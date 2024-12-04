Schließen

Continuous auditing and threat detection in multi-cloud infrastructure

  • Efficient change control and configuration management is imperative for addressing the emerging security threats in cloud infrastructure. These threats majorly exploit misconfiguration vulnerabilities e.g. excessive permissions, disabled logging features and publicly accessible cloud storage buckets. Traditional security tools and mechanisms are unable to effectively and continuously track changes in cloud infrastructure owing to transience and unpredictability of cloud events. Therefore, novel tools that are proactive, agile and continuous are imperative. This article proposes CSBAuditor, a novel cloud security system that continuously monitors cloud infrastructure, to detect malicious activities and unauthorized changes. CSBAuditor leverages two concepts: state transition analysis and reconciler pattern to overcome the aforementioned security issues. Furthermore, security metrics are used to compute severity scores for detected vulnerabilities using a novel scoring system: Cloud Security Scoring System . CSBAuditor has beenEfficient change control and configuration management is imperative for addressing the emerging security threats in cloud infrastructure. These threats majorly exploit misconfiguration vulnerabilities e.g. excessive permissions, disabled logging features and publicly accessible cloud storage buckets. Traditional security tools and mechanisms are unable to effectively and continuously track changes in cloud infrastructure owing to transience and unpredictability of cloud events. Therefore, novel tools that are proactive, agile and continuous are imperative. This article proposes CSBAuditor, a novel cloud security system that continuously monitors cloud infrastructure, to detect malicious activities and unauthorized changes. CSBAuditor leverages two concepts: state transition analysis and reconciler pattern to overcome the aforementioned security issues. Furthermore, security metrics are used to compute severity scores for detected vulnerabilities using a novel scoring system: Cloud Security Scoring System . CSBAuditor has been evaluated using various strategies including security chaos engineering (fault injection) strategies on Amazon Web Services and Google Cloud Platform. CSBAuditor effectively detects misconfigurations in real-time with a detection rate of over 98%. Also, the performance overhead is within acceptable limits. (c) 2020 Elsevier Ltd. All rights reserved.show moreshow less

Export metadata

Additional Services

Search Google Scholar Statistics
Metadaten
Author details:Kennedy A. TorkuraORCiD, Muhammad Ihsan Haikal SukmanaORCiDGND, Feng ChengGND, Christoph MeinelORCiDGND
DOI:https://doi.org/10.1016/j.cose.2020.102124
ISSN:0167-4048
ISSN:1872-6208
Title of parent work (English):Computers & security
Publisher:Elsevier
Place of publishing:Oxford
Publication type:Article
Language:English
Date of first publication:2020/12/15
Publication year:2020
Release date:2024/12/04
Tag:Cloud audit; Cloud security posture management; Cloud-security; Secure configuration; Security metrics; Security risk assessment; Threat; detection
Volume:102
Article number:102124
Number of pages:21
Organizational units:An-Institute / Hasso-Plattner-Institut für Digital Engineering gGmbH
DDC classification:0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 004 Datenverarbeitung; Informatik
Peer review:Referiert

KOBV Logo  OAI Logo  DINI Zertifikat 2007  OA Netzwerk Logo

Accept ✔
This website uses technically necessary session cookies. By continuing to use the website, you agree to this. You can find our privacy policy here.