“The dynamic nature of cloud-native infrastructure requires continuous security mechanisms to effectively detect security threats, especially those with unknown patterns and behavior. This talk proposes Risk-driven Fault Injection (RDFI) techniques to address these
challenges. Essentially, RDFI applies the principles of chaos engineering to cloud security and leverages feedback
loops to execute, monitor, analyze and plan security fault injection campaigns, based on a knowledge-base.
The knowledge-base consists of fault models designed from secure baselines, cloud security best practices, and observations derived during iterative fault injection campaigns. These observations are helpful for
identifying vulnerabilities while verifying the correctness of security attributes (integrity, confidentiality, and
availability). Furthermore, RDFI proactively supports risk analysis and security hardening efforts by sharing
security information with security mechanisms. We have designed and implemented the RDFI strategies
including various chaos engineering algorithms as a software tool: CloudStrike.
Several evaluations have
been conducted with CloudStrike against infrastructure deployed on two major public cloud infrastructure:
Amazon Web Services and Google Cloud Platform. The time performance linearly increases, proportional
to increasing attack rates. Also, the analysis of vulnerabilities detected via security fault injection has been
used to harden the security of cloud resources to demonstrate the effectiveness of the security information
provided by CloudStrike. Therefore, we opine that our approaches are suitable for overcoming contemporary
cloud security issues.
“
