Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form

Toward a threat model for storage systems

Hasan, R and Myagmar, S and Lee, AJ and Yurcik, W (2005) Toward a threat model for storage systems. In: UNSPECIFIED UNSPECIFIED, 94 - 102. ISBN 159593233X, 9781595932334

[img] Plain Text (licence)
Available under License : See the attached license file.

Download (1kB)


The growing number of storage security breaches as well as the need to adhere to government regulations is driving the need for greater storage protection. However, there is the lack of a comprehensive process to designing storage protection solutions. Designing protection for storage systems is best done by utilizing proactive system engineering rather than reacting with ad hoc countermeasures to the latest attack du jour. The purpose of threat modeling is to organize system threats and vulnerabilities into general classes to be addressed with known storage protection techniques. Although there has been prior work on threat modeling primarily for software applications, to our knowledge this is the first attempt at domain-specific threat modeling for storage systems. We discuss protection challenges unique to storage systems and propose two different processes to creating a threat model for storage systems: one based on classical security principles (Confidentiality, Integrity, Availability, Authentication, or CIAA) and another based on the Data Lifecycle Model. It is our hope that this initial work will start a discussion on how to better design and implement storage protection solutions against storage threats. Copyright 2005 ACM.


Social Networking:
Share |


Item Type: Book Section
Status: Published
CreatorsEmailPitt UsernameORCID
Hasan, R
Myagmar, S
Lee, AJadamlee@pitt.eduADAMLEE
Yurcik, W
Date: 1 December 2005
Date Type: Publication
Journal or Publication Title: StorageSS'05 - Proceedings of the 2005 ACM Workshop on Storage Security and Survivability
Page Range: 94 - 102
Event Type: Conference
DOI or Unique Handle: 10.1145/1103780.1103795
Schools and Programs: Dietrich School of Arts and Sciences > Computer Science
Refereed: Yes
ISBN: 159593233X, 9781595932334
Date Deposited: 05 Dec 2012 20:02
Last Modified: 02 Feb 2019 16:56


Monthly Views for the past 3 years

Plum Analytics

Actions (login required)

View Item View Item