Automated Security Assessments of Amazon Web Service Environments

Migrating enterprises and business capabilities to cloud platforms like Amazon Web Services (AWS) has become increasingly common. However, securing operations, especially at large scales, can quickly intractable. Customer-side issues such as service misconfigurations, data breaches, insecure changes are prevalent. Furthermore, cloud-specific tactics techniques paired with application vulnerabilities create a complex search space. Various solutions modeling languages for security assessments exist. no single one appeared sufficiently cloud-centered holistic. Many also did not account tactical dimensions. This paper, therefore, presents domain-specific language AWS environments. When used model environments, manually or automatically, the automatically constructs traverses attack graphs assess security. Assessments, require minimal expertise from user. The was primarily tested on four third-party environments through securiCAD Vanguard, commercial tool built around language. validated further by measuring performance models provided anonymous end users comparison similar open source assessment tool. As of March 2020, could represent essential structures, tactics, threats. tests highlighted certain shortcomings. Data collection steps, planted credentials, some missing were obvious. Nevertheless, covered DSL already reminiscent common real-world precedents. Future additions attacker addressing should yield considerable improvements.