Abstract
—Most existing approaches to developing cloud
applications using threat analysis involve program
vulnerability analyses for identifying the security holes
associated with malware attacks. New malware attacks can
bypass firewall-based detection by bypassing stack protection
and by using Hypertext Transfer Protocol logging, kernel
hacks, and library hack techniques, and to the cloud
applications. In performing threat analysis for unspecified
malware attacks, software engineers can use a taint analysis
technique for tracking information flows between attack
sources (malware) and detect vulnerabilities of targeted
network applications. This paper proposes a threat risk
analysis model incorporating an improved attack tree analysis
scheme for solving the mobile security problem; in the model,
Android programs perform taint checking to analyse the risks
posed by suspicious applications. In probabilistic risk analysis,
defence evaluation metrics are used for each attack path for
assisting a defender simulate the attack results against
malware attacks and estimate the impact losses. Finally, a case
of threat analysis of a typical cyber security attack is presented
to demonstrate the proposed approach.
Original language | English |
---|---|
Title of host publication | Proceedings - 11th IEEE International Conference on E-Business Engineering, ICEBE 2014 - Including 10th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2014 and 1st Workshop on E-Commerce Engineering, ECE 2014 |
Publisher | IEEE |
Pages | 185-190 |
ISBN (Print) | 978-147996563-2 |
DOIs | |
Publication status | Published - Dec 2014 |
Event | 11th IEEE International Conference on E-Business Engineering - Guangzhou, China Duration: 5 Nov 2014 → 7 Nov 2014 |
Conference
Conference | 11th IEEE International Conference on E-Business Engineering |
---|---|
Abbreviated title | ICEBE 2014 |
Country/Territory | China |
City | Guangzhou |
Period | 5/11/14 → 7/11/14 |
Bibliographical note
This paper is not yet available on the repositoryKeywords
- analysis
- Attack defence tree
- Cyber attacks
- Taint checking
- Threat
- I