loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Daniele Granata and Massimiliano Rak

Affiliation: Department of Engineering, University of Campania Luigi Vanvitelli, Aversa, Italy

Keyword(s): Threat Modeling, Risk Analysis, Threat Agent, Protocols.

Abstract: Cloud service architectures are very heterogeneous and commonly relies on components managed by third parties. As a consequence, the security verification process of these architectures is a complex and costly process. Moreover, development of application that runs in cloud should take into account the agile software design and development methodologies and a really short time-to market, which are often incompatible with deep security testing. This article aims at addressing such issues proposing a technique, compatible with Security-By-Design methodologies, that automates the threat modeling and risk evaluation of a system, reducing the costs and requiring a limited set of security skills. Through the proposed approach, the software system is analysed identifying the threats that affects the system technical assets, ranking the level of risk associated to each threat and suggesting a set of countermeasures in standard terms; the process requires a minimal user interaction. The propo sed technique, was implemented through a dedicated tool and, correctly integrated in development processes, can significantly reduce the need of costly security experts and shorten the time needed to execute a full system security assessment. In order to validate the technique, we compared our results with approaches available in literature and existing tools. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.17.128.129

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Granata, D. and Rak, M. (2021). Design and Development of a Technique for the Automation of the Risk Analysis Process in IT Security. In Proceedings of the 11th International Conference on Cloud Computing and Services Science - CLOSER; ISBN 978-989-758-510-4; ISSN 2184-5042, SciTePress, pages 87-98. DOI: 10.5220/0010455200870098

@conference{closer21,
author={Daniele Granata. and Massimiliano Rak.},
title={Design and Development of a Technique for the Automation of the Risk Analysis Process in IT Security},
booktitle={Proceedings of the 11th International Conference on Cloud Computing and Services Science - CLOSER},
year={2021},
pages={87-98},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010455200870098},
isbn={978-989-758-510-4},
issn={2184-5042},
}

TY - CONF

JO - Proceedings of the 11th International Conference on Cloud Computing and Services Science - CLOSER
TI - Design and Development of a Technique for the Automation of the Risk Analysis Process in IT Security
SN - 978-989-758-510-4
IS - 2184-5042
AU - Granata, D.
AU - Rak, M.
PY - 2021
SP - 87
EP - 98
DO - 10.5220/0010455200870098
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic