A Risk Assessment Study: Encircling Docker Container Assets on IaaS Cloud Computing Topology.pdf
MohammmadHafizHersya
27 views
18 slides
May 07, 2024
Slide 1 of 18
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
About This Presentation
International Conference of Cloud and Internet of Things 2023 - Portugal, slide
Slide Content
For the Glory of the Nation
6th Conference on Cloud and Internet of Things
March 20-22, 2023
A Risk Assessment Study:
Encircling Docker
Container Assets on IaaS
Cloud Computing
Topology
Mohammad Hafiz Hersyah
Nara Institute of Science and
Technology
6th Conference on Cloud and Internet of Things
March 20-22, 2023
A Risk Assessment Study:
Encircling Docker
Container Assets on IaaS
Cloud Computing
Topology
Mohammad Hafiz Hersyah
Nara Institute of Science and
Technology
For the Glory of the Nation
Cloudis
synonymously
embedded in
virtualization
technology and one
of the most
versatile pioneers
that have brought
focal points on the
global stage
Container orchestration is a veritable
case of how to secure and
manages a lifecycle that is
able to provide automation
in deploying multiple tasks.
The ultimate aspect
for business customers
is the provision of
guarantees to certify
an exceptional level of
IT security for numerous
IT components
Introduction
Cloudis
synonymously
embedded in
virtualization
technology and one
of the most
versatile pioneers
that have brought
focal points on the
global stage
Container orchestration is a veritable
case of how to secure and
manages a lifecycle that is
able to provide automation
in deploying multiple tasks.
The ultimate aspect
for business customers
is the provision of
guarantees to certify
an exceptional level of
IT security for numerous
IT components
Introduction
For the Glory of the Nation
Thearticulateutilizationofdocker
containerassetsinCloudComputing
isonestrategicpivotalaspectofthe
underlyingrationaleforcustomersto
conjectureontheirventures.
Introduction
Thearticulateutilizationofdocker
containerassetsinCloudComputing
isonestrategicpivotalaspectofthe
underlyingrationaleforcustomersto
conjectureontheirventures.
Introduction
For the Glory of the Nation
Introduction (2)
Thefurtherdevelopmentoftheseinformation- basedtechniquesmeans
thegreaterextentofenterprisesconstitutesapproachestoboost
efficiencyandcompetitiveness.However,[4-7]quarreledthatsuch
advancementwouldengageattacktechniquesthatescorttosecurity
breachesinovertakingitsresourcestoconductillegalactivities.
Q. Hong et al., ”An information security risk assessment method based on conduct effect and dynamic threat,” 2017 8th IEEE International
Conference on Software Engineering and Service Science (ICSESS), 2017, pp. 782-786, DOI: 10.1109/ICSESS. 2017.8343029.
M. T. Riaz, M. Shah Jahan, K. S. Arif, and W. Haider Butt, ”Risk Assessment on Software Development using Fishbone Analysis,” 2019
International Conference on Data and Software Engineering (ICoDSE), 2019, pp. 1-6, DOI: 10.1109/ICoDSE48700.2019.9092727.
J.Menezes, C. Gusm ̃ao, and H. Moura, ”Risk factors in software development projects: a systematic literature review,” Software Quality
Journal, November 07, 2018
Klipper, S. (2011). ISO/IEC 27005. In: Information Security Risk Management. Vieweg+Teubner. https://doi.org/10.1007/97838348987083
Introduction (2)
Thefurtherdevelopmentoftheseinformation- basedtechniquesmeans
thegreaterextentofenterprisesconstitutesapproachestoboost
efficiencyandcompetitiveness.However,[4-7]quarreledthatsuch
advancementwouldengageattacktechniquesthatescorttosecurity
breachesinovertakingitsresourcestoconductillegalactivities.
Q. Hong et al., ”An information security risk assessment method based on conduct effect and dynamic threat,” 2017 8th IEEE International
Conference on Software Engineering and Service Science (ICSESS), 2017, pp. 782-786, DOI: 10.1109/ICSESS. 2017.8343029.
M. T. Riaz, M. Shah Jahan, K. S. Arif, and W. Haider Butt, ”Risk Assessment on Software Development using Fishbone Analysis,” 2019
International Conference on Data and Software Engineering (ICoDSE), 2019, pp. 1-6, DOI: 10.1109/ICoDSE48700.2019.9092727.
J.Menezes, C. Gusm ̃ao, and H. Moura, ”Risk factors in software development projects: a systematic literature review,” Software Quality
Journal, November 07, 2018
Klipper, S. (2011). ISO/IEC 27005. In: Information Security Risk Management. Vieweg+Teubner. https://doi.org/10.1007/97838348987083
For the Glory of the Nation
•Resolving a specific risk assessment calculation methodology for
docker container infrastructure.
•Administer experimentation with the proposed risk calculation
methodology and investigate the risk rating score.
•Recommends a series of Risk Treatment on Both Cloud Service
Provider and Cloud Service Customer to lower the risk rating to an
acceptable level
Contribution
•Resolving a specific risk assessment calculation methodology for
docker container infrastructure.
•Administer experimentation with the proposed risk calculation
methodology and investigate the risk rating score.
•Recommends a series of Risk Treatment on Both Cloud Service
Provider and Cloud Service Customer to lower the risk rating to an
acceptable level
Contribution
For the Glory of the Nation
Proposed Risk
Assessment
Proposed Risk
Assessment
For the Glory of the Nation
This section utilizes a threat group called
TeamTNT, which has targeted cloud and
containerized environments by deploying XMRig
and using RainbowMiner and lolMinerDocker
images to mine cryptocurrency
PROPOSED RISK
ASSESSMENT
EXPERIMENTATION
This section utilizes a threat group called
TeamTNT, which has targeted cloud and
containerized environments by deploying XMRig
and using RainbowMiner and lolMinerDocker
images to mine cryptocurrency
PROPOSED RISK
ASSESSMENT
EXPERIMENTATION
For the Glory of the Nation
Combinesassetsbycalculatingtheaverageof
theelementsofCIAscoresusingAHP
(AnalyticHierarchyProcess)andAsset
valuationusingapartialdependencymatrix.
Active Assets Value -
AAV
Combinesassetsbycalculatingtheaverageof
theelementsofCIAscoresusingAHP
(AnalyticHierarchyProcess)andAsset
valuationusingapartialdependencymatrix.
Active Assets Value -
AAV
For the Glory of the Nation
AHP (Analytic Hierarchy Process) and Partial Dependency Matrix
AHP (Analytic Hierarchy Process) and Partial Dependency Matrix
For the Glory of the Nation
Active Assets Value -AAV
Active Assets Value -AAV
For the Glory of the Nation
Identifying threat sources is the first thing to do in
Active Threat Impact to estimate the scales in
threat impact using a portion of E-Bios Risk
Manager and CVSS (The Common Vulnerability
Scoring System) scores
Active Threat
Impact -ATI
Identifying threat sources is the first thing to do in
Active Threat Impact to estimate the scales in
threat impact using a portion of E-Bios Risk
Manager and CVSS (The Common Vulnerability
Scoring System) scores
Active Threat
Impact -ATI
For the Glory of the Nation
Active Threat
Impact -ATI
Active Threat
Impact -ATI
For the Glory of the Nation
Vulnerability in this paper assumes that the impact
and exploitability from the adversary party merge
with a summary of the average from adversary
intent (Ai), adversary capability (Ac), and
adversary targetting(At).
Active Vulnerability
Value - AVV
Vulnerability in this paper assumes that the impact
and exploitability from the adversary party merge
with a summary of the average from adversary
intent (Ai), adversary capability (Ac), and
adversary targetting(At).
Active Vulnerability
Value - AVV
For the Glory of the Nation
Active Vulnerability Value -AVV
Active Vulnerability Value -AVV
For the Glory of the Nation
RiskRating
and
Treatments
This Photoby Unknown Author is licensed under CC BY-SA
RiskRating
and
Treatments
This Photoby Unknown Author is licensed under CC BY-SA
For the Glory of the Nation
Toreducetheriskratingtoanacceptablelevel(Low)witha
thresholdvalueof2.0,dependingontheactivethreatimpact,a
preventativeand/alsomitigationshouldbedevisedtocounterit
properly.Therisktreatmentshouldalsorefertotheriskappetite
anddecidethe”4T”activitiesthatrepresentitwiththethreat
impact:“Tolerate-Treat-Transfer–Terminate”.
Risk Rating
Toreducetheriskratingtoanacceptablelevel(Low)witha
thresholdvalueof2.0,dependingontheactivethreatimpact,a
preventativeand/alsomitigationshouldbedevisedtocounterit
properly.Therisktreatmentshouldalsorefertotheriskappetite
anddecidethe”4T”activitiesthatrepresentitwiththethreat
impact:“Tolerate-Treat-Transfer–Terminate”.
Risk Rating
For the Glory of the Nation
Risk Treatments
Risk Treatments
For the Glory of the Nation
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 27
- Slides 18
- Age 575 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
46 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
46 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
34 views
21
Know for Certain
DaveSinNM
21 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views