Design and Implementation of an Open-Source Security Framework for Cloud Infrastructure

TL;DR

This paper introduces an open-source security framework for cloud infrastructure that improves incident detection, reduces false positives, and automates remediation in Kubernetes and OpenStack environments.

Contribution

It presents novel tools including a cross-platform identity-resource graph, a policy-evidence data model, and an identity-aware alert correlation algorithm.

Findings

Reduced assessment time from 120.4 to 18.2 minutes.

Lowered false-positive rate from 12.1% to 4.7%.

Increased component coverage from 48% to 92%.

Abstract

Misconfiguration, excessive privilege, and fragmented controls remain major causes of cloud-infrastructure incidents. This paper proposes an open-source framework that contributes a cross-platform identity-resource graph for Kubernetes and OpenStack, a policy-to-evidence data model linking OPA/Gatekeeper and Checkov results to live assets, an identity-aware correlation algorithm for reducing noisy runtime alerts, and a guarded remediation workflow that converts validated policy violations into Kubernetes patches or Terraform plans. The evaluation is made reproducible by specifying workload generation, injected misconfiguration classes, run repetitions, metric definitions, and statistical reporting. In a 50-200 node private-cloud testbed, the framework reduced assessment time from 120.4 +/- 6.8 min to 18.2 +/- 1.7 min, lowered the false-positive rate from 12.1% to 4.7%, and increased checked component coverage from 48% to 92%. The reported 62% reduction in observable events corresponding to injected violations and approximately 40% cost reduction are scoped to the defined 30-day operational test and one-year 200-node cost model, respectively, and are not claimed as hyperscale results.