|
 ABSTRACT
The growing number of storage security breaches as well as the need to adhere to government regulations is driving the need for greater storage protection. However, there is the lack of a comprehensive process to designing storage protection solutions. Designing protection for storage systems is best done by utilizing proactive system engineering rather than reacting with ad hoc countermeasures to the latest attack du jour. The purpose of threat modeling is to organize system threats and vulnerabilities into general classes to be addressed with known storage protection techniques. Although there has been prior work on threat modeling primarily for software applications, to our knowledge this is the first attempt at domain-specific threat modeling for storage systems. We discuss protection challenges unique to storage systems and propose two different processes to creating a threat model for storage systems: one based on classical security principles Confidentiality, Integrity, Availability, Authentication, or CIAA) and another based on the Data Lifecycle Model. It is our hope that this initial work will start a discussion on how to better design and implement storage protection solutions against storage threats.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
|
| |
2
|
D. Atkins and R. Austein. Threat Analysis of the Domain Name System (DNS). RFC 3833, August
|
| |
3
|
D. Barrall and D. Dewey. Plug and Root, the USB Key to the Kingdom. Presentation at Black Hat Briefings, 2005.
|
| |
4
|
California Senate. California Database Breach Act (SB 1386). http://info.sen.ca.gov/pub/01-02/bill/sen/sb 1351-1400/sb 1386 bill 20020926chaptered.html, 2002.
|
| |
5
|
Centers for Medicare & Medicaid Services. The Health Insurance Portability and Accountability Act of 1996 (HIPAA). http://www.cms.hhs.gov/hipaa/, 1996.
|
 |
6
|
Peter M. Chen , Edward K. Lee , Garth A. Gibson , Randy H. Katz , David A. Patterson, RAID: high-performance, reliable secondary storage, ACM Computing Surveys (CSUR), v.26 n.2, p.145-185, June 1994
[doi> 10.1145/176979.176981]
|
| |
7
|
|
| |
8
|
J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding Data Lifetime via Whole System Simulation. In Proc. of 13th Usenix Security Symposium, 2004.
|
| |
9
|
J. Chow, B. Pfaff, T. Garfinkel, and M. Rosenblum. Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation. In Proc. of 14th Usenix Security Symposium, 2005.
|
| |
10
|
D. D. Cock, K. Wouters, D. Schellekens, D. Singele, and B. Preneel. Threat Modelling for Security Tokens in Web Applications. In Proc. of the IFIP TC6/TC11 International Conference on Communications and Multimedia Security (CMS), pages 183--193, 2004.
|
| |
11
|
D. Dagon, W. Lee, and R. Lipton. Protecting Secret Data from Insider Attacks. In Proc. of Ninth International Conference on Financial Cryptography and Data Security, 2005.
|
| |
12
|
A. Edmonds. Towards Securing Information End-to-End: Networked Storage Security Update and Best Practices. White Paper, February 2003.
|
| |
13
|
Federal Trade Commission. Gramm-Leach-Bliley Act of 1999.
|
| |
14
|
|
| |
15
|
E. Goh, H. Shacham, N. Modadugu, and D. Boneh. SiRiUS: Securing Remote Untrusted Storage. In 10th Annual Network and Distributed System Security Symposium (NDSS), 2003.
|
| |
16
|
I. Griggs. Browser Threat Model. http://iang.org/ssl/browser threat model.html, 2004.
|
| |
17
|
J. Gruener and M. Kovar. The Emerging Storage Security Challenge. Yankee Group Report, September 2003.
|
| |
18
|
R. Hasan, J. Tucek, P. Stanton, W. Yurcik, L. Brumbaugh, J. Rosendale, and R. Boonstra. The Techniques and Challenges of Immutable Storage for Applications in Multimedia. In IS&T/SPIE International Symposium Electronic Imaging / Storage and Retrieval Methods and Applications for Multimedia (EI121), 2005.
|
| |
19
|
E. Haubert, J. Tucek, L. Brumbaugh, and W. Yurcik. Tamper-Resistant Storage Techniques for Multimedia Systems. In IS&T/SPIE International Symposium Electronic Imaging / Storage and Retrieval Methods and Applications for Multimedia (EI121), 2005.
|
| |
20
|
HP. Understanding Storage Security. RFC 3833, February 2005.
|
| |
21
|
J. Hughes. Encrypted Storage-Challenges and Methods. In Tutorial, IEEE/NASA Goddard Conference on Mass Storage Systems & Technologies (MSST), 2005.
|
| |
22
|
|
| |
23
|
|
| |
24
|
|
| |
25
|
S. Myagmar, A. J. Lee, and W. Yurcik. Threat Modeling as a Basis for Security Requirements (SREIS). In Symposium on Requirements Engineering for Information Security, 2005.
|
| |
26
|
N. Nguyen, P. Reiher, and G. Kuenning. Detecting Insider Threats by Monitoring System Call Activity. In Proc. of IEEE Workshop on Information Assurance, 2001.
|
| |
27
|
A. Pennington, J. Strunk, J. Griffin, C. Soules, G. Goodson, and G. Ganger. Storage-Based Intrusion Detection: Watching Storage Activity for Suspicious Behavior. In Proc. of Usenix Security Symposium, 2003.
|
| |
28
|
|
| |
29
|
P. Reiher. File Profiling for Insider Threats. Technical Report, February 2002.
|
| |
30
|
A. Roscoe, M. Goldsmith, S. Creese, and I. Zakiuddin. The Attacker in Ubiquitous Computing Environments: Formalising the Threat Model. In Proc. of First International Workshop on Formal Aspects in Security and Trust, 2003.
|
| |
31
|
Douglas S. Santry , Michael J. Feeley , Norman C. Hutchinson , Alistair C. Veitch , Ross W. Carton , Jacob Ofir, Deciding when to forget in the Elephant file system, Proceedings of the seventeenth ACM symposium on Operating systems principles, p.110-123, December 12-15, 1999, Charleston, South Carolina, United States
|
| |
32
|
S. Schechter and M. D. Smith. How Much Security Is Enough to Stop a Thief?: The Economics of Outsider Theft via Computer Systems and Networks. In Financial Cryptography, pages 122--137, 2003.
|
| |
33
|
B. Schneier. Attack Trees: Modeling Security Threats. Dr. Dobb's Journal, December 1999.
|
| |
34
|
|
| |
35
|
P. Stanton, W. Yurcik, and L. Brumbaugh. Protecting Multimedia Data in Storage: A Survey of Techniques Emphasizing Encryption. In IS&T/SPIE International Symposium Electronic Imaging / Storage and Retrieval Methods and Applications for Multimedia (EI121), 2005.
|
| |
36
|
|
| |
37
|
J. D. Strunk, G. R. Goodson, M. L. Scheinholtz, C. A. Soules, and G. R. Ganger. Self-Securing Storage: Protecting Data in Compromised Systems. In Proc. of the 4th Symposium on Operating Design and Implementation (OSDI), 2000.
|
| |
38
|
|
| |
39
|
Joseph Tucek , Paul Stanton , Elizabeth Haubert , Ragib Hasan , Larry Brumbaugh , William Yurcik, Trade-Offs in Protecting Storage: A Meta-Data Comparison of Cryptographic, Backup/Versioning, Immutable/Tamper-Proof, and Redundant Storage Solutions, Proceedings of the 22nd IEEE / 13th NASA Goddard Conference on Mass Storage Systems and Technologies (MSST'05), p.329-340, April 11-14, 2005
[doi> 10.1109/MSST.2005.39]
|
| |
40
|
U.S. Securities and Exchange Commission. Sarbanes-Oxley Act of 2002. http://www.sarbanes-oxley-forum.com/.
|
| |
41
|
J. Vijayan. CA Security Hole Points to Data Backup Threats. Computerworld, August 2005.
|
| |
42
|
Jay J. Wylie , Michael W. Bigrigg , John D. Strunk , Gregory R. Ganger , Han Kiliççöte , Pradeep K. Khosla, Survivable Information Storage Systems, Computer, v.33 n.8, p.61-68, August 2000
[doi> 10.1109/2.863969]
|
CITED BY 6
|
|
|
|
|
|
|
|
Nikolai Joukov , Harry Papaxenopoulos , Erez Zadok, Secure deletion myths, issues, and solutions, Proceedings of the second ACM workshop on Storage security and survivability, October 30-30, 2006, Alexandria, Virginia, USA
|
|
|
|
|
|
Avishay Traeger , Nikolai Joukov , Josef Sipek , Erez Zadok, Using free web storage for data backup, Proceedings of the second ACM workshop on Storage security and survivability, October 30-30, 2006, Alexandria, Virginia, USA
|
|
|
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
C.2