Design and Implementation of an Open-Source Security Framework for Cloud Infrastructure

Computer Science > Cryptography and Security [Submitted on 3 Apr 2026] Design and Implementation of an Open-Source Security Framework for Cloud Infrastructure Wanru Shao Misconfiguration, excessive privilege, and tool fragmentation remain the main reasons why enterprise cloud environments are breached. Recent reports on cloud-native application protection note that most incidents can be traced back to configuration or identity errors rather than platform flaws, and that organizations still need separate tools to watch Kubernetes, OpenStack, and infrastructure-as-code. To address this gap, this paper presents an open-source cloud-infrastructure security framework built with a microservice architecture. The framework integrates four core services: 1) identity and access control unification, 2) configuration-baseline intelligent checking over Kubernetes and OpenStack assets, 3) real-time threat monitoring based on Falco-style runtime rules and ELK-based analytics, and 4) automated remediation that consumes Terraform plans and Checkov/OPA policy results to roll back or harden resources. It provides automated deployment, supports 50-200-node clusters, and exposes uniform REST and gRPC interfaces for extension. In an enterprise-grade testbed, vulnerability-assessment time was reduced from 120 min as baseline toolchain to 18 min, with false-positive rate below 5%. After continuous deployment, the number of observable security events dropped by 62%. The project is released under Apache 2.0 to lower entry cost by about 40% for small and medium teams. Subjects: Cryptography and Security (cs.CR) Cite as: arXiv:2604.03331 [cs.CR]   (or arXiv:2604.03331v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2604.03331 Focus to learn more Submission history From: Wanru Shao [view email] [v1] Fri, 3 Apr 2026 03:50:11 UTC (1,014 KB) Access Paper: view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-04 Change to browse by: cs References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)