dc.contributorDíaz-López, Daniel
dc.creatorPalacios Chavarro, Sara
dc.date.accessioned2022-08-16T17:10:12Z
dc.date.accessioned2022-09-22T14:21:35Z
dc.date.available2022-08-16T17:10:12Z
dc.date.available2022-09-22T14:21:35Z
dc.date.created2022-08-16T17:10:12Z
dc.identifierhttps://repository.urosario.edu.co/handle/10336/34710
dc.identifierhttps://doi.org/10.48713/10336_34710
dc.identifier.urihttp://repositorioslatinoamericanos.uchile.cl/handle/2250/3438072
dc.description.abstractSecurity incidents may have several origins. However, many times they are caused due to components that are supposed to be correctly configured or deployed. That is, traditional methods may not detect those security assumptions, and new alternatives need to be tried. Security Chaos Engineering (SCE) represents a new way to detect such failing components in order to protect assets under cyber risk scenarios. To demonstrate the application of SCE in security, this degree project presents, in the first place, an introduction to the fundamentals of Chaos Engineering (CE) as SCE inherits its principles and methodology. This is done to understand its application in engineering, a series of analyses of the proposed frameworks and tools for the implementation of CE is provided, and its functionality is tested with four experiments. In the second place, this degree project proposes ChaosXploit, a security chaos engineering framework based on attack trees, which leverages the CE methodology along with a knowledge database composed of attack trees to detect and exploit vulnerabilities in different targets as part of an offensive security exercise. Once the theoretical and conceptual components of SCE are detailed and the proposal for ChaosXploit is explained, a set of experiments are conducted to validate the feasibility of ChaosXploit to validate the security of cloud managed services, i.e. Amazon buckets, which may be prone to misconfigurations.
dc.languageeng
dc.publisherUniversidad del Rosario
dc.publisherPrograma de Matemáticas Aplicadas y Ciencias de la Computación - MACC
dc.publisherEscuela de Ingeniería, Ciencia y Tecnología
dc.rightshttp://creativecommons.org/licenses/by-nc-nd/2.5/co/
dc.rightsinfo:eu-repo/semantics/openAccess
dc.rightsAbierto (Texto Completo)
dc.rightsAtribución-NoComercial-SinDerivadas 2.5 Colombia
dc.sourceBeyer, Betsy; Jones, Chris; Petoff, Jennifer; Murphy, Niall Richard (2016) Site Reliability Engineering: How Google Runs Production Systems. : O'Reilly Media, Inc.; 9781491929124;
dc.sourceBasiri, Ali; Hochstein, Lorin; Jones, Nora; Tucker, Haley (2019) Automating chaos experiments in production. En: CoRR. Vol. abs/1905.04648; Disponible en: http://arxiv.org/abs/1905.04648.
dc.sourceLafeldt, Mathias; Yu, Gu; Principles of chaos engineering. Disponible en: https://principlesofchaos.org/.
dc.sourcePawlikowski, M (2021) Chaos Engineering: Site reliability through controlled disruption. : Manning; 9781617297755;
dc.sourceDíaz-López, Daniel; Blanco Uribe, María; Santiago Cely, Claudia; Tarquino Murgueitio, Daniel; Garcia Garcia, Edwin; Nespoli, Pantaleone; Gómez Mármol, Félix (2018) Developing Secure IoT Services: A Security-Oriented Review of IoT. En: Symmetry. Vol. 10; No. 12; 2073-8994; Disponible en: https://www.mdpi.com/2073-8994/10/12/669; http://dx.doi.org/10.3390/sym10120669. Disponible en: 10.3390/sym10120669.
dc.sourceDíaz-López, Daniel; Dólera Tormo, Ginés; Gómez Mármol, Félix; Alcaraz Calero, Jose M; Martínez Pérez, Gregorio (2014) Live digital, remember digital: State of the art and research challenges. En: Computers & Electrical Engineering. Vol. 40; No. 1; pp. 109-120 0045-7906; Disponible en: https://www.sciencedirect.com/science/article/pii/S0045790613002905; http://dx.doi.org/10.1016/j.compeleceng.2013.11.008. Disponible en: 10.1016/j.compeleceng.2013.11.008.
dc.sourceTorkura, Kennedy A; Sukmana, Muhammad I H; Cheng, Feng; Meinel, Christoph (2020) CloudStrike: Chaos Engineering for Security and Resiliency in Cloud. En: IEEE Access. Vol. 8; pp. 123044-123060 2169-3536; Disponible en: http://dx.doi.org/10.1109/ACCESS.2020.3007338. Disponible en: 10.1109/ACCESS.2020.3007338.
dc.sourceRosenthal, C; Jones, N (2020) Chaos Engineering: System Resiliency in Practice. : O'Reilly Media; 9781492043867;
dc.sourceBasiri, Ali; Behnam, Niosha; de Rooij, Ruud; Hochstein, Lorin; Kosewski, Luke; Reynolds, Justin; Rosenthal, Casey (2016) Chaos Engineering. En: IEEE Software. Vol. 33; No. 3; pp. 35-41 Disponible en: http://dx.doi.org/10.1109/MS.2016.60. Disponible en: 10.1109/MS.2016.60.
dc.sourceCamacho, Carlos; Cañizares, Pablo C; Llana, Luis; Núñez, Alberto (2022) Chaos as a Software Product Line—A platform for improving open. En: Software. pp. 1-34 1097-024X; Disponible en: http://dx.doi.org/10.1002/spe.3076. Disponible en: 10.1002/spe.3076.
dc.sourceSimonsson, Jesper; Zhang, Long; Morin, Brice; Baudry, Benoit; Monperrus, Martin (2021) Observability and chaos engineering on system calls for containerized. En: Future Generation Computer Systems. Vol. 122; pp. 117-129 : Elsevier B.V.; 0167-739X; Disponible en: https://doi.org/10.1016/j.future.2021.04.001; http://dx.doi.org/10.1016/j.future.2021.04.001; http://arxiv.org/abs/1907.13039. Disponible en: 10.1016/j.future.2021.04.001.
dc.sourceZhang, Long; Morin, Brice; Haller, Philipp; Baudry, Benoit; Monperrus, Martin (2018) A Chaos Engineering System for Live Analysis and Falsification of. En: IEEE Transactions on Software Engineering. Vol. 47; No. 11; pp. 2534-2548 : IEEE; 1939-3520; Disponible en: http://dx.doi.org/10.1109/TSE.2019.2954871; http://arxiv.org/abs/1805.05246. Disponible en: 10.1109/TSE.2019.2954871.
dc.sourceZhang, Long; Morin, Brice; Baudry, Benoit; Monperrus, Martin (2021) Maximizing Error Injection Realism for Chaos Engineering with System Calls. En: IEEE Transactions on Dependable and Secure Computing. pp. 1-1 : Institute of Electrical and Electronics Engineers (IEEE); Disponible en: https://doi.org/10.1109%2Ftdsc.2021.3069715; http://dx.doi.org/10.1109/tdsc.2021.3069715. Disponible en: 10.1109/tdsc.2021.3069715.
dc.sourceRinehart, Aaron; Shortridge, Kelly; O'Reilly Media, Incorporated (2020) Security Chaos Engineering Gaining Confidence in Resilience and Safety at.
dc.sourceTorkura, Kennedy A; Sukmana, Muhammad I H; Cheng, Feng; Meinel, Christoph (2019) Security Chaos Engineering for Cloud Services: Work in Progress. En: 2019 IEEE 18th International Symposium on Network Computing and.: Institute of Electrical and Electronics Engineers Inc.; Disponible en: http://dx.doi.org/10.1109/NCA.2019.8935046. Disponible en: 10.1109/NCA.2019.8935046.
dc.sourceTorkura, K A; Sukmana, Muhammad; Cheng, Feng; Meinel, Christoph (2021) Continuous auditing and threat detection in multi-cloud infrastructure. En: Computers and Security. Vol. 102; pp. 102124 : Elsevier Ltd; 0167-4048; Disponible en: https://doi.org/10.1016/j.cose.2020.102124; http://dx.doi.org/10.1016/j.cose.2020.102124. Disponible en: 10.1016/j.cose.2020.102124.
dc.sourceSharieh, Salah; Ferworn, Alexander (2021) Securing APIs and Chaos Engineering. En: 2021 IEEE Conference on Communications and Network Security (CNS). pp. 290-294 Disponible en: http://dx.doi.org/10.1109/CNS53000.2021.9705049. Disponible en: 10.1109/CNS53000.2021.9705049.
dc.sourceBlog, Netflix Technology; Netflix Chaos Monkey Upgraded. Disponible en: https://netflixtechblog.com/netflix-chaos-monkey-upgraded-1d679429be5d.
dc.sourceBlog, Netflix Technology; The Netflix Simian Army. Disponible en: https://netflixtechblog.com/the-netflix-simian-army-16e57fbab116.
dc.sourceButtow, Tammy; Chaos Engineering: the history, principles, and practice. Disponible en: https://www.gremlin.com/community/tutorials/chaos-engineering-the-history-principles-and-practice/.
dc.sourceRapid7, (2021) 2021 Cloud Misconfiguration Report.
dc.sourceMartínez Martínez, Isabella; Florián Quitián, Andrés; Díaz-López, Daniel; Nespoli, Pantaleone; Gómez Mármol, Félix (2021) MalSEIRS: Forecasting Malware Spread Based on Compartmental Models in. En: Complexity. Vol. 2021; Hindawi;
dc.sourceNespoli, Pantaleone; Díaz-López, Daniel; Gómez Mármol, Félix (2021) Cyberprotection in IoT environments: A dynamic rule-based solution to. En: Journal of Information Security and Applications. Vol. 60; pp. 102878 2214-2126; Disponible en: https://www.sciencedirect.com/science/article/pii/S2214212621001058; http://dx.doi.org/10.1016/j.jisa.2021.102878. Disponible en: 10.1016/j.jisa.2021.102878.
dc.sourceOwasp,; OWASP org. Disponible en: https://owasp.org/.
dc.sourceOwasp,; OWASP top ten. Disponible en: https://owasp.org/www-project-top-ten/.
dc.sourceButow, Tammy; Gremlin Certified Chaos Engineering Practiotioner.
dc.sourceButow, Tammy; Gremlin Certified Chaos Engineering Professional.
dc.sourceAdkins, H; Beyer, B; Blankinship, P; Oprea, A; Lewandowski, P; Stubblefield, A (2020) Building Secure and Reliable Systems: Best Practices for Designing,. : O'Reilly Media; 9781492083122;
dc.sourceKamal, Alya Hannah Ahmad; Yen, Caryn Chuah Yi; Hui, Gan Jia; Ling, Pang Sze; Fatima-tuz-Zahra, (2020) Risk Assessment, Threat Modeling and Security Testing in SDLC. En: arXiv [cs.SE]. Disponible en: http://arxiv.org/abs/2012.07226.
dc.sourceMiles, R (2019) Chaos Engineering Observability. : O'Reilly Media, Incorporated; 9781492051039;
dc.sourceRoa, Yury Niño (2022) Chaos Engineering and Observability with Visual Metaphors. : InfoQ; Disponible en: https://www.infoq.com/articles/chaos-engineering-observability-visual-metaphors/?utm_campaign=infoq_content&utm_source=twitter&utm_medium=feed&utm_term=culture-methods.
dc.sourceMateo Tudela, Francesc; Bermejo Higuera, Juan-Ramón; Bermejo Higuera, Javier; Sicilia Montalvo, Juan-Antonio; Argyros, Michael I (2020) On Combining Static, Dynamic and Interactive Analysis Security Testing. En: Applied Sciences. Vol. 10; No. 24; 2076-3417;
dc.sourceinstname:Universidad del Rosario
dc.sourcereponame:Repositorio Institucional EdocUR
dc.subjectVulnerabilidades
dc.subjectServicios manejados en la nube
dc.subjectCaos de la seguridad
dc.subjectÁrboles de ataque
dc.titleChaosXploit: A Security Chaos Engineering framework based on Attack Trees
dc.typebachelorThesis


Este ítem pertenece a la siguiente institución