Work place: Department of Computer Science and IT Mulungushi University Kabwe 80415, Zambia
E-mail: vchama@mu.ac.zm
Website:
Research Interests: Software Design, Software Engineering, Information Security, Data Structures and Algorithms, Algorithm Design
Biography
Victoria Chama is currently a Staff Development Fellow (SDF) in the Department of Computer Science and Information Technology at Mulungushi University. She holds a Bachelor's Degree in Computer Science with a distinction from Mulungushi University obtained in 2016. She has experience in Spring Java, PHP, Oracle, SQL Databases and has participated in a number of consultancy projects. Her current research interests include Software Engineering, Interface Design and Information and Communications Security.
DOI: https://doi.org/10.5815/ijcnis.2018.03.04, Pub. Date: 8 Mar. 2018
Cyber attacks in cloud computing more often than not tend to exploit vulnerabilities and weaknesses found in the underlying structural components of the cloud. Such vulnerabilities and weaknesses have drawn interest from various attack profiles ranging from script kiddies to APTs. Regardless of the attack profile, cyber attackers have come to leverage the interdependencies exhibited amongst these vulnerabilities by chaining exploits together to effectuate complex interlinked attack paths. Such chaining of vulnerabilities in cloud components results in multi-stage attacks where the attacker traverses different segments of the cloud residing in different layers to reach the target. In this paper, we partition the cloud into three different layers to show how multi-stage attacks on Confidentiality, Integrity and Availability (CIA) interleave with the SaaS, PaaS and IaaS cloud computing service models. Further, we generate multi-stage attack paths based on the vulnerabilities exhibited in the components across the partitioned cloud layers. Furthermore, we model the constituents of multi-stage attack events as discrete random Bernoulli variables to characterize the attack path pursued by a given attack profile. We generate probability density curves of the associated resultant attack paths to infer on the nature of the attack and recommend a hierarchical security mitigation process based on the nature of the attack nodes.
[...] Read more.Subscribe to receive issue release notifications and newsletters from MECS Press journals