Businesses and organisations are increasingly outsourcing their ICT services to cloud environments, mostly driven by considerations such as cost efficiency, streamlined processes, and security. In her PhD research at the Centre for Security and Digitalisation (CVD) in Apeldoorn, Sousan Tarahomi (EEMCS – DACS group) addresses a fundamental question: "Does the cloud make us more secure, or is it merely changing the type of threats we are exposed to?"
While motivations for outsourcing vary, including simplifying processes and reducing cost, improving security is one of the main reasons for migrating to the cloud. Additionally, there is a growing trend towards building ”cloud-on-cloud” systems, where one cloud service (e.g. a cloud system for managing company finances) is built upon another cloud service (e.g. a virtual machine provider).
Dominant players
Sousan Tarahomi studies the deeper coherence of cloud infrastructure, and with good reason: "As you move further down the infrastructure stack, the likelihood of becoming dependent on one of the dominant players increases," she explains.
In particular, the infrastructure-as-a-service (virtual machine) market is dominated by a few major players, including Amazon, Cloudflare, and Microsoft. Since cloud providers offer various critical services, such as DNS (Domain Name System) resolving, an attack on the cloud infrastructure could potentially disrupt numerous other services that rely on it. The Domain Name System (DNS) is often described as the phonebook of the Internet: humans access information online through domain names, and DNS translates these names into IP addresses.
Security risks
"Our focus is on identifying vulnerabilities and single points of failure at the network and infrastructure level, using a data-driven approach", Sousan states. "This is a completely new approach to this research area. In doing so, we aim to contribute to a more comprehensive understanding of security risks in cloud environments."
In the first phase of the research, Sousan delves deeply into fundamental questions: how is the cloud defined? How can it be characterised? And what new research methods can be analysed? Using Open Intelligence as a tool, Sousan gains a deeper understanding of the market share and domination of the major cloud providers in different services such as DNS, email, and web hosting.
Conference
In a first publication presented at the NetSoft Conference in Madrid in June 2023, Sousan’s research questions and design were approved, specifying the testing method to detect cloud systems through open intelligence combined with machine learning tools.
Sousan comments: "I am motivated to change how people think about cloud identity and security issues. Relying solely on big providers is not a cure-all, in my opinion. In fact, small providers can often help make businesses and organisations less vulnerable to business-threatening attacks and improve overall cybersecurity."
"It is still a long way to conclusively prove this", she adds."The dynamics and impact of the research drive my personal motivation. In this PhD project, everything comes together. For my future career, I hope to find this balance again. A job in the industry would be particularly interesting if the company or organisation is open to developing new technologies and gives innovative research methods a fair chance. Working as an academic researcher could also be fulfilling, provided societal impact is valued alongside scientific publications."
ABOUT the CVD
The Centre for Security and Digitalisation (CVD) addresses key challenges in digitalisation and security. It brings together knowledge institutions, businesses, and government organisations to collaborate on research and education in digital safety. The CVD supports professional development and research, with the University of Twente as one of its founding partners.
This article was written by Egbert van Hattem and published by the CVD.