First Principles Vulnerability Assessment

Clouds and Grids offer significant challenges to providing secure infrastructure software. As part of a the authors' effort to secure such middleware, they present First Principles Vulner-ability Assessment (FPVA), a new analyst-centric (manual) technique that aims to focus the analyst's attention on the parts of the software system and its resources that are most likely to contain vulnerabilities that would provide access to high-value assets. FPVA finds new threats to a system and is not dependent on a list of known threats. Manual assessment is labor-intensive, making the use of automated assessment tools quite attractive.