Continuous Auditing & Threat Detection in Multi-Cloud Infrastructure

10.36227/techrxiv.13108313.v1 ◽

2020 ◽

Author(s):

Kennedy Torkura ◽

Muhammad I.H. Sukmana ◽

Feng Cheng ◽

Christoph Meinel

Keyword(s):

Scoring System ◽

Fault Injection ◽

Threat Detection ◽

Cloud Infrastructure ◽

Continuous Auditing ◽

Security Metrics ◽

Transition Analysis ◽

Security Issues ◽

Severity Scores ◽

Amazon Web Services

<div>Efficient change control and configuration management is imperative for addressing the emerging</div><div>security threats in cloud infrastructure. These threats majorly exploit misconfiguration vulnerabilities</div><div>e.g. excessive permissions, disabled logging features and publicly accessible cloud storage buckets.</div><div>Traditional security tools and mechanisms are unable to effectively and continuously track changes in</div><div>cloud infrastructure owing to transience and unpredictability of cloud events. Therefore, novel tools</div><div>that are proactive, agile and continuous are imperative. This paper proposes CSBAuditor, a novel cloud</div><div>security system that continuously monitors cloud infrastructure, to detect malicious activities and</div><div>unauthorized changes. CSBAuditor leverages two concepts: state transition analysis and reconciler</div><div>pattern to overcome the aforementioned security issues. Furthermore, security metrics are used to</div><div>compute severity scores for detected vulnerabilities using a novel scoring system: Cloud Security</div><div>Scoring System. CSBAuditor has been evaluated using various strategies including security chaos</div><div>engineering fault injection strategies on Amazon Web Services (AWS) and Google Cloud Platform</div><div>(GCP). CSBAuditor effectively detects misconfigurations in real-time with a detection rate of over</div><div>98%. Also, the performance overhead is within acceptable limits.</div>

Download Full-text

Continuous auditing and threat detection in multi-cloud infrastructure

Computers & Security ◽

10.1016/j.cose.2020.102124 ◽

2021 ◽

Vol 102 ◽

pp. 102124

Author(s):

K.A. Torkura ◽

Muhammad I.H. Sukmana ◽

Feng Cheng ◽

Christoph Meinel

Keyword(s):

Threat Detection ◽

Cloud Infrastructure ◽

Continuous Auditing ◽

Multi Cloud

Download Full-text

Cloudstrike: Chaos Engineering for Security and Resiliency in Cloud Infrastructure

10.36227/techrxiv.12456299 ◽

2020 ◽

Author(s):

Kennedy Torkura

Keyword(s):

Knowledge Base ◽

Fault Injection ◽

Software Tool ◽

Cloud Security ◽

Cyber Attacks ◽

Cloud Infrastructure ◽

Security Issues ◽

Security Controls ◽

Security Models ◽

Consumption Rates

<div>Most cyber-attacks and data breaches in cloud</div><div>infrastructure are due to human errors and misconfiguration</div><div>vulnerabilities. Cloud customer-centric tools are lacking, and existing</div><div>security models do not efficiently tackle these security challenges.</div><div>Novel security mechanisms are imperative, therefore, we</div><div>propose Risk-driven Fault Injection (RDFI) techniques to tackle</div><div>these challenges. RDFI applies the principles of chaos engineering</div><div>to cloud security and leverages feedback loops to execute, monitor,</div><div>analyze and plan security fault injection campaigns, based on</div><div>a knowledge-base. The knowledge-base consists of fault models</div><div>designed from cloud security best practices and observations</div><div>derived during iterative fault injection campaigns. Furthermore,</div><div>the observations indicate security weaknesses and verify the</div><div>correctness of security attributes (integrity, confidentiality and</div><div>availability) and security controls. Ultimately this knowledge is</div><div>critical in guiding security hardening efforts and risk analysis.</div><div>We have designed and implemented the RDFI strategies including</div><div>various chaos algorithms as a software tool: CloudStrike. Furthermore,</div><div>CloudStrike has been evaluated against infrastructure</div><div>deployed on two major public cloud systems: Amazon Web Service</div><div>and Google Cloud Platform. The time performance linearly</div><div>increases, proportional to increasing attack rates. Similarly, CPU</div><div>and memory consumption rates are acceptable. Also, the analysis</div><div>of vulnerabilities detected via security fault injection has been</div><div>used to harden the security of cloud resources to demonstrate the</div><div>value of CloudStrike. Therefore, we opine that our approaches</div><div>are suitable for overcoming contemporary cloud security issues</div>

Download Full-text

Cloudstrike: Chaos Engineering for Security and Resiliency in Cloud Infrastructure

10.36227/techrxiv.12456299.v1 ◽

2020 ◽

Author(s):

Kennedy Torkura

Keyword(s):

Knowledge Base ◽

Fault Injection ◽

Software Tool ◽

Cloud Security ◽

Cyber Attacks ◽

Cloud Infrastructure ◽

Security Issues ◽

Security Controls ◽

Security Models ◽

Consumption Rates

<div>Most cyber-attacks and data breaches in cloud</div><div>infrastructure are due to human errors and misconfiguration</div><div>vulnerabilities. Cloud customer-centric tools are lacking, and existing</div><div>security models do not efficiently tackle these security challenges.</div><div>Novel security mechanisms are imperative, therefore, we</div><div>propose Risk-driven Fault Injection (RDFI) techniques to tackle</div><div>these challenges. RDFI applies the principles of chaos engineering</div><div>to cloud security and leverages feedback loops to execute, monitor,</div><div>analyze and plan security fault injection campaigns, based on</div><div>a knowledge-base. The knowledge-base consists of fault models</div><div>designed from cloud security best practices and observations</div><div>derived during iterative fault injection campaigns. Furthermore,</div><div>the observations indicate security weaknesses and verify the</div><div>correctness of security attributes (integrity, confidentiality and</div><div>availability) and security controls. Ultimately this knowledge is</div><div>critical in guiding security hardening efforts and risk analysis.</div><div>We have designed and implemented the RDFI strategies including</div><div>various chaos algorithms as a software tool: CloudStrike. Furthermore,</div><div>CloudStrike has been evaluated against infrastructure</div><div>deployed on two major public cloud systems: Amazon Web Service</div><div>and Google Cloud Platform. The time performance linearly</div><div>increases, proportional to increasing attack rates. Similarly, CPU</div><div>and memory consumption rates are acceptable. Also, the analysis</div><div>of vulnerabilities detected via security fault injection has been</div><div>used to harden the security of cloud resources to demonstrate the</div><div>value of CloudStrike. Therefore, we opine that our approaches</div><div>are suitable for overcoming contemporary cloud security issues</div>

Download Full-text

Role of Security Mechanisms in the Building Blocks of the Cloud Infrastructure

Applications of Security, Mobile, Analytic, and Cloud (SMAC) Technologies for Effective Information Processing and Management - Advances in Computer and Electrical Engineering ◽

10.4018/978-1-5225-4044-1.ch001 ◽

2018 ◽

pp. 1-23

Author(s):

Kowsigan Mohan ◽

P. Balasubramanie Palanisamy ◽

G.R. Kanagachidambaresan ◽

Siddharth Rajesh ◽

Sneha Narendran

Keyword(s):

Building Blocks ◽

Vital Role ◽

Cloud Provider ◽

Scheduling Problems ◽

Cloud Environment ◽

Security Measures ◽

Cloud Infrastructure ◽

Security Issues

This chapter describes how security plays a vital role in cloud computing, as the name itself specifies the data can be stored from any place and can be owned by anyone. Even though the cloud offers many benefits such as flexibility, scalability and agility, security issues are still backlog the cloud infrastructure. Much research is being done on cloud security equal to the scheduling problems in the cloud environment. The customers under the cloud providers are very concerned about their data, which has been stored in the cloud environment. In this regard, it is essential for a cloud provider to implement some powerful tools for security, to provide a secure cloud infrastructure to the customers. Generally speaking, there are some foundational needs to be attained and some actions to be combined to ensure data security in both cloud, as well as, non-cloud infrastructure. This book chapter concentrates only on the security issues, security measures, security mechanisms, and security tools of the cloud environment.

Download Full-text

Attack Detection in Cloud Networks Based on Artificial Intelligence Approaches

Artificial Intelligence and Security Challenges in Emerging Networks - Advances in Computational Intelligence and Robotics ◽

10.4018/978-1-5225-7353-1.ch003 ◽

2019 ◽

pp. 63-84

Author(s):

Zuleyha Yiner ◽

Nurefsan Sertbas ◽

Safak Durukan-Odabasi ◽

Derya Yiltas-Kaplan

Keyword(s):

Cloud Computing ◽

Deep Learning ◽

Learning Algorithms ◽

General Information ◽

Attack Detection ◽

Machine Learning Algorithms ◽

Training Data ◽

Network Access ◽

Cloud Infrastructure ◽

Security Issues

Cloud computing that aims to provide convenient, on-demand, network access to shared software and hardware resources has security as the greatest challenge. Data security is the main security concern followed by intrusion detection and prevention in cloud infrastructure. In this chapter, general information about cloud computing and its security issues are discussed. In order to prevent or avoid many attacks, a number of machine learning algorithms approaches are proposed. However, these approaches do not provide efficient results for identifying unknown types of attacks. Deep learning enables to learning features that are more complex, and thanks to the collection of big data as a training data, deep learning achieves more successful results. Many deep learning algorithms are proposed for attack detection. Deep networks architecture is divided into two categories, and descriptions for each architecture and its related attack detection studies are discussed in the following section of chapter.

Download Full-text

Advanced Data Storage Security System for Public Cloud

International Journal of Fog Computing ◽

10.4018/ijfc.2020070102 ◽

2020 ◽

Vol 3 (2) ◽

pp. 21-30

Author(s):

Jitendra Kumar ◽

Mohammed Ammar ◽

Shah Abhay Kantilal ◽

Vaishali R. Thakare

Keyword(s):

Cloud Computing ◽

Data Storage ◽

Dynamic Capabilities ◽

Data Transfer ◽

Service Providers ◽

Open Systems ◽

Cloud Infrastructure ◽

Great Loss ◽

Security Issues ◽

Data Auditing

Cloud is a collective term for a large number of developments and possibilities. Various data can be stored by the large amount of people onto the cloud storage facility without any bound of limitations as it provides tremendous space. Open systems like Android (Google Apps) still face many day- to-day security threats or attacks. With recent demand, cloud computing has raised security concerns for both service providers and consumers. Major issues like data transfer over wireless network across the globe have to be protected from unauthorized usage over the cloud as altered data can lead to great loss. In this regard, data auditing along with integrity, dynamic capabilities, and privacy preserving, and plays as an important role for preventing data from various cloud attacks which is considered in this work. The work also includes efficient auditor which plays a crucial role in securing the cloud environment. This paper presents a review on the cloud computing concepts and security issues inherent within the context of cloud computing and cloud infrastructure.

Download Full-text

Secure NoSQL for the Social Networking and E-Commerce Based Bigdata Applications Deployed in Cloud

International Journal of Cloud Applications and Computing ◽

10.4018/ijcac.2018040106 ◽

2018 ◽

Vol 8 (2) ◽

pp. 113-129 ◽

Cited By ~ 3

Author(s):

Sangeeta Gupta ◽

Narsimha Gugulothu

Keyword(s):

Virtual Machines ◽

Modern World ◽

Web Crawler ◽

Nosql Databases ◽

Security Issues ◽

Data Store ◽

Proposed Model ◽

The Social ◽

Before And After ◽

Amazon Web Services

The work presented in this article brings into light the security issues with NoSQL databases- MongoDB, HBase and Cassandra. A literature survey is carried out to identify the modern world scenarios of the applications using NoSQL databases and limitations are identified. A solution is proposed by designing a framework to achieve security for the web crawler applications using Cassandra, a NoSQL data store. Experimental results are presented to show the effectiveness of the work by designing an appropriate algorithm to trigger security for scalable web crawler architecture. Amazon Web Services (AWS), a familiar cloud platform, and bitnami cloud hosting services are used to procure the required servers and virtual machines. Performance changes on the virtual machines are brought into consideration before and after encrypting and decrypting the voluminous data and an improvement in efficiency is observed with the proposed model.

Download Full-text

Cloud computing security: protecting cloud-based smart city applications

Journal of Smart Cities ◽

10.18063/jsc.2016.01.007 ◽

2016 ◽

Vol 2 (1) ◽

Cited By ~ 3

Author(s):

Alkiviadis Giannakoulias

Keyword(s):

Cloud Computing ◽

Public Sector ◽

Service Provider ◽

Key Management ◽

Cloud Service ◽

Transport Layer ◽

Cloud Infrastructure ◽

Security Issues ◽

Standards Compliance ◽

Security Standards

Data security is a major concern in cloud computing environments as they provide much scope for intruders to attack. Data centres in cloud environments hold valid information that end-users would conventionally have stored on their computers. Moving information towards centralised services may have an adverse effect on the security of users’ interactions with files kept in cloud cupboard spaces[1], for example accidental or deliberate alterations or deletions of information from the cloud server by the Cloud Service Provider (CSP). This necessitates the deployment of some sort of mechanism to ensure the safety of information integrity[2]. Public sector organisations have much to gain by adopting a cloud computing approach to service delivery in their ICT environments. However, these benefits must be reaped without compromising core requirements and institutional values.This paper focuses on the security issues that may arise when public sector organisations consider transitioning to an Open Source Software (OSS) Infrastructure as a Service (IaaS) Cloud Infrastructure (OpenStack), although the same issues are likely to be found in other OSS cloud computing software like Apache CloudStack[3], Eucalyptus[4], and OpenNebula[5]. We examine legal implications, regulatory and standards compliance, new attack vectors resulting from vulnerabilities coming from virtualisation technologies, data integrity issues such as encryption and access controls, and security checks to be performed on the services prior to their movement to the cloud. In addition, some of the most important security threats in cloud computing are presented, followed by key recommendations on how to address them, namely security standards and certifications, service provider auditing, secure APIs, transport layer protection, authentication and encryption key management, and cloud service agreements.

Download Full-text