loading page

Continuous Auditing & Threat Detection in Multi-Cloud Infrastructure
  • +1
  • Kennedy Torkura ,
  • Muhammad I.H. Sukmana ,
  • Feng Cheng ,
  • Christoph Meinel
Kennedy Torkura
Hasso Plattner Institute

Corresponding Author:[email protected]

Author Profile
Muhammad I.H. Sukmana
Author Profile
Feng Cheng
Author Profile
Christoph Meinel
Author Profile

Abstract

Efficient change control and configuration management is imperative for addressing the emerging
security threats in cloud infrastructure. These threats majorly exploit misconfiguration vulnerabilities
e.g. excessive permissions, disabled logging features and publicly accessible cloud storage buckets.
Traditional security tools and mechanisms are unable to effectively and continuously track changes in
cloud infrastructure owing to transience and unpredictability of cloud events. Therefore, novel tools
that are proactive, agile and continuous are imperative. This paper proposes CSBAuditor, a novel cloud
security system that continuously monitors cloud infrastructure, to detect malicious activities and
unauthorized changes. CSBAuditor leverages two concepts: state transition analysis and reconciler
pattern to overcome the aforementioned security issues. Furthermore, security metrics are used to
compute severity scores for detected vulnerabilities using a novel scoring system: Cloud Security
Scoring System. CSBAuditor has been evaluated using various strategies including security chaos
engineering fault injection strategies on Amazon Web Services (AWS) and Google Cloud Platform
(GCP). CSBAuditor effectively detects misconfigurations in real-time with a detection rate of over
98%. Also, the performance overhead is within acceptable limits.
Mar 2021Published in Computers & Security volume 102 on pages 102124. 10.1016/j.cose.2020.102124