RAID: high-performance, reliable secondary storage
ACM Computing Surveys (CSUR)
Proceedings of the ninth annual IFIP TC11 WG11.3 working conference on Database security IX : status and prospects: status and prospects
Deciding when to forget in the Elephant file system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Proceedings of the 2002 ACM symposium on Applied computing
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
Replication Does Survive Information Warfare Attacks
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
Remembrance of Data Passed: A Study of Disk Sanitization Practices
IEEE Security and Privacy
Storage Security: Protecting, SANs, NAS and DAS
Storage Security: Protecting, SANs, NAS and DAS
Doc, Wyatt, and Virgil: prototyping storage jamming defenses
ACSAC '97 Proceedings of the 13th Annual Computer Security Applications Conference
Surviving information warfare attacks on databases
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Threat Modeling
Who Moved My Data? A Backup Tracking System for Dynamic Workstation Environments
LISA '04 Proceedings of the 18th USENIX conference on System administration
MSST '05 Proceedings of the 22nd IEEE / 13th NASA Goddard Conference on Mass Storage Systems and Technologies
Self-securing storage: protecting data in compromised system
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Storage-based intrusion detection: watching storage activity for suspicious behavior
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Understanding data lifetime via whole system simulation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Shredding your garbage: reducing data lifetime through secure deallocation
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Protecting secret data from insider attacks
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
A statistical analysis of disclosed storage security breaches
Proceedings of the second ACM workshop on Storage security and survivability
Secure deletion myths, issues, and solutions
Proceedings of the second ACM workshop on Storage security and survivability
Using free web storage for data backup
Proceedings of the second ACM workshop on Storage security and survivability
Introducing secure provenance: problems and challenges
Proceedings of the 2007 ACM workshop on Storage security and survivability
Towards tamper-evident storage on patterned media
FAST'08 Proceedings of the 6th USENIX Conference on File and Storage Technologies
Towards a threat model for mobile ad-hoc networks
ISP'06 Proceedings of the 5th WSEAS International Conference on Information Security and Privacy
We have met the enemy and he is us
Proceedings of the 2008 workshop on New security paradigms
Insiders behaving badly: addressing bad actors and their actions
IEEE Transactions on Information Forensics and Security
Buffer cache level encryption for embedded secure operating system
EUC'07 Proceedings of the 2007 international conference on Embedded and ubiquitous computing
The security threats and corresponding measures to distributed storage systems
APPT'07 Proceedings of the 7th international conference on Advanced parallel processing technologies
ICMPV6 Vulnerability: The Importance of Threat Model and SF-ICMP6
International Journal of Mobile Computing and Multimedia Communications
Threat modeling of a mobile device management system for secure smart work
Electronic Commerce Research
Hi-index | 0.00 |
The growing number of storage security breaches as well as the need to adhere to government regulations is driving the need for greater storage protection. However, there is the lack of a comprehensive process to designing storage protection solutions. Designing protection for storage systems is best done by utilizing proactive system engineering rather than reacting with ad hoc countermeasures to the latest attack du jour. The purpose of threat modeling is to organize system threats and vulnerabilities into general classes to be addressed with known storage protection techniques. Although there has been prior work on threat modeling primarily for software applications, to our knowledge this is the first attempt at domain-specific threat modeling for storage systems. We discuss protection challenges unique to storage systems and propose two different processes to creating a threat model for storage systems: one based on classical security principles Confidentiality, Integrity, Availability, Authentication, or CIAA) and another based on the Data Lifecycle Model. It is our hope that this initial work will start a discussion on how to better design and implement storage protection solutions against storage threats.