English

Towards a Security Stress-Test for Cloud Configurations

Cryptography and Security 2022-06-08 v2

Abstract

Securing cloud configurations is an elusive task, which is left up to system administrators who have to base their decisions on ``trial and error'' experimentations or by observing good practices (e.g., CIS Benchmarks). We propose a knowledge, AND/OR, graphs approach to model cloud deployment security objects and vulnerabilities. In this way, we can capture relationships between configurations, permissions (e.g., CAP\_SYS\_ADMIN), and security profiles (e.g., AppArmor and SecComp), as first-class citizens. Such an approach allows us to suggest alternative and safer configurations, support administrators in the study of what-if scenarios, and scale the analysis to large scale deployments. We present an initial validation and illustrate the approach with three real vulnerabilities from known sources.

Keywords

Cite

@article{arxiv.2205.14498,
  title  = {Towards a Security Stress-Test for Cloud Configurations},
  author = {Francesco Minna and Fabio Massacci and Katja Tuma},
  journal= {arXiv preprint arXiv:2205.14498},
  year   = {2022}
}

Comments

Conference: The IEEE International Conference on Cloud Computing (CLOUD) 2022

R2 v1 2026-06-24T11:31:58.722Z