A Continuous Risk Assessment Methodology for Cloud Infrastructures

TL;DR

This paper introduces a continuous risk assessment methodology for cloud infrastructures that combines manual analysis with automated threat detection, enabling dynamic, reusable, and collaborative security evaluations.

Contribution

It presents a novel threat profile framework and a prototype tool for automatic risk assessment of cloud resources based on infrastructure as code.

Findings

Prototype demonstrates effective automatic threat evaluation.

Threat profiles enable reusable and scalable risk assessments.

Open-source repository fosters community collaboration.

Abstract

Cloud systems are dynamic environments which make it difficult to keep track of security risks that resources are exposed to. Traditionally, risk assessment is conducted for individual assets to evaluate existing threats; their results, however, are quickly outdated in such a dynamic environment. In this paper, we propose an adaptation of the traditional risk assessment methodology for cloud infrastructures which loosely couples manual, in-depth analyses with continuous, automatic application of their results. These two parts are linked by a novel threat profile definition that allows to reusably describe configuration weaknesses based on properties that are common across assets and cloud providers. This way, threats can be identified automatically for all resources that exhibit the same properties, including new and modified ones. We also present a prototype implementation which automatically evaluates an infrastructure as code template of a cloud system against a set of threat profiles, and we evaluate its performance. Our methodology not only enables organizations to reuse their threat analysis results, but also to collaborate on their development, e.g. with the public community. To that end, we propose an initial open-source repository of threat profiles.