[论文解读] Semi-Automated Threat Modeling of Cloud-Based Systems Through Extracting Software Architecture from Configuration and Network Flow
本文提出一种基于运行时观测的推断体系结构的方法,并进行面向云端系统的连续、与平台无关的威胁建模(包括ML威胁),通过检测在裸机、Kubernetes和AWS上的17种注入威胁,效果优于静态扫描器。
Traditional threat modeling occurs during design, but cloud deployments introduce unanticipated threats, especially multi-stage attacks chaining vulnerabilities across trust boundaries. Existing security tools analyze components in isolation, cannot detect architectural threats from system composition, and cannot validate runtime behavior against configured policies. This gap leaves organizations vulnerable to attacks exploiting architectural weaknesses. This paper addresses this gap through a key innovation: automatically inferring system architecture from runtime observations to enable continuous threat modeling. Our methodology combines static configuration analysis with observed network flows to construct architecture graphs reflecting actual operational behavior, then applies systematic threat detection using platform-agnostic abstractions (components, domains, interfaces, access policies, flows). This enables consistent threat identification across bare metal, Kubernetes, and cloud infrastructure without manual diagram maintenance. We validate the methodology using a supply-chain system with ML components deployed on all three platforms, injecting 17 infrastructure and ML threats. Results show detection of all 17 threat types across all platforms, while existing security tools detected only 6-47% with zero ML threat coverage, confirming the necessity of runtime aware, architecture-level threat analysis.
研究动机与目标
- Motivate the need for continuous threat modeling that accounts for runtime behavior and architectural threats in cloud deployments.
- Propose a platform-agnostic method to infer system architecture from static configuration and runtime network flows.
- Map the inferred architecture to established threat modeling constructs and identify architectural threats.
- Enable automated, platform-specific mitigation planning and remediation artifacts.
- Evaluate cross-platform generalization using a supply-chain/ML-enabled CI/CD system deployed on bare metal, Kubernetes, and AWS.
提出的方法
- Infer architecture from runtime observations by integrating static configuration data with observed network flows to build architecture graphs.
- Represent the system with platform-agnostic constructs: domains, components, interfaces, policies, flows, and trust boundaries.
- Map architecture graphs to threat modeling constructs and apply threat frameworks (STRIDE, MITRE ATT&CK, OWASP ML/LLM Top 10) for threat identification.
- Correlate architectural threats with known vulnerabilities and threat intelligence feeds to enrich findings.
- Prioritize threats using risk scores, organizational policies, and a threat- mitigation knowledge base to produce automated remediation configurations.
- Operate the pipeline continuously to reflect evolving configurations and runtime behavior.
实验结果
研究问题
- RQ1Can architecture be reliably inferred from runtime observations and static configuration across different deployment platforms?
- RQ2Do platform-agnostic abstractions enable uniform threat detection across bare metal, Kubernetes, and cloud environments?
- RQ3Are ML/AI-specific threats detectable with platform-agnostic threat detection patterns across diverse infrastructures?
- RQ4How does runtime-aware threat modeling compare to static IaC/CSPM tools in terms of coverage of architectural threats?
- RQ5What automated mitigations can be generated that are actionable on each platform?
主要发现
- The methodology detected all 17 introduced threat types across bare-metal, Kubernetes, and AWS.
- Existing IaC scanners and CSPM tools detected only 6-47% of threats with zero ML threat coverage.
- ML-specific threats (T11-T17) were detected across all three platforms using platform-agnostic detection patterns.
- Across platforms, 49 threat instances were detected on bare-metal, 47 on Kubernetes, and all 17 threat types on AWS, illustrating cross-platform generalization.
- The approach yields an actionable mitigation plan with automated remediation configurations where possible.
更好的研究,从现在开始
从论文设计到论文写作,大幅缩短您的研究时间。
无需绑定信用卡
本解读由 AI 生成,并经人工编辑审核。