Visible to the public Towards a Security Stress-Test for Cloud Configurations

TitleTowards a Security Stress-Test for Cloud Configurations
Publication TypeConference Paper
Year of Publication2022
AuthorsMinna, Francesco, Massacci, Fabio, Tuma, Katja
Conference Name2022 IEEE 15th International Conference on Cloud Computing (CLOUD)
Date Publishedjul
KeywordsAND/OR graphs, Benchmark testing, cloud, cloud computing, compositionality, Containers, Heuristic algorithms, knowledge graph, microservices, pubcrawl, risk analysis, Scalability, security, security scalability
AbstractSecuring cloud configurations is an elusive task, which is left up to system administrators who have to base their decisions on "trial and error" experimentations or by observing good practices (e.g., CIS Benchmarks). We propose a knowledge, AND/OR, graphs approach to model cloud deployment security objects and vulnerabilities. In this way, we can capture relationships between configurations, permissions (e.g., CAP\_SYS\_ADMIN), and security profiles (e.g., AppArmor and SecComp). Such an approach allows us to suggest alternative and safer configurations, support administrators in the study of what-if scenarios, and scale the analysis to large scale deployments. We present an initial validation and illustrate the approach with three real vulnerabilities from known sources.
DOI10.1109/CLOUD55607.2022.00038
Citation Keyminna_towards_2022