Security Chaos Engineering for Cloud Services: Work In Progress

The majority of security breaches in cloud infrastructure in recent years are caused by human errors and misconfigured resources. Novel security models are imperative to overcome these issues. Such models must be customer-centric, continuous, not focused on traditional security paradigms like intrusion detection and adopt proactive techniques. Thus, this paper proposes CloudStrike, a cloud security system that implements the principles of Chaos Engineering to enable the aforementioned properties. Chaos Engineering is an emerging discipline employed to prevent non-security failures in cloud infrastructure via Fault Injection Testing techniques. CloudStrike employs similar techniques with a focus on injecting failures that impact security i.e. integrity, confidentiality and availability. Essentially, CloudStrike leverages the relationship between dependability and security models. Preliminary experiments provide insightful and prospective results.

[1]  Christoph Meinel,et al.  SlingShot - Automated Threat Detection and Incident Response in Multi Cloud Storage Systems , 2019, 2019 IEEE 18th International Symposium on Network Computing and Applications (NCA).

[2]  Christoph Meinel,et al.  CSBAuditor: Proactive Security Risk Analysis for Cloud Storage Broker Systems , 2018, 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA).

[3]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[4]  Nicholas Kyriakopoulos,et al.  A comparative analysis of network dependability, fault-tolerance, reliability, security, and survivability , 2009, IEEE Communications Surveys & Tutorials.

[5]  Sam Newman,et al.  Building microservices - designing fine-grained systems, 1st Edition , 2015 .