| Title | Cloud Property Graph: Connecting Cloud Security Assessments with Static Code Analysis |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Banse, Christian, Kunz, Immanuel, Schneider, Angelika, Weiss, Konrad |
| Conference Name | 2021 IEEE 14th International Conference on Cloud Computing (CLOUD) |
| Keywords | cloud computing, Cloud Security, cloud security assessment, code property graph, codes, coding theory, configuration monitoring, Metrics, Ontologies, privacy, pubcrawl, Regulation, resilience, Resiliency, Runtime, security, static code analysis, target tracking |
| Abstract | In this paper, we present the Cloud Property Graph (CloudPG), which bridges the gap between static code analysis and runtime security assessment of cloud services. The CloudPG is able to resolve data flows between cloud applications deployed on different resources, and contextualizes the graph with runtime information, such as encryption settings. To provide a vendorand technology-independent representation of a cloud service's security posture, the graph is based on an ontology of cloud resources, their functionalities and security features. We show, using an example, that our CloudPG framework can be used by security experts to identify weaknesses in their cloud deployments, spanning multiple vendors or technologies, such as AWS, Azure and Kubernetes. This includes misconfigurations, such as publicly accessible storages or undesired data flows within a cloud service, as restricted by regulations such as GDPR. |
| DOI | 10.1109/CLOUD53861.2021.00014 |
| Citation Key | banse_cloud_2021 |
Cloud Property Graph: Connecting Cloud Security Assessments with Static Code Analysis