Novel Attack Tree Analysis Scheme to Assess the Security Risks on the Cloud Platform
作者：Shin-Jer Yang and Ya-Hui Yeh
Journal of Internet Technology
卷：20 期：4 頁碼：1027-1036
The security issues derived from cloud platforms are more serious, and this identifiable vulnerability risk classifies the threat paths and identifies and assesses the possible attack paths. Therefore, we employ the basis of Extended Attack Tree (EAT) Analysis and further propose the Novel Attack Tree (NAT) Analysis scheme to calculate the threat and vulnerability events that affect the Cloud Platform Service Security incidents through the characteristics of the NAT Analysis to defend and detect these security events.
This paper utilizes the NAT Analysis proves that it can effectively assess the risk value on the cloud platform. According to threat report of the Cloud Security Alliance (CSA), after it simulates the risk factors of the cloud platform to obtain the threat path, then performs quantitative analysis on the impact of assets with the NAT Analysis. Finally, it obtains the weight of the risk value and sorts the level according to the value and further illustrate the comparison with the EAT Analysis. The proposed NAT Analysis can improve an information security risk analysis that the EAT Analysis cannot fulfill, and it can also increase the availability of risk assessments and is expected to bring more secure cloud services to the Cloud platform.
Keywords - Novel Attack Tree Analysis; Cloud Security Risk Analysis; Information Security; Cloud Platform