the characteristics of the NAT Analysis to defend and detect these security events.

     This paper utilizes the NAT Analysis proves that it can effectively assess the risk value on the cloud platform. According to threat report of the Cloud Security Alliance (CSA), after it simulates the risk factors of the cloud platform to obtain the threat path, then performs quantitative analysis on the impact of assets with the NAT Analysis. Finally, it obtains the weight of the risk value and sorts the level according to the value and further illustrate the comparison with the EAT Analysis. The proposed NAT Analysis can improve an information security risk analysis that the EAT Analysis cannot fulfill, and it can also increase the availability of risk assessments and is expected to bring more secure cloud services to the Cloud platform.

Keywords - Novel Attack Tree Analysis; Cloud Security Risk Analysis; Information Security; Cloud Platform

(研究事務組小提醒)教師如有最新發表於AHCI、SSCI、SCI、EI、TSSCI、THCI、「東吳大學外語學門獎勵名單」之期刊論文，歡迎將相關資訊e-mail至rad@scu.edu.tw，研究發展處將會公告於校園頭條，以廣交流。

【文圖/研究事務組郭玟圻專員】