CSBAuditor: Proactive Security Risk Analysis for Cloud Storage Broker Systems

Torkura, Kennedy A.; Sukmana, Muhammad I.H.; Strauss, Tim; Graupner, Hendrik; Cheng, Feng; Meinel, Christoph

doi:10.1109/nca.2018.8548329

Cited by 11 publications

(16 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…1) CVSS: We extended our previous works on threat modeling and proactive risk analysis for cloud infrastructure, where we used the CVSS version 2 to score vulnerabilities in cloud infrastructure [32], [33]. The CVSS metrics are expressed using with base scores, which are numeric representations of risks, assessed in terms of severity [34], [35].…”

Section: B Security Risk Metricsmentioning

confidence: 99%

“…2) Deriving Security Metrics with CVSS: Let us consider how to compute security severity using the CVSS for two representative cloud attacks: Cloud Storage Enumeration Attack and Cloud Storage Exploitation Attack [32], [33], [37].…”

Section: B Security Risk Metricsmentioning

confidence: 99%

“…1) Build A Hypothesis Around a Steady-state Behavior: Central to every chaos engineering experiment is the determination of a hypothesis about normalcy and abnormality, with corresponding measurable attributes. Thus, we exploited the concept of expected state [32] -the secure state of a cloud resource at time t o . Essentially, the expected state is known by the resource orchestration system.…”

Section: Applying Chaos Engineering With Rdfimentioning

confidence: 99%

“…Safety measures are required as a fundamental basis for recovering systems to steady states. We achieve this by employing the concept of expected states and cloud state [32]. These expected states are persisted and can be easily used to recover cloud environments to its secure states.…”

Section: ) Vary Real World Eventsmentioning

confidence: 99%

“…To ensure safety, the chaos monitor continuously monitors the progress of attacks to easily detect overwhelming effects due to fault injection. We employ techniques that afford reversibility of states as described in Section II-F. We leverage our previously developed system CSBAuditor [32], for maintaining continuous visibility of monitored cloud accounts. This is supported by a logging system based on Log4J 15 , and Cloud provider logging mechanisms: AWS CloudWatch and GCP Stackdriver.…”

Section: E Chaos Monitormentioning

confidence: 99%

See 4 more Smart Citations

Cloudstrike: Chaos Engineering for Security and Resiliency in Cloud Infrastructure

Torkura¹

2020

Preprint

View full text Add to dashboard Cite

<div>Most cyber-attacks and data breaches in cloud</div><div>infrastructure are due to human errors and misconfiguration</div><div>vulnerabilities. Cloud customer-centric tools are lacking, and existing</div><div>security models do not efficiently tackle these security challenges.</div><div>Novel security mechanisms are imperative, therefore, we</div><div>propose Risk-driven Fault Injection (RDFI) techniques to tackle</div><div>these challenges. RDFI applies the principles of chaos engineering</div><div>to cloud security and leverages feedback loops to execute, monitor,</div><div>analyze and plan security fault injection campaigns, based on</div><div>a knowledge-base. The knowledge-base consists of fault models</div><div>designed from cloud security best practices and observations</div><div>derived during iterative fault injection campaigns. Furthermore,</div><div>the observations indicate security weaknesses and verify the</div><div>correctness of security attributes (integrity, confidentiality and</div><div>availability) and security controls. Ultimately this knowledge is</div><div>critical in guiding security hardening efforts and risk analysis.</div><div>We have designed and implemented the RDFI strategies including</div><div>various chaos algorithms as a software tool: CloudStrike. Furthermore,</div><div>CloudStrike has been evaluated against infrastructure</div><div>deployed on two major public cloud systems: Amazon Web Service</div><div>and Google Cloud Platform. The time performance linearly</div><div>increases, proportional to increasing attack rates. Similarly, CPU</div><div>and memory consumption rates are acceptable. Also, the analysis</div><div>of vulnerabilities detected via security fault injection has been</div><div>used to harden the security of cloud resources to demonstrate the</div><div>value of CloudStrike. Therefore, we opine that our approaches</div><div>are suitable for overcoming contemporary cloud security issues</div>

show abstract

Section: B Security Risk Metricsmentioning

confidence: 99%

Section: B Security Risk Metricsmentioning

confidence: 99%

Section: Applying Chaos Engineering With Rdfimentioning

confidence: 99%

Section: ) Vary Real World Eventsmentioning

confidence: 99%

Section: E Chaos Monitormentioning

confidence: 99%

See 3 more Smart Citations

Cloudstrike: Chaos Engineering for Security and Resiliency in Cloud Infrastructure

Torkura¹

2020

Preprint

View full text Add to dashboard Cite

show abstract

A Brokerage Approach for Secure Multi-Cloud Storage Resource Management

Sukmana

Torkura

Prasetyo

et al. 2020

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

Continuous auditing and threat detection in multi-cloud infrastructure

Torkura

Sukmana

Cheng

et al. 2021

Computers & Security

Self Cite

View full text Add to dashboard Cite

Efficient change control and configuration management is imperative for addressing the emerging security threats in cloud infrastructure. These threats majorly exploit misconfiguration vulnerabilities e.g. excessive permissions, disabled logging features and publicly accessible cloud storage buckets. Traditional security tools and mechanisms are unable to effectively and continuously track changes in cloud infrastructure owing to transience and unpredictability of cloud events. Therefore, novel tools that are proactive, agile and continuous are imperative. This paper proposes CSBAuditor, a novel cloud security system that continuously monitors cloud infrastructure, to detect malicious activities and unauthorized changes. CSBAuditor leverages two concepts: state transition analysis and reconciler pattern to overcome the aforementioned security issues. Furthermore, security metrics are used to compute severity scores for detected vulnerabilities using a novel scoring system: Cloud Security Scoring System. CSBAuditor has been evaluated using various strategies including security chaos engineering fault injection strategies on Amazon Web Services (AWS) and Google Cloud Platform (GCP). CSBAuditor effectively detects misconfigurations in real-time with a detection rate of over 98%. Also, the performance overhead is within acceptable limits.

show abstract

CSBAuditor: Proactive Security Risk Analysis for Cloud Storage Broker Systems

Cited by 11 publications

References 21 publications

Cloudstrike: Chaos Engineering for Security and Resiliency in Cloud Infrastructure

Cloudstrike: Chaos Engineering for Security and Resiliency in Cloud Infrastructure

A Brokerage Approach for Secure Multi-Cloud Storage Resource Management

Continuous auditing and threat detection in multi-cloud infrastructure

Contact Info

Product

Resources

About