Using Taint Analysis for Threat Risk of Cloud Applications

Ping Wang, Wun Jie Chao, Kuo-Ming Chao, Chi-Chun Lo

    Research output: Chapter in Book/Report/Conference proceedingChapter

    Abstract

    —Most existing approaches to developing cloud applications using threat analysis involve program vulnerability analyses for identifying the security holes associated with malware attacks. New malware attacks can bypass firewall-based detection by bypassing stack protection and by using Hypertext Transfer Protocol logging, kernel hacks, and library hack techniques, and to the cloud applications. In performing threat analysis for unspecified malware attacks, software engineers can use a taint analysis technique for tracking information flows between attack sources (malware) and detect vulnerabilities of targeted network applications. This paper proposes a threat risk analysis model incorporating an improved attack tree analysis scheme for solving the mobile security problem; in the model, Android programs perform taint checking to analyse the risks posed by suspicious applications. In probabilistic risk analysis, defence evaluation metrics are used for each attack path for assisting a defender simulate the attack results against malware attacks and estimate the impact losses. Finally, a case of threat analysis of a typical cyber security attack is presented to demonstrate the proposed approach.
    Original languageEnglish
    Title of host publicationProceedings - 11th IEEE International Conference on E-Business Engineering, ICEBE 2014 - Including 10th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2014 and 1st Workshop on E-Commerce Engineering, ECE 2014
    PublisherIEEE
    Pages185-190
    ISBN (Print)978-147996563-2
    DOIs
    Publication statusPublished - Dec 2014
    Event11th IEEE International Conference on E-Business Engineering - Guangzhou, China
    Duration: 5 Nov 20147 Nov 2014

    Conference

    Conference11th IEEE International Conference on E-Business Engineering
    Abbreviated titleICEBE 2014
    CountryChina
    CityGuangzhou
    Period5/11/147/11/14

      Fingerprint

    Bibliographical note

    This paper is not yet available on the repository

    Keywords

    • analysis
    • Attack defence tree
    • Cyber attacks
    • Taint checking
    • Threat
    • I

    Cite this

    Wang, P., Chao, W. J., Chao, K-M., & Lo, C-C. (2014). Using Taint Analysis for Threat Risk of Cloud Applications. In Proceedings - 11th IEEE International Conference on E-Business Engineering, ICEBE 2014 - Including 10th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2014 and 1st Workshop on E-Commerce Engineering, ECE 2014 (pp. 185-190). IEEE. https://doi.org/10.1109/ICEBE.2014.40