Toward a threat model for storage systems

  title={Toward a threat model for storage systems},
  author={Ragib Hasan and Suvda Myagmar and Adam J. Lee and William Yurcik},
  booktitle={ACM International Workshop on Storage Security And Survivability},
The growing number of storage security breaches as well as the need to adhere to government regulations is driving the need for greater storage protection. However, there is the lack of a comprehensive process to designing storage protection solutions. Designing protection for storage systems is best done by utilizing proactive system engineering rather than reacting with ad hoc countermeasures to the latest attack du jour. The purpose of threat modeling is to organize system threats and… 

Figures from this paper

Developing a Threat Model for Enterprise Storage Area Networks

  • C. DeCusatis
  • Computer Science
    2006 IEEE Information Assurance Workshop
  • 2006
This paper presents a method for quantifying risk, justifying security upgrade costs, and proactively assessing threats to an enterprise-class SAN, and suggests that a centralized approach to security management based on the host processor may be more effective than a distributed approach based in the edge of the network.

The Security Threats and Corresponding Measures to Distributed Storage Systems

There are various threats in distributed storage systems, but there is no comprehensive category. There are some research works on threat modeling and the challenges of protecting storage systems,

Distributed security storage model for large-scale data

A distributed security storage model can deal with the high concurrency and the complexity of large-scale data management in the distributed environment and provides confidentiality protection, integrity protection, and access permission control.

Addressing performance challenges in secure storage systems

The motivation for this dissertation is driven by the need to secure storage systems which cater to the performance demands of applications, which are becoming more data intensive and collaborative.

A Survey of Security Services and Techniques in Distributed Storage Systems

This paper identifies major security issues and requirements of data protection related to distributed data storage systems and classify the security services and techniques in existing or proposed storage systems.

A Novel Approach of Distributed Security Mechanism of Data Distribution in Distributed Environment

A new design and its implementation approach of automatically security algorithm over data partition in secure design, approach for transformation of partitioned data and it’s utilization of different datasets in secure manner are discussed.

Corslet: A shared storage system keeping your data private

The Bonnie++ and IOzone benchmark results show that the throughput of Corslet over NFS can achieve more than 90% of native NFS throughput in most tests, proving that Corslet can provide enhanced security for user data while maintaining acceptable performance.

Data security in cloud storage services

This paper proposes a novel data sharing mechanism that simultaneously achieves data confidentiality, fine-grained access control on encrypted data and user revocation by combining ciphertext policy attribute-based encryption (CPABE), and proxy re-encryption (PRE).



Trade-offs in protecting storage: a meta-data comparison of cryptographic, backup/versioning, immutable/tamper-proof, and redundant storage solutions

While different storage protection solutions may be appropriate for different requirements, some general conclusions can be made about current state-of-the-art storage protection Solutions as well as directions for future research.

Storage Security: Protecting SANs, NAS and DAS

Here is the ultimate storage security handbook from the nation's top security expert, renowned Hack Attacks author John Chirillo, to create a detailed blueprint for protecting vital storage systems, SANs, DAS, and NAS in detail.

Survivable Information Storage Systems

The PASIS architecture flexibly and efficiently combines proven technologies for constructing information storage systems whose availability, confidentiality and integrity policies can survive component failures and malicious attacks.

Protecting multimedia data in storage: a survey of techniques emphasizing encryption

This paper provides an overview of the prominent characteristics of several systems to provide a foundation for selecting the most appropriate solution for securely storing multimedia data, including theoretical approaches, prototype systems, and existing systems ready for employment.

The techniques and challenges of immutable storage with applications in multimedia

A survey of existing techniques for immutability in file systems is presented and it is apparent that critical system files and other important documents should never be changed and thus stored as immutable.

Threat Analysis of the Domain Name System (DNS)

This note attempts to document some of the known threats to the DNS, and attempts to measure to what extent (if any) DNSSEC is a useful tool in defending against these threats.

Storage-based Intrusion Detection: Watching Storage Activity for Suspicious Behavior

A prototype storage IDS, embedded in an NFS server, is described and evaluated to demonstrate both feasibility and efficiency of storage-based intrusion detection.

Threat Modeling as a Basis for Security Requirements

Prior to claiming the security of a system, it is important to identify the threats to the system in question to develop realistic and meaningful security requirements.

Self-securing storage: protecting data in compromised systems

This work combines log-structuring with journal-based metadata to minimize the performance costs of comprehensive versioning and shows that self-securing storage devices can deliver performance that is comparable with conventional storage systems.

Protecting Secret Data from Insider Attacks

This work investigates the problem of protecting secret data, assuming an attacker is inside a target network or has compromised a system, and proposes a solution, VAST, that uses large, structured files to improve the secure storage of valuable or secret data.