Toward Automated Security Analysis and Enforcement for Cloud Computing Using Graphical Models for Security

Cloud computing has become widely adopted by businesses for hosting applications with improved performance at a fraction of the operational costs and complexity. The rise of cloud applications has been coupled with an increase in security threat vectors and vulnerabilities. In this paper, we propose a new security assessment and enforcement tool for the cloud named CloudSafe, which provides an automated security assessment and enforce best security control for the cloud by collating various security tools. To demonstrate the applicability and usability of CloudSafe, we implemented CloudSafe and conducted security assessment in Amazon AWS. Also, we analyzed four different security countermeasure options in depth; Vulnerability Patching, Virtual Patching, Network Hardening and Moving Target Defence. Virtual Patching, Network Hardening and Moving Target Defence were determined to be feasible with regards to deployment implementation for the project. Proof of concepts were developed demonstrating the effectiveness of each feasible countermeasure option. These results indicate that the proposed tool CloudSafe is effective and efficient in helping security administrators to select optimal countermeasures to secure their cloud by conducting an in-depth security assessment.