CloudLens: Modeling and Detecting Cloud Security Vulnerabilities
This addresses cloud security vulnerabilities for organizations using cloud services, representing a novel method for a known bottleneck.
The paper tackles the problem of security vulnerabilities in cloud computing by developing CloudLens, a formal model and planning-based detection system, which identifies vulnerabilities in 14 real AWS configurations that state-of-the-art tools cannot detect.
Cloud computing services provide scalable and cost-effective solutions for data storage, processing, and collaboration. With their growing popularity, concerns about security vulnerabilities are increasing. To address this, first, we provide a formal model, called CloudLens, that expresses relations between different cloud objects such as users, datastores, security roles, representing access control policies in cloud systems. Second, as access control misconfigurations are often the primary driver for cloud attacks, we develop a planning model for detecting security vulnerabilities. Such vulnerabilities can lead to widespread attacks such as ransomware, sensitive data exfiltration among others. A planner generates attacks to identify such vulnerabilities in the cloud. Finally, we test our approach on 14 real Amazon AWS cloud configurations of different commercial organizations. Our system can identify a broad range of security vulnerabilities, which state-of-the-art industry tools cannot detect.