TechRxiv
journal_csbauditor.pdf (1.44 MB)

Continuous Auditing & Threat Detection in Multi-Cloud Infrastructure

Download (1.44 MB)
preprint
posted on 21.10.2020, 07:35 by Kennedy Torkura, Muhammad I.H. Sukmana, Feng Cheng, Christoph Meinel
Efficient change control and configuration management is imperative for addressing the emerging
security threats in cloud infrastructure. These threats majorly exploit misconfiguration vulnerabilities
e.g. excessive permissions, disabled logging features and publicly accessible cloud storage buckets.
Traditional security tools and mechanisms are unable to effectively and continuously track changes in
cloud infrastructure owing to transience and unpredictability of cloud events. Therefore, novel tools
that are proactive, agile and continuous are imperative. This paper proposes CSBAuditor, a novel cloud
security system that continuously monitors cloud infrastructure, to detect malicious activities and
unauthorized changes. CSBAuditor leverages two concepts: state transition analysis and reconciler
pattern to overcome the aforementioned security issues. Furthermore, security metrics are used to
compute severity scores for detected vulnerabilities using a novel scoring system: Cloud Security
Scoring System. CSBAuditor has been evaluated using various strategies including security chaos
engineering fault injection strategies on Amazon Web Services (AWS) and Google Cloud Platform
(GCP). CSBAuditor effectively detects misconfigurations in real-time with a detection rate of over
98%. Also, the performance overhead is within acceptable limits.

History

Email Address of Submitting Author

kennedy.torkura@hpi.de

Submitting Author's Institution

Hasso Plattner Institute

Submitting Author's Country

Germany

Exports