Efficient change control and configuration management is imperative for addressing the emerging security threats in cloud infrastructure. These threats majorly exploit misconfiguration vulnerabilities e.g. excessive permissions, disabled logging features and publicly accessible cloud storage buckets. Traditional security tools and mechanisms are unable to effectively and continuously track changes in cloud infrastructure owing to transience and unpredictability of cloud events. Therefore, novel tools that are proactive, agile and continuous are imperative. This paper proposes CSBAuditor, a novel cloud security system that continuously monitors cloud infrastructure, to detect malicious activities and unauthorized changes. CSBAuditor leverages two concepts: state transition analysis and reconciler pattern to overcome the aforementioned security issues. Furthermore, security metrics are used to compute severity scores for detected vulnerabilities using a novel scoring system: Cloud Security Scoring System. CSBAuditor has been evaluated using various strategies including security chaos engineering fault injection strategies on Amazon Web Services (AWS) and Google Cloud Platform (GCP). CSBAuditor effectively detects misconfigurations in real-time with a detection rate of over 98%. Also, the performance overhead is within acceptable limits.

Most cyber-attacks and data breaches in cloud infrastructure are due to human errors and misconfiguration vulnerabilities. Cloud customer-centric tools are lacking, and existing security models do not efficiently tackle these security challenges. Novel security mechanisms are imperative, therefore, we propose Risk-driven Fault Injection (RDFI) techniques to tackle these challenges. RDFI applies the principles of chaos engineering to cloud security and leverages feedback loops to execute, monitor, analyze and plan security fault injection campaigns, based on a knowledge-base. The knowledge-base consists of fault models designed from cloud security best practices and observations derived during iterative fault injection campaigns. Furthermore, the observations indicate security weaknesses and verify the correctness of security attributes (integrity, confidentiality and availability) and security controls. Ultimately this knowledge is critical in guiding security hardening efforts and risk analysis. We have designed and implemented the RDFI strategies including various chaos algorithms as a software tool: CloudStrike. Furthermore, CloudStrike has been evaluated against infrastructure deployed on two major public cloud systems: Amazon Web Service and Google Cloud Platform. The time performance linearly increases, proportional to increasing attack rates. Similarly, CPU and memory consumption rates are acceptable. Also, the analysis of vulnerabilities detected via security fault injection has been used to harden the security of cloud resources to demonstrate the value of CloudStrike. Therefore, we opine that our approaches are suitable for overcoming contemporary cloud security issues