CloudLens: Modeling and Detecting Cloud Security Vulnerabilities

• URL: http://arxiv.org/abs/2402.10985v4
• Date: Tue, 24 Dec 2024 03:16:58 GMT
• Title: CloudLens: Modeling and Detecting Cloud Security Vulnerabilities
• Authors: Mikhail Kazdagli, Mohit Tiwari, Akshat Kumar,
• Abstract summary: Cloud computing services provide scalable and cost-effective solutions for data storage, processing, and collaboration. Access control misconfigurations are often the primary driver for cloud attacks. A planner generates attacks to identify such vulnerabilities in the cloud.
• Score: 15.503757553097387
• License:
• Abstract: Cloud computing services provide scalable and cost-effective solutions for data storage, processing, and collaboration. With their growing popularity, concerns about security vulnerabilities are increasing. To address this, first, we provide a formal model, called CloudLens, that expresses relations between different cloud objects such as users, datastores, security roles, representing access control policies in cloud systems. Second, as access control misconfigurations are often the primary driver for cloud attacks, we develop a planning model for detecting security vulnerabilities. Such vulnerabilities can lead to widespread attacks such as ransomware, sensitive data exfiltration among others. A planner generates attacks to identify such vulnerabilities in the cloud. Finally, we test our approach on 14 real Amazon AWS cloud configurations of different commercial organizations. Our system can identify a broad range of security vulnerabilities, which state-of-the-art industry tools cannot detect.

Related papers

• Secure IAM on AWS with Multi-Account Strategy [0.0]
  Small organizations often don't have enough human resources to design a secure architecture. We suggest the multi-account strategy for securing the cloud architecture.
  arXiv  Detail & Related papers  (2025-01-04T05:42:27Z)
• Edge-Only Universal Adversarial Attacks in Distributed Learning [49.546479320670464]
  In this work, we explore the feasibility of generating universal adversarial attacks when an attacker has access to the edge part of the model only. Our approach shows that adversaries can induce effective mispredictions in the unknown cloud part by leveraging key features on the edge side. Our results on ImageNet demonstrate strong attack transferability to the unknown cloud part.
  arXiv  Detail & Related papers  (2024-11-15T11:06:24Z)
• How to integrate cloud service, data analytic and machine learning technique to reduce cyber risks associated with the modern cloud based infrastructure [0.0]
  Combination of cloud technology, machine learning, and data visualization techniques allows hybrid enterprise networks to hold massive volumes of data. Traditional security technologies are unable to cope with the rapid data explosion in cloud platforms. Machine learning powered security solutions and data visualization techniques are playing instrumental roles in detecting security threat, data breaches, and automatic finding software vulnerabilities.
  arXiv  Detail & Related papers  (2024-05-19T16:10:03Z)
• Cloud Security and Security Challenges Revisited [0.0]
  We revisit attacks on Cloud services and Cloud-related attack vectors that have been published in recent years. Based on these findings, we apply a security metric in order to rank all these Cloud-related security challenges concerning their severity.
  arXiv  Detail & Related papers  (2024-05-18T17:42:02Z)
• Artificial Intelligence enhanced Security Problems in Real-Time Scenario using Blowfish Algorithm [0.0]
  "The cloud" refers to a collection of interconnected computing resources made possible by an extensive, real-time communication network like the internet. The exponential expansion of cloud computing has made the rapid expansion of cloud services very remarkable. Models of security that are relevant to cloud computing include confidentiality, authenticity, accessibility, data integrity, and recovery.
  arXiv  Detail & Related papers  (2024-04-14T15:38:34Z)
• Security Challenges for Cloud or Fog Computing-Based AI Applications [0.0]
  Securing the underlying Cloud or Fog services is essential. Because the requirements for AI applications can also be different, we differentiate according to whether they are used in the Cloud or in a Fog Computing network. We conclude by outlining specific information security requirements for AI applications.
  arXiv  Detail & Related papers  (2023-10-30T11:32:50Z)
• Exploring Security Practices in Infrastructure as Code: An Empirical Study [54.669404064111795]
  Cloud computing has become popular thanks to the widespread use of Infrastructure as Code (IaC) tools. scripting process does not automatically prevent practitioners from introducing misconfigurations, vulnerabilities, or privacy risks. Ensuring security relies on practitioners understanding and the adoption of explicit policies, guidelines, or best practices.
  arXiv  Detail & Related papers  (2023-08-07T23:43:32Z)
• FedDefender: Client-Side Attack-Tolerant Federated Learning [60.576073964874]
  Federated learning enables learning from decentralized data sources without compromising privacy. It is vulnerable to model poisoning attacks, where malicious clients interfere with the training process. We propose a new defense mechanism that focuses on the client-side, called FedDefender, to help benign clients train robust local models.
  arXiv  Detail & Related papers  (2023-07-18T08:00:41Z)
• Unsupervised Point Cloud Representation Learning with Deep Neural Networks: A Survey [104.71816962689296]
  Unsupervised point cloud representation learning has attracted increasing attention due to the constraint in large-scale point cloud labelling. This paper provides a comprehensive review of unsupervised point cloud representation learning using deep neural networks.
  arXiv  Detail & Related papers  (2022-02-28T07:46:05Z)
• Dataset Security for Machine Learning: Data Poisoning, Backdoor Attacks, and Defenses [150.64470864162556]
  This work systematically categorizes and discusses a wide range of dataset vulnerabilities and exploits. In addition to describing various poisoning and backdoor threat models and the relationships among them, we develop their unified taxonomy.
  arXiv  Detail & Related papers  (2020-12-18T22:38:47Z)
• A Privacy-Preserving Distributed Architecture for Deep-Learning-as-a-Service [68.84245063902908]
  This paper introduces a novel distributed architecture for deep-learning-as-a-service. It is able to preserve the user sensitive data while providing Cloud-based machine and deep learning services.
  arXiv  Detail & Related papers  (2020-03-30T15:12:03Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.