Securing Cloud Storage Brokerage Systems Through Threat Models

Torkura, Kennedy A.; Sukmana, Muhammad I.H.; Meinig, Michael; Kayem, Anne V. D. M.; Cheng, Feng; Graupner, Hendrik; Meinel, Christoph

doi:10.1109/aina.2018.00114

Cited by 12 publications

(14 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We extended our previous works on threat modeling and proactive risk analysis for cloud infrastructure, where we used the CVSS version 2 to score vulnerabilities in cloud infrastructure [34], [35]. The CVSS metrics are expressed using with base scores, which are numeric representations of risks, assessed in terms of severity [36], [37].…”

Section: ) Cvssmentioning

confidence: 99%

CloudStrike: Chaos Engineering for Security and Resiliency in Cloud Infrastructure

et al. 2020

Self Cite

View full text Add to dashboard Cite

Most cyber-attacks and data breaches in cloud infrastructure are due to human errors and misconfiguration vulnerabilities. Cloud customer-centric tools are imperative for mitigating these issues, however existing cloud security models are largely unable to tackle these security challenges. Therefore, novel security mechanisms are imperative, we propose Risk-driven Fault Injection (RDFI) techniques to address these challenges. RDFI applies the principles of chaos engineering to cloud security and leverages feedback loops to execute, monitor, analyze and plan security fault injection campaigns, based on a knowledge-base. The knowledge-base consists of fault models designed from secure baselines, cloud security best practices and observations derived during iterative fault injection campaigns. These observations are helpful for identifying vulnerabilities while verifying the correctness of security attributes (integrity, confidentiality and availability). Furthermore, RDFI proactively supports risk analysis and security hardening efforts by sharing security information with security mechanisms. We have designed and implemented the RDFI strategies including various chaos engineering algorithms as a software tool: CloudStrike. Several evaluations have been conducted with CloudStrike against infrastructure deployed on two major public cloud infrastructure: Amazon Web Services and Google Cloud Platform. The time performance linearly increases, proportional to increasing attack rates. Also, the analysis of vulnerabilities detected via security fault injection has been used to harden the security of cloud resources to demonstrate the effectiveness of the security information provided by CloudStrike. Therefore, we opine that our approaches are suitable for overcoming contemporary cloud security issues.

show abstract

Section: ) Cvssmentioning

confidence: 99%

CloudStrike: Chaos Engineering for Security and Resiliency in Cloud Infrastructure

et al. 2020

Self Cite

View full text Add to dashboard Cite

show abstract

“…1) CVSS: We extended our previous works on threat modeling and proactive risk analysis for cloud infrastructure, where we used the CVSS version 2 to score vulnerabilities in cloud infrastructure [32], [33]. The CVSS metrics are expressed using with base scores, which are numeric representations of risks, assessed in terms of severity [34], [35].…”

Section: B Security Risk Metricsmentioning

confidence: 99%

“…2) Deriving Security Metrics with CVSS: Let us consider how to compute security severity using the CVSS for two representative cloud attacks: Cloud Storage Enumeration Attack and Cloud Storage Exploitation Attack [32], [33], [37].…”

Section: B Security Risk Metricsmentioning

confidence: 99%

Cloudstrike: Chaos Engineering for Security and Resiliency in Cloud Infrastructure

Torkura¹

2020

Preprint

View full text Add to dashboard Cite

<div>Most cyber-attacks and data breaches in cloud</div><div>infrastructure are due to human errors and misconfiguration</div><div>vulnerabilities. Cloud customer-centric tools are lacking, and existing</div><div>security models do not efficiently tackle these security challenges.</div><div>Novel security mechanisms are imperative, therefore, we</div><div>propose Risk-driven Fault Injection (RDFI) techniques to tackle</div><div>these challenges. RDFI applies the principles of chaos engineering</div><div>to cloud security and leverages feedback loops to execute, monitor,</div><div>analyze and plan security fault injection campaigns, based on</div><div>a knowledge-base. The knowledge-base consists of fault models</div><div>designed from cloud security best practices and observations</div><div>derived during iterative fault injection campaigns. Furthermore,</div><div>the observations indicate security weaknesses and verify the</div><div>correctness of security attributes (integrity, confidentiality and</div><div>availability) and security controls. Ultimately this knowledge is</div><div>critical in guiding security hardening efforts and risk analysis.</div><div>We have designed and implemented the RDFI strategies including</div><div>various chaos algorithms as a software tool: CloudStrike. Furthermore,</div><div>CloudStrike has been evaluated against infrastructure</div><div>deployed on two major public cloud systems: Amazon Web Service</div><div>and Google Cloud Platform. The time performance linearly</div><div>increases, proportional to increasing attack rates. Similarly, CPU</div><div>and memory consumption rates are acceptable. Also, the analysis</div><div>of vulnerabilities detected via security fault injection has been</div><div>used to harden the security of cloud resources to demonstrate the</div><div>value of CloudStrike. Therefore, we opine that our approaches</div><div>are suitable for overcoming contemporary cloud security issues</div>

show abstract

“…Let us consider how to compute security severity using the CVSS for three representative cloud attacks: Cloud Storage Enumeration Attack, Cloud Storage Exploitation Attack [57,56,9] and Credential Report Abuse. [14], to construct possible keywords that are relevant to the target e.g.…”

Section: Deriving Security Metrics With Cvssmentioning

confidence: 99%

Continuous Auditing & Threat Detection in Multi-Cloud Infrastructure

Torkura¹,

Sukmana²,

Cao³

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

<div>Efficient change control and configuration management is imperative for addressing the emerging</div><div>security threats in cloud infrastructure. These threats majorly exploit misconfiguration vulnerabilities</div><div>e.g. excessive permissions, disabled logging features and publicly accessible cloud storage buckets.</div><div>Traditional security tools and mechanisms are unable to effectively and continuously track changes in</div><div>cloud infrastructure owing to transience and unpredictability of cloud events. Therefore, novel tools</div><div>that are proactive, agile and continuous are imperative. This paper proposes CSBAuditor, a novel cloud</div><div>security system that continuously monitors cloud infrastructure, to detect malicious activities and</div><div>unauthorized changes. CSBAuditor leverages two concepts: state transition analysis and reconciler</div><div>pattern to overcome the aforementioned security issues. Furthermore, security metrics are used to</div><div>compute severity scores for detected vulnerabilities using a novel scoring system: Cloud Security</div><div>Scoring System. CSBAuditor has been evaluated using various strategies including security chaos</div><div>engineering fault injection strategies on Amazon Web Services (AWS) and Google Cloud Platform</div><div>(GCP). CSBAuditor effectively detects misconfigurations in real-time with a detection rate of over</div><div>98%. Also, the performance overhead is within acceptable limits.</div>

show abstract

Securing Cloud Storage Brokerage Systems Through Threat Models

Cited by 12 publications

References 21 publications

CloudStrike: Chaos Engineering for Security and Resiliency in Cloud Infrastructure

CloudStrike: Chaos Engineering for Security and Resiliency in Cloud Infrastructure

Cloudstrike: Chaos Engineering for Security and Resiliency in Cloud Infrastructure

Continuous Auditing & Threat Detection in Multi-Cloud Infrastructure

Contact Info

Product

Resources

About