Imperial College London

Professor Emil Lupu

Faculty of EngineeringDepartment of Computing

Professor of Computer Systems



e.c.lupu Website




564Huxley BuildingSouth Kensington Campus






BibTex format

author = {Sgandurra, D and Karafili, E and Lupu, EC},
doi = {10.1007/978-3-319-41483-6_18},
pages = {251--267},
publisher = {Springer International Publishing},
title = {Formalizing Threat Models for Virtualized Systems},
url = {},
year = {2016}

RIS format (EndNote, RefMan)

AB - We propose a framework, called FATHoM (FormAlizing THreat Models), to define threat models for virtualized systems. For each component of a virtualized system, we specify a set of security properties that defines its control responsibility, its vulnerability and protection states. Relations are used to represent how assumptions made about a component’s security state restrict the assumptions that can be made on the other components. FATHoM includes a set of rules to compute the derived security states from the assumptions and the components’ relations. A further set of relations and rules is used to define how to protect the derived vulnerable components. The resulting system is then analysed, among others, for consistency of the threat model. We have developed a tool that implements FATHoM, and have validated it with use-cases adapted from the literature.
AU - Sgandurra,D
AU - Karafili,E
AU - Lupu,EC
DO - 10.1007/978-3-319-41483-6_18
EP - 267
PB - Springer International Publishing
PY - 2016///
SN - 0302-9743
SP - 251
TI - Formalizing Threat Models for Virtualized Systems
UR -
UR -
ER -