Article

Toward a threat model for storage systems

Authors:

William YurcikAuthors Info & Claims

StorageSS '05: Proceedings of the 2005 ACM workshop on Storage security and survivability

Pages 94 - 102

https://doi.org/10.1145/1103780.1103795

Published: 11 November 2005 Publication History

Abstract

The growing number of storage security breaches as well as the need to adhere to government regulations is driving the need for greater storage protection. However, there is the lack of a comprehensive process to designing storage protection solutions. Designing protection for storage systems is best done by utilizing proactive system engineering rather than reacting with ad hoc countermeasures to the latest attack du jour. The purpose of threat modeling is to organize system threats and vulnerabilities into general classes to be addressed with known storage protection techniques. Although there has been prior work on threat modeling primarily for software applications, to our knowledge this is the first attempt at domain-specific threat modeling for storage systems. We discuss protection challenges unique to storage systems and propose two different processes to creating a threat model for storage systems: one based on classical security principles Confidentiality, Integrity, Availability, Authentication, or CIAA) and another based on the Data Lifecycle Model. It is our hope that this initial work will start a discussion on how to better design and implement storage protection solutions against storage threats.

References

[1]

P. Ammann, S. Jajodia, C. D. McCollum, and B. T. Blaustein. Surviving Information Warfare Attacks on Databases. In Proc. of the IEEE Symposium on Security and Privacy, 1997.

Digital Library

[2]

D. Atkins and R. Austein. Threat Analysis of the Domain Name System (DNS). RFC 3833, August

[3]

D. Barrall and D. Dewey. Plug and Root, the USB Key to the Kingdom. Presentation at Black Hat Briefings, 2005.

[4]

California Senate. California Database Breach Act (SB 1386). http://info.sen.ca.gov/pub/01-02/bill/sen/sb 1351-1400/sb 1386 bill 20020926chaptered.html, 2002.

[5]

Centers for Medicare & Medicaid Services. The Health Insurance Portability and Accountability Act of 1996 (HIPAA). http://www.cms.hhs.gov/hipaa/, 1996.

[6]

P. M. Chen, E. K. Lee, G. A. Gibson, R. H. Katz, and D. A. Patterson. RAID: High-Performance, Reliable Secondary Storage. In ACM Computing Surveys 26(2), pages 145--185, 1994.

Digital Library

[7]

J. Chirillo and S. Blaul. Storage Security: Protecting, SANs, NAS and DAS. Wiley, 2002.

Digital Library

[8]

J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding Data Lifetime via Whole System Simulation. In Proc. of 13th Usenix Security Symposium, 2004.

Digital Library

[9]

J. Chow, B. Pfaff, T. Garfinkel, and M. Rosenblum. Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation. In Proc. of 14th Usenix Security Symposium, 2005.

Digital Library

[10]

D. D. Cock, K. Wouters, D. Schellekens, D. Singele, and B. Preneel. Threat Modelling for Security Tokens in Web Applications. In Proc. of the IFIP TC6/TC11 International Conference on Communications and Multimedia Security (CMS), pages 183--193, 2004.

[11]

D. Dagon, W. Lee, and R. Lipton. Protecting Secret Data from Insider Attacks. In Proc. of Ninth International Conference on Financial Cryptography and Data Security, 2005.

Digital Library

[12]

A. Edmonds. Towards Securing Information End-to-End: Networked Storage Security Update and Best Practices. White Paper, February 2003.

[13]

Federal Trade Commission. Gramm-Leach-Bliley Act of 1999.

[14]

S. Garfinkel and A. Shelat. Remembrance of Data Passed: A Study of Disk Sanitization Practices. IEEE Security & Privacy, pages 17--27, January/February 2003.

Digital Library

[15]

E. Goh, H. Shacham, N. Modadugu, and D. Boneh. SiRiUS: Securing Remote Untrusted Storage. In 10th Annual Network and Distributed System Security Symposium (NDSS), 2003.

[16]

I. Griggs. Browser Threat Model. http://iang.org/ssl/browser threat model.html, 2004.

[17]

J. Gruener and M. Kovar. The Emerging Storage Security Challenge. Yankee Group Report, September 2003.

[18]

R. Hasan, J. Tucek, P. Stanton, W. Yurcik, L. Brumbaugh, J. Rosendale, and R. Boonstra. The Techniques and Challenges of Immutable Storage for Applications in Multimedia. In IS&T/SPIE International Symposium Electronic Imaging / Storage and Retrieval Methods and Applications for Multimedia (EI121), 2005.

[19]

E. Haubert, J. Tucek, L. Brumbaugh, and W. Yurcik. Tamper-Resistant Storage Techniques for Multimedia Systems. In IS&T/SPIE International Symposium Electronic Imaging / Storage and Retrieval Methods and Applications for Multimedia (EI121), 2005.

[20]

HP. Understanding Storage Security. RFC 3833, February 2005.

[21]

J. Hughes. Encrypted Storage-Challenges and Methods. In Tutorial, IEEE/NASA Goddard Conference on Mass Storage Systems & Technologies (MSST), 2005.

[22]

J. McDermott, R. Gelinas, and S. Ornstein. Doc, Wyatt, and Virgil: Prototyping Storage Jamming Defenses. In 13th Annual Computer Security Applications Conference (ACSAC), 1997.

Digital Library

[23]

J. McDermott and D. Goldschlag. Storage Jamming. In Proc. of the Ninth Annual IFIP TC11 WG11.3 Working Conference on Database Security IX: Status and Prospects, pages 365--381, 1996.

Digital Library

[24]

J. P. McDermott. Replication Does Survive Information Warfare Attacks. In IFIP Workshop on Database Security, pages 219--228, 1997.

Digital Library

[25]

S. Myagmar, A. J. Lee, and W. Yurcik. Threat Modeling as a Basis for Security Requirements (SREIS). In Symposium on Requirements Engineering for Information Security, 2005.

[26]

N. Nguyen, P. Reiher, and G. Kuenning. Detecting Insider Threats by Monitoring System Call Activity. In Proc. of IEEE Workshop on Information Assurance, 2001.

[27]

A. Pennington, J. Strunk, J. Griffin, C. Soules, G. Goodson, and G. Ganger. Storage-Based Intrusion Detection: Watching Storage Activity for Suspicious Behavior. In Proc. of Usenix Security Symposium, 2003.

Digital Library

[28]

G. A. Pluta, L. Brumbaugh, W. Yurcik, and J. Tucek. Who Moved My Data? A Backup Tracking System for Dynamic Workstation Environments. In 18th Usenix Large Installation System Administration Conference (LISA), 2004.

Digital Library

[29]

P. Reiher. File Profiling for Insider Threats. Technical Report, February 2002.

[30]

A. Roscoe, M. Goldsmith, S. Creese, and I. Zakiuddin. The Attacker in Ubiquitous Computing Environments: Formalising the Threat Model. In Proc. of First International Workshop on Formal Aspects in Security and Trust, 2003.

[31]

D. S. Santry, M. J. Feeley, N. C. Hutchinson, A. C. Veitch, R. W. Carton, and J. Ofir. Deciding When to Forget in the Elephant File System. In Proc. of the Seventeenth ACM Symposium on Operating Systems Principles (SOSP), pages 110--123, 1999.

Digital Library

[32]

S. Schechter and M. D. Smith. How Much Security Is Enough to Stop a Thief?: The Economics of Outsider Theft via Computer Systems and Networks. In Financial Cryptography, pages 122--137, 2003.

[33]

B. Schneier. Attack Trees: Modeling Security Threats. Dr. Dobb's Journal, December 1999.

[34]

B. Schneier. Secrets and Lies: Digital Security in a Networked World. John Wiley and Sons, 2000.

Digital Library

[35]

P. Stanton, W. Yurcik, and L. Brumbaugh. Protecting Multimedia Data in Storage: A Survey of Techniques Emphasizing Encryption. In IS&T/SPIE International Symposium Electronic Imaging / Storage and Retrieval Methods and Applications for Multimedia (EI121), 2005.

[36]

J. Steffan and M. Schumacher. Collaborative Attack Modeling. In Proc. of the 2002 ACM symposium on Applied computing (SAC), pages 253--259, 2002.

Digital Library

[37]

J. D. Strunk, G. R. Goodson, M. L. Scheinholtz, C. A. Soules, and G. R. Ganger. Self-Securing Storage: Protecting Data in Compromised Systems. In Proc. of the 4th Symposium on Operating Design and Implementation (OSDI), 2000.

Digital Library

[38]

F. Swiderski and W. Snyder. Threat Modeling. Microsoft Press, 2004.

Digital Library

[39]

J. Tucek, P. Stanton, E. Haubert, R. Hasan, L. Brumbaugh, and W. Yurcik. Trade-offs in Protecting Storage: A Meta-Data Comparison of Cryptographic, Backup/Versioning, Immutable/Tamper-Proof, and Redundant Storage Solutions. In 2nd IEEE - 13th NASA Goddard Conference on Mass Storage Systems and Technologies (MSST), 2005.

Digital Library

[40]

U.S. Securities and Exchange Commission. Sarbanes-Oxley Act of 2002. http://www.sarbanes-oxley-forum.com/.

[41]

J. Vijayan. CA Security Hole Points to Data Backup Threats. Computerworld, August 2005.

[42]

J. J. Wylie, M. W. Bigrigg, J. D. Strunk, G. R. Ganger, H. Kilite, and P. K. Khosla. Survivable Information Storage Systems. IEEE Computer, 33(8):61--68, 2000.

Digital Library

Cited By

Chowdhury NHasan R(2024)Security Analysis of Connected Autonomous Vehicles (CAVs): Challenges, Issues, Defenses, and Open Problems2024 IEEE World Forum on Public Safety Technology (WFPST)10.1109/WFPST58552.2024.00036(81-86)Online publication date: 14-May-2024
https://doi.org/10.1109/WFPST58552.2024.00036
Istiak Chowdhury NHasan R(2024)How Trustworthy are Over-The-Air (OTA) Updates for Autonomous Vehicles (AV) to Ensure Public Safety?: A Threat Model-based Security Analysis2024 IEEE World Forum on Public Safety Technology (WFPST)10.1109/WFPST58552.2024.00025(87-92)Online publication date: 14-May-2024
https://doi.org/10.1109/WFPST58552.2024.00025
Zisad SHasan R(2024)Towards a Security Analysis of Radiological Medical Devices using the MITRE ATT&CK FrameworkSoutheastCon 202410.1109/SoutheastCon52093.2024.10500224(1577-1582)Online publication date: 15-Mar-2024
https://doi.org/10.1109/SoutheastCon52093.2024.10500224
Show More Cited By

Index Terms

Toward a threat model for storage systems
1. Information systems
  1. Information retrieval
  2. Information storage systems
    1. Storage management
2. Software and its engineering
  1. Software organization and properties
    1. Contextual software domains
      1. Operating systems
        File systems management
        Memory management

Recommendations

Threat Modeling for CSRF Attacks
CSE '09: Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03

Cross-Site Request Forgery (CSRF) vulnerability is extremely widespread and one of the top ten Web application vulnerabilities of the Open Web Application Security Project (OWASP). In this paper, we explore the CSRF vulnerabilities, illustrate the real-...
ESSecA: An automated expert system for threat modelling and penetration testing for IoT ecosystems
Abstract
Despite the growing spread of Internet of Things (IoT) ecosystems, their security assessment is still an open issue. Identifying threats, vulnerabilities, and attacks is a costly and time-consuming process, incompatible with their time-...
Graphical abstract

Display Omitted
Highlights
- ESSecA, an expert system performing threat-driven penetration testing planning.
Towards a threat model for mobile ad-hoc networks
ISP'06: Proceedings of the 5th WSEAS International Conference on Information Security and Privacy

The increasing number of mobile devices enabled by wireless communication significantly change security issues and challenge threat modeling research in many ways. Particularly because of the vulnerability of wireless communication channels in addition ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

StorageSS '05: Proceedings of the 2005 ACM workshop on Storage security and survivability

November 2005

150 pages

ISBN:159593233X

DOI:10.1145/1103780

General Chair:
Vijay Atluri
Rutgers University
,
Program Chairs:
Pierangela Samarati
Universita' degli Studi di Milano, Italy
,
William Yurcik
NCSA
,
Larry Brumbaugh
NCSA
,
Yuanyuan Zhou
University of Illinois

Copyright © 2005 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 November 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS05

Sponsor:

CCS05: 12th ACM Conference on Computer and Communications Security 2005

November 11, 2005

VA, Fairfax, USA

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

49
Total Citations
View Citations
1,868
Total Downloads

Downloads (Last 12 months)39
Downloads (Last 6 weeks)7

Reflects downloads up to 21 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Chowdhury NHasan R(2024)Security Analysis of Connected Autonomous Vehicles (CAVs): Challenges, Issues, Defenses, and Open Problems2024 IEEE World Forum on Public Safety Technology (WFPST)10.1109/WFPST58552.2024.00036(81-86)Online publication date: 14-May-2024
https://doi.org/10.1109/WFPST58552.2024.00036
Istiak Chowdhury NHasan R(2024)How Trustworthy are Over-The-Air (OTA) Updates for Autonomous Vehicles (AV) to Ensure Public Safety?: A Threat Model-based Security Analysis2024 IEEE World Forum on Public Safety Technology (WFPST)10.1109/WFPST58552.2024.00025(87-92)Online publication date: 14-May-2024
https://doi.org/10.1109/WFPST58552.2024.00025
Zisad SHasan R(2024)Towards a Security Analysis of Radiological Medical Devices using the MITRE ATT&CK FrameworkSoutheastCon 202410.1109/SoutheastCon52093.2024.10500224(1577-1582)Online publication date: 15-Mar-2024
https://doi.org/10.1109/SoutheastCon52093.2024.10500224
Sanni MAkinyemi BOlalere DOlajubu EAderounmu G(2023)A Predictive Cyber Threat Model for Mobile Money ServicesAnnals of Emerging Technologies in Computing10.33166/AETiC.2023.01.0047:1(40-60)Online publication date: 1-Jan-2023
https://doi.org/10.33166/AETiC.2023.01.004
Yang FXu FFeng TQiu CZhao C(2023)pDPoSt+sPBFT: A High Performance Blockchain-Assisted Parallel Reinforcement Learning in Industrial Edge-Cloud Collaborative NetworkIEEE Transactions on Network and Service Management10.1109/TNSM.2022.323020820:3(2744-2759)Online publication date: Sep-2023
https://doi.org/10.1109/TNSM.2022.3230208
Istiak Chowdhury NHasan R(2023)Security Analysis of Cardiovascular Implantable Electronic Device (CIED) using a Threat Model-based ApproachSoutheastCon 202310.1109/SoutheastCon51012.2023.10115206(81-88)Online publication date: 1-Apr-2023
https://doi.org/10.1109/SoutheastCon51012.2023.10115206
Alshamrani SHasan R(2023)Security Analysis of a Smart City Traffic Control System using a Threat Model-based ApproachSoutheastCon 202310.1109/SoutheastCon51012.2023.10115120(511-517)Online publication date: 1-Apr-2023
https://doi.org/10.1109/SoutheastCon51012.2023.10115120
Mauri LDamiani E(2022)Modeling Threats to AI-ML Systems Using STRIDESensors10.3390/s2217666222:17(6662)Online publication date: 3-Sep-2022
https://doi.org/10.3390/s22176662
Hoque MHasan R(2022)Autonomous Driving Security: A Comprehensive Threat Model of Attacks and Mitigation Strategies2022 IEEE 8th World Forum on Internet of Things (WF-IoT)10.1109/WF-IoT54382.2022.10152219(1-6)Online publication date: 26-Oct-2022
https://doi.org/10.1109/WF-IoT54382.2022.10152219
Vakhter VSoysal BSchaumont PGuler U(2022)Threat Modeling and Risk Analysis for Miniaturized Wireless Biomedical DevicesIEEE Internet of Things Journal10.1109/JIOT.2022.31441309:15(13338-13352)Online publication date: 1-Aug-2022
https://doi.org/10.1109/JIOT.2022.3144130
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents