Continuous Auditing & Threat Detection in Multi-Cloud Infrastructure

Efficient change control and configuration management is imperative for addressing the emerging

security threats in cloud infrastructure. These threats majorly exploit misconfiguration vulnerabilities

e.g. excessive permissions, disabled logging features and publicly accessible cloud storage buckets.

Traditional security tools and mechanisms are unable to effectively and continuously track changes in

cloud infrastructure owing to transience and unpredictability of cloud events. Therefore, novel tools

that are proactive, agile and continuous are imperative. This paper proposes CSBAuditor, a novel cloud

security system that continuously monitors cloud infrastructure, to detect malicious activities and

unauthorized changes. CSBAuditor leverages two concepts: state transition analysis and reconciler

pattern to overcome the aforementioned security issues. Furthermore, security metrics are used to

compute severity scores for detected vulnerabilities using a novel scoring system: Cloud Security

Scoring System. CSBAuditor has been evaluated using various strategies including security chaos

engineering fault injection strategies on Amazon Web Services (AWS) and Google Cloud Platform

(GCP). CSBAuditor effectively detects misconfigurations in real-time with a detection rate of over

98%. Also, the performance overhead is within acceptable limits.