Visible to the public Biblio

Filters: Author is Casola, Valentina  [Clear All Filters]
2022-08-26
Casola, Valentina, Benedictis, Alessandra De, Mazzocca, Carlo, Montanari, Rebecca.  2021.  Toward Automated Threat Modeling of Edge Computing Systems. 2021 IEEE International Conference on Cyber Security and Resilience (CSR). :135—140.

Edge computing brings processing and storage capabilities closer to the data sources, to reduce network latency, save bandwidth, and preserve data locality. Despite the clear benefits, this paradigm brings unprecedented cyber risks due to the combination of the security issues and challenges typical of cloud and Internet of Things (IoT) worlds. Notwithstanding an increasing interest in edge security by academic and industrial communities, there is still no discernible industry consensus on edge computing security best practices, and activities like threat analysis and countermeasure selection are still not well established and are completely left to security experts.In order to cope with the need for a simplified yet effective threat modeling process, which is affordable in presence of limited security skills and economic resources, and viable in modern development approaches, in this paper, we propose an automated threat modeling and countermeasure selection strategy targeting edge computing systems. Our approach leverages a comprehensive system model able to describe the main involved architectural elements and the associated data flow, with a focus on the specific properties that may actually impact on the applicability of threats and of associated countermeasures.

2019-02-08
Casola, Valentina, De Benedictis, Alessandra, Rak, Massimiliano, Villano, Umberto.  2018.  A Security SLA-Driven Moving Target Defense Framework to Secure Cloud Applications. Proceedings of the 5th ACM Workshop on Moving Target Defense. :48-56.

The large adoption of cloud services in many business domains dramatically increases the need for effective solutions to improve the security of deployed services. The adoption of Security Service Level Agreements (Security SLAs) represents an effective solution to state formally the security guarantees that a cloud service is able to provide. Even if security policies declared by the service provider are properly implemented before the service is deployed and launched, the actual security level tends to degrade over time, due to the knowledge on the exposed attack surface that the attackers are progressively able to gain. In this paper, we present a Security SLA-driven MTD framework that allows MTD strategies to be applied to a cloud application by automatically switching among different admissible application configurations, in order to confuse the attackers and nullify their reconnaissance effort, while preserving the application Security SLA across reconfigurations.