Continuous auditing and threat detection in multi-cloud infrastructure
نویسندگان
چکیده
Efficient change control and configuration management is imperative for addressing the emerging security threats in cloud infrastructure. These majorly exploit misconfiguration vulnerabilities e.g. excessive permissions, disabled logging features publicly accessible storage buckets. Traditional tools mechanisms are unable to effectively continuously track changes infrastructure owing transience unpredictability of events. Therefore, novel that proactive, agile continuous imperative. This article proposes CSBAuditor, a system monitors infrastructure, detect malicious activities unauthorized changes. CSBAuditor leverages two concepts: state transition analysis reconciler pattern overcome aforementioned issues. Furthermore, metrics used compute severity scores detected using scoring system: Cloud Security Scoring System. has been evaluated various strategies including chaos engineering (fault injection) on Amazon Web Services Google Platform. detects misconfigurations real-time with detection rate over 98%. Also, performance overhead within acceptable limits.
منابع مشابه
Data and infrastructure security auditing in cloud computing environments
Formany companies the remaining barriers to adopting cloud computing services are related to security. One of these significant security issues is the lack of auditability for various aspects of security in the
متن کاملAuditing cloud storage for continuous storage security
Cloud storage permits users to remotely store their knowledge and revel in the on-demand top quality cloud applications while not the burden of native hardware and software package management. Though the advantages are clear, such a service is addition relinquishing users’ physical possession of their outsourced knowledge, which necessarily poses new security risks towards the correctness of th...
متن کاملinvestigation of single-user and multi-user detection methods in mc-cdma systems and comparison of their performances
در این پایان نامه به بررسی روش های آشکارسازی در سیستم های mc-cdma می پردازیم. با توجه به ماهیت آشکارسازی در این سیستم ها، تکنیک های آشکارسازی را می توان به دو دسته ی اصلی تقسیم نمود: آشکارسازی سیگنال ارسالی یک کاربر مطلوب بدون در نظر گرفتن اطلاعاتی در مورد سایر کاربران تداخل کننده که از آن ها به عنوان آشکارساز های تک کاربره یاد می شود و همچنین آشکارسازی سیگنال ارسالی همه ی کاربران فعال موجود در...
Multi-file proofs of retrievability for cloud storage auditing
Cloud storage allows clients to store a large amount of data with the help of storage service providers (SSPs). Proof-of-retrievability(POR) protocols allow one server to prove to a verifier the availability of data stored by some client. Shacham et al. presented POR protocols based on homomorphic authenticators and proved security of their schemes under a stronger security model, which require...
متن کاملMulti-campus Universities Private-cloud Migration Infrastructure
Cloud Computing is an attractive research area for the last few years; and there have been a tremendous grows in the number of educational institutions all over the world who have either adopted or are considering migrating to cloud computing. However, there are many concerns and reservations about adopting conventional or public cloud based solutions. A new paradigm of cloud based solution has...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Computers & Security
سال: 2021
ISSN: ['0167-4048', '1872-6208']
DOI: https://doi.org/10.1016/j.cose.2020.102124