TY  - JOUR
A1  - Torkura, Kennedy A.
A1  - Sukmana, Muhammad Ihsan Haikal
A1  - Cheng, Feng
A1  - Meinel, Christoph
T1  - CloudStrike
T2  - IEEE access : practical research, open solutions
N2  - Most cyber-attacks and data breaches in cloud infrastructure are due to human errors and misconfiguration vulnerabilities. Cloud customer-centric tools are imperative for mitigating these issues, however existing cloud security models are largely unable to tackle these security challenges. Therefore, novel security mechanisms are imperative, we propose Risk-driven Fault Injection (RDFI) techniques to address these challenges. RDFI applies the principles of chaos engineering to cloud security and leverages feedback loops to execute, monitor, analyze and plan security fault injection campaigns, based on a knowledge-base. The knowledge-base consists of fault models designed from secure baselines, cloud security best practices and observations derived during iterative fault injection campaigns. These observations are helpful for identifying vulnerabilities while verifying the correctness of security attributes (integrity, confidentiality and availability). Furthermore, RDFI proactively supports risk analysis and security hardening efforts by sharing security information with security mechanisms. We have designed and implemented the RDFI strategies including various chaos engineering algorithms as a software tool: CloudStrike. Several evaluations have been conducted with CloudStrike against infrastructure deployed on two major public cloud infrastructure: Amazon Web Services and Google Cloud Platform. The time performance linearly increases, proportional to increasing attack rates. Also, the analysis of vulnerabilities detected via security fault injection has been used to harden the security of cloud resources to demonstrate the effectiveness of the security information provided by CloudStrike. Therefore, we opine that our approaches are suitable for overcoming contemporary cloud security issues.
KW  - cloud security
KW  - security chaos engineering
KW  - resilient architectures
KW  - security risk assessment
Y1  - 2020
UR  - https://publishup.uni-potsdam.de/frontdoor/index/index/docId/57446
SN  - 2169-3536
VL  - 8
SP  - 123044
EP  - 123060
PB  - Institute of Electrical and Electronics Engineers 
CY  - Piscataway
ER  -