完整後設資料紀錄
DC 欄位語言
dc.contributor.authorWang, Pingen_US
dc.contributor.authorChao, Wun Jieen_US
dc.contributor.authorChao, Kuo-Mingen_US
dc.contributor.authorLo, Chi-Chunen_US
dc.date.accessioned2016-03-28T00:05:45Z-
dc.date.available2016-03-28T00:05:45Z-
dc.date.issued2014-01-01en_US
dc.identifier.isbn978-1-4799-6563-2en_US
dc.identifier.issnen_US
dc.identifier.urihttp://dx.doi.org/10.1109/ICEBE.2014.40en_US
dc.identifier.urihttp://hdl.handle.net/11536/129836-
dc.description.abstractMost existing approaches to developing cloud applications using threat analysis involve program vulnerability analyses for identifying the security holes associated with malware attacks. New malware attacks can bypass firewall-based detection by bypassing stack protection and by using Hypertext Transfer Protocol logging, kernel hacks, and library hack techniques, and to the cloud applications. In performing threat analysis for unspecified malware attacks, software engineers can use a taint analysis technique for tracking information flows between attack sources (malware) and detect vulnerabilities of targeted network applications. This paper proposes a threat risk analysis model incorporating an improved attack tree analysis scheme for solving the mobile security problem; in the model, Android programs perform taint checking to analyse the risks posed by suspicious applications. In probabilistic risk analysis, defence evaluation metrics are used for each attack path for assisting a defender simulate the attack results against malware attacks and estimate the impact losses. Finally, a case of threat analysis of a typical cyber security attack is presented to demonstrate the proposed approach.en_US
dc.language.isoen_USen_US
dc.subjectCyber attacksen_US
dc.subjectThreaten_US
dc.subjectanalysisen_US
dc.subjectTaint checkingen_US
dc.subjectAttack defence treeen_US
dc.titleUsing Taint Analysis for Threat Risk of Cloud Applicationsen_US
dc.typeProceedings Paperen_US
dc.identifier.doi10.1109/ICEBE.2014.40en_US
dc.identifier.journal2014 IEEE 11TH INTERNATIONAL CONFERENCE ON E-BUSINESS ENGINEERING (ICEBE)en_US
dc.citation.spage185en_US
dc.citation.epage190en_US
dc.contributor.department資訊管理與財務金融系
註:原資管所+財金所
zh_TW
dc.contributor.departmentDepartment of Information Management and Financeen_US
dc.identifier.wosnumberWOS:000364094600028en_US
dc.citation.woscount0en_US
顯示於類別:會議論文