Abstract
The growing number of storage security breaches as well as
the need to adhere to government regulations is driving the
need for greater storage protection. However, there is the
lack of a comprehensive process to designing storage protection solutions. Designing protection for storage systems is
best done by utilizing proactive system engineering rather
than reacting with ad hoc countermeasures to the latest attack du jour. The purpose of threat modeling is to organize system threats and vulnerabilities into general classes
to be addressed with known storage protection techniques.
Although there has been prior work on threat modeling primarily for software applications, to our knowledge this is the
first attempt at domain-specific threat modeling for storage
systems. We discuss protection challenges unique to storage systems and propose two different processes to creating
a threat model for storage systems: one based on classical
security principles (Confidentiality, I ntegrity, Availability,
Authentication, or CIAA) and another based on the Data
Lifecycle Model. It is our hope that this initial work will
start a discussion on how to better design and implement
storage protection solutions against storage threats.
Collaboration
- William Yurcik, NCSA Storage Security and Survivability group, UIUC
- Suvda Myagmar and Adam Lee, UIUC
Publication
- Ragib Hasan, Suvda Myagmar, Adam J. Lee, and William Yurcik, " Toward a Threat Model for Storage Systems ," International Workshop on Storage Security and Survivability (StorageSS) in conjunction with 12th ACM Conference on Computer and Communications Security (CCS 2005) , November 11, 2005 .