Your search keyword '"Minna, Francesco"' showing total 2 results

1. Towards a Security Stress-Test for Cloud Configurations

Author

Minna, Francesco, Massacci, Fabio, Tuma, Katja, Ardagna, Claudio Agostino, Atukorala, Nimanthi, Buyya, Rajkumar, Chang, Carl K., Chang, Rong N., Damiani, Ernesto, Dasgupta, Gargi Banerjee, Gagliardi, Fabrizio, Hagleitner, Christoph, Milojicic, Dejan, Trong, Tuan M Hoang, Ward, Robert, Xhafa, Fatos, Zhang, Jia, Ardagna, Claudio Agostino, Atukorala, Nimanthi, Buyya, Rajkumar, Chang, Carl K., Chang, Rong N., Damiani, Ernesto, Dasgupta, Gargi Banerjee, Gagliardi, Fabrizio, Hagleitner, Christoph, Milojicic, Dejan, Trong, Tuan M Hoang, Ward, Robert, Xhafa, Fatos, Zhang, Jia, Computer Systems, and Network Institute

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, SDG 16 - Peace, microservices, knowledge graph, SDG 16 - Peace, Justice and Strong Institutions, cloud, containers, security, Cryptography and Security (cs.CR), AND/OR graphs, Justice and Strong Institutions

Abstract

Securing cloud configurations is an elusive task, which is left up to system administrators who have to base their decisions on ``trial and error'' experimentations or by observing good practices (e.g., CIS Benchmarks). We propose a knowledge, AND/OR, graphs approach to model cloud deployment security objects and vulnerabilities. In this way, we can capture relationships between configurations, permissions (e.g., CAP\_SYS\_ADMIN), and security profiles (e.g., AppArmor and SecComp), as first-class citizens. Such an approach allows us to suggest alternative and safer configurations, support administrators in the study of what-if scenarios, and scale the analysis to large scale deployments. We present an initial validation and illustrate the approach with three real vulnerabilities from known sources., Comment: Conference: The IEEE International Conference on Cloud Computing (CLOUD) 2022

Published

2022

2. An Open-Source Cloud Testbed for Security Experimentation

Author

Minna, Francesco, Massacci, Fabio, Fazio, Maria, Panda, Dhabaleswar K., Prodan, Radu, Cardellini, Valeria, Kantarci, Burak, Rana, Omer, Villari, Massimo, Computer Systems, Network Institute, Fazio, Maria, Panda, Dhabaleswar K., Prodan, Radu, Cardellini, Valeria, Kantarci, Burak, Rana, Omer, and Villari, Massimo

Subjects

Docker, SDG 17 - Partnerships for the Goals, Microservices, Security, Testbed, cloud, experiments, Kubernetes, Containers

Abstract

The use of container and orchestration technologies, such as Docker and Kubernetes keeps growing every year. For the purpose of security experimentation and reproducibility of security attacks and defenses, an open-source testbed would also be an important step forward. Yet, while several security experimentation testbeds from web application testing to capture-the-flag (CTF) competitions have been proposed, a similar solution for cloud experiments is wanting. To fill this gap, we propose an open-source cloud testbed that, by using Domain Specific Language (DSL) files (e.g. with JSON or YAML syntax), allows defining experimentation scenarios as configuration files. Using DSL files allows to create, share, customize, automatically deploy, and reproduce different scenarios in a user-friendly manner. We describe the design and the corresponding tools and technologies for different implementations.

Published

2022