azureLang: a probabilistic modeling and simulation language for cyber attacks in Microsoft Azure cloud infrastructure

Hawasli, Ahmad

January 2018

Cyber-attack simulation is a suitable method used for assessing the security ofnetwork systems. An attack simulation advances step-wise from a certain systementry-point to explore the attack paths that lead to dierent weaknesses inthe model. Each step is analyzed, and the time to compromise is calculated.Attack simulations are primarily based on attack graphs. The graphs areemployed to model attack steps where nodes can represent assets in the system,and edges can represent the attack steps. To reduce the computational cost associatedwith building an attack graph for each specic system, domain-specicattack languages, or DSL for short, are used.The nal product of this thesis work is azureLang, a probabilistic modelingand simulation language for modeling Microsoft Azure cloud infrastructure.AzureLang is a DSL which denes a generic attack logic for MicrosoftAzure systems. Using azureLang, system administrators can easily instantiatespecic-system scenarios which emulate their Microsoft Azure cloud system infrastructure.After creating the model, attack simulation can be run to assessthe security of the model. / Cyberattacksimulering är en lämplig metod som används för att bedöma säkerhetenhos nätverkssystem. En angrepsimulering går stegvis från ett visst systeminmatningspunkt för att utforska angreppsbanorna som leder till olika svagheter i modellen. Varje steg analyseras och tiden för kompromettera beräknas.Attack-simuleringar baseras huvudsakligen på attackgrafer. Graferna används för att modellera angreppssteg där noder kan representera tillgångar i systemet, och kanterna kan representera attackenstegen. För att minska kostnaden för att skapa attackgrafer för varje specifikt system används domänspecifika språk eller DSL förkortat.Den slutliga produkten av detta examensarbete är azureLang, ett probabilistisk hotmodelleringsoch attacksimuleringsspråk för analys av Microsoft Azure Cloud Infrastructure. AzureLang är en DSL som definierar en generisk attacklogik för Microsoft Azure-system. Med hjälp av azureLang kan systemadministratörer enkelt ordna specifika systemscenarier som efterliknar deras Microsoft Azure cloudsystem infrastruktur. Efter att ha skapat modellen kan attack simu-lering köras för att bedöma modellens säkerhet.

Domain Specic Language

Cyber Security

Threat Modeling

Attack Graphs

Domanspecikt sprak

Cybersakerhet

Hotmodellering

Attack Grafer

Engineering and Technology

Teknik och teknologier

A Qualitative Comparative Analysis of Data Breaches at Companies with Air-Gap Cloud Security and Multi-Cloud Environments

T Richard Stroupe Jr. (17420145)

20 November 2023

<p dir="ltr">The purpose of this qualitative case study was to describe how multi-cloud and cloud-based air gapped system security breaches occurred, how organizations responded, the kinds of data that were breached, and what security measures were implemented after the breach to prevent and repel future attacks. Qualitative research methods and secondary survey data were combined to answer the research questions. Due to the limited information available on successful unauthorized breaches to multi-cloud and cloud-based air gapped systems and corresponding data, the study was focused on the discovery of variables from several trustworthily sources of secondary data, including breach reports, press releases, public interviews, and news articles from the last five years and qualitative survey data. The sample included highly trained cloud professionals with air-gapped cloud experience from Amazon Web Services, Microsoft, Google and Oracle. The study utilized unstructured interviews with open-ended questions and observations to record and document data and analyze results.</p><p dir="ltr">By describing instances of multi-cloud and cloud-based air gapped system breaches in the last five years this study could add to the body of literature related to best practices for securing cloud-based data, preventing data breach on such systems, and for recovering from breach once it has occurred. This study would have significance to companies aiming to protect secure data from cyber attackers. It would also be significant to individuals who have provided their confidential data to companies who utilize such systems. In the primary data, 12 themes emerged. The themes were Air Gap Weaknesses Same as Other Systems, Misconfiguration of Cloud Settings, Insider Threat as Attack Vector, Phishing as Attack Vector, Software as Attack Vector, and Physical Media as Attack Vector, Lack of Reaction to Breaches, Better Authentication to Prevent Breaches, Communications, and Training in Response to Breach, Specific Responses to Specific Problems, Greater Separation of Risk from User End, and Greater Separation of Risk from Service End. For secondary data, AWS had four themes, Microsoft Azure had two, and both Google Cloud and Oracle had three.</p>

Cloud computing

air-gapped systems

cloud-based air-gapped systems

cybersecurity

cybersecurity breach

multi-cloud environments

security measures

cybersecurity attack

Amazon Web Services (AWS)

Google Cloud Platform

Microsoft Azure Cloud

oracle cloud infrastructure