Citation :

Chaitanya Vootkuri, 2024. "Dynamic Threat Modeling For Internet-Facing Applications in Cloud Ecosystems" ESP International Journal of Advancements in Computational Technology (ESP-IJACT)  Volume 2, Issue 1: 190-201.

Abstract :

The more a cloud services provider relies on Internet-facing applications, the more important the security becomes. As security challenges are evolving, dynamic threat modelling is an emerging critical methodology. Dynamic threat modelling is different from static approaches because it combines real-time data and lets the real-time landscape and architecture change constantly. This paper explores principles and techniques for Internet-facing applications in cloud environments through dynamic threat modelling. It is the identification and prioritisation of potential attack vectors, using cloud-native tools for continuous monitoring, and applying machine learning to detect and predict threats. We also talk about integrating security automation frameworks like Infrastructure, such as Code (IaC) scanning, container security, and runtime protection. Risk mitigation emphasis is placed on Distributed Denial Of Service (DDoS), unauthorised access, and data breach risks faced in Internet-facing systems. This paper combines theoretical insights and practical implementations to give security professionals and cloud architects actionable guidance. These results show how dynamic threat modelling can provide significant resilience to cloud-based applications while maintaining operational agility.

References :

[1] Kazim, M., & Evans, D. (2016, March). Threat modelling for services in the cloud. In 2016 IEEE Symposium on Service-Oriented System Engineering (SOSE) (pp. 66-72). IEEE.

[2] Anisetti, M., Ardagna, C., Cremonini, M., Damiani, E., Sessa, J., & Costa, L. (2020). Security threat landscape. White Paper Security Threats.

[3] Nour, B., Ujjwal, S., Karaçay, L., Laaroussi, Z., Gülen, U., Tomur, E., & Pourzandi, M. (2024). Merging Threat Modeling with Threat Hunting for Dynamic Cybersecurity Defense. IEEE Internet of Things Magazine, 7(6), 28-34.

[4] Salayma, M. (2024). Threat modelling in Internet of Things (IoT) environments using dynamic attack graphs. Frontiers in The Internet of Things, 3, 1306465.

[5] Mastering Cloud Application Threat Modeling: A Step-by-Step Guide, Cyderes, 2024. online. https://www.cyderes.com/blog/mastering-cloud-application-threat-modeling-a-step-by-step-guide

[6] Kavallieratos, G., Gkioulos, V., & Katsikas, S. K. (2019, May). Threat analysis in dynamic environments: The case of the smart home. In 2019, the 15th International Conference on Distributed Computing in Sensor Systems (DCOSS) (pp. 234-240). IEEE.

[7] Threat modeling cloud applications in AWS, Azure, and GCP, Secureflag, 2024. online. https://blog.secureflag.com/2024/09/18/threat-model-cloud-applications-in-aws-azure-gcp/

[8] Cloud Threat Modeling, online. Cloud Security Alliance, 2021. online. https://cloudsecurityalliance.org/artifacts/cloud-threat-modeling

[9] Sequeiros, J. B., Chimuco, F. T., Samaila, M. G., Freire, M. M., & Inácio, P. R. (2020). Attack and system modelling applied to IoT, cloud, and mobile ecosystems: Embedding security by design. ACM Computing Surveys (CSUR), 53(2), 1-32.

[10] How do you do Threat Modeling for Cloud Applications, Threat Modelers, and online? https://www.threatmodeler.com/how-to-do-threat-modeling-for-cloud-applications/#:~:text=Threat%20modeling%20is%20a%20proactive,depiction%20of%20a%20system's%20architecture.

[11] Seeam, A., Ogbeh, O. S., Guness, S., & Bellekens, X. (2019, September). Threat modelling and security issues for the Internet of Things. In 2019, a conference was on next-generation computing applications (NextComp) (pp. 1-8). IEEE.

[12] UcedaVelez, T., & Morana, M. M. (2015). Risk Centric Threat Modeling: process for attack simulation and threat analysis. John Wiley & Sons.

[13] Manzoor, S., Vateva-Gurova, T., Trapero, R., & Suri, N. (2019). Threat modelling the cloud: an ontology-based approach. In Information and Operational Technology Security Systems: First International Workshop, IOSec 2018, CIPSEC Project, Heraklion, Crete, Greece, September 13, 2018, Revised Selected Papers 1 (pp. 61-72). Springer International Publishing.

[14] Sion, L., Yskout, K., Van Landuyt, D., & Joosen, W. (2018, April). Solution-aware data flow diagrams for security threat modelling, in Proceedings of the 33rd Annual ACM Symposium on Applied Computing (pp. 1425-1432).

[15] Koch, A. (2021, October). The landscape of security from physical assumptions. In 2021 IEEE Information Theory Workshop (ITW) (pp. 1-6). IEEE.

[16] Chris Champa, What is Cloud Threat Modeling?, Wiz, 2024. online. https://www.wiz.io/academy/cloud-threat-modeling

[17] Alwaheidi, M. K., & Islam, S. (2022). Data-driven threat analysis for ensuring security in cloud enabled systems. Sensors, 22(15), 5726

[18] Möller, D. P. (2023). Threats and threat intelligence. In Guide to Cybersecurity in Digital Transformation: Trends, Methods, Technologies, Applications and Best Practices (pp. 71-129). Cham: Springer Nature Switzerland.

[19] Santos, E., Nguyen, H., Yu, F., Kim, K. J., Li, D., Wilkinson, J. T., ... & Clark, B. (2011). Intelligence analyses and the insider threat. IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans, 42(2), 331-347.

[20] Vegesna, V. V. (2023). Enhancing cyber resilience by integrating AI-driven threat detection and mitigation strategies. Transactions on Latest Trends in Artificial Intelligence, 4(4).

Keywords :

Dynamic Threat Modelling, Internet-Facing Applications, Cloud Security, Threat Intelligence, Infrastructure As Code (IAC).