Open-Source Cloud Security Compliance Based on Policy Evidence Graphs

Daniel Morgan; De Anza College

Vol. 2 No. 1 (2026), Articles

Vol. 2 No. 1 (2026)

Open-Source Cloud Security Compliance Based on Policy Evidence Graphs

Articles

Published 2026-05-22

Daniel Morgan
De Anza College

Daniel Morgan

De Anza College

Keywords

cloud security
open-source security framework

Abstract

Cloud infrastructure security depends on continuous monitoring of identity permissions, configuration baselines, runtime behavior, and infrastructure-as-code compliance. However, fragmented tools often make it difficult for security teams to connect policy violations with operational evidence. This article proposes an open-source cloud security compliance framework based on policy evidence graphs. The framework organizes cloud assets, identities, vulnerabilities, runtime alerts, and remediation actions into a graph-based structure. Policy engines evaluate infrastructure configurations against security baselines, while runtime monitoring tools detect suspicious activities in containerized environments. The evidence graph enables analysts to trace each security finding back to affected resources, violated policies, and recommended remediation steps. The article emphasizes open-source extensibility, multi-cloud adaptability, and explainable compliance reporting. By transforming fragmented security signals into structured policy evidence, the proposed approach improves audit readiness, remediation prioritization, and cloud governance transparency.

References

Shao, W. (2026). Design and Implementation of an Open-Source Security Framework for Cloud Infrastructure. arXiv preprint arXiv:2604.03331.

Bao, W., Xu, K., & Leng, Q. (2024). Research on the Financial Credit Risk Management Model of Real Estate Supply Chain Based on GA-SVM Algorithm. Procedia Computer Science, 243, 900–909.

Wang, C., Zheng, G., Zhang, R., & Liu, X. (2026). DPPF: Dual-Path Pre-Fusion With Semantic-Guided Encoding for Remote Sensing Image Captioning. IEEE Journal of Selected Topics in Applied Earth Observations and Remote Sensing.

Guo, Z., Zhao, K., & Zhang, L. (2026). InstanceRSR: Real-World Super-Resolution via Instance-Aware Representation Alignment. ICASSP 2026 - 2026 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), Barcelona, Spain, 10577–10581. doi: 10.1109/ICASSP55912.2026.11462690.

FIRST. (2023). Common Vulnerability Scoring System Version 4.0 Specification Document.

National Institute of Standards and Technology. (2024). National Vulnerability Database: Vulnerability Metrics.

OWASP Foundation. (2023). OWASP Kubernetes Top Ten.

Center for Internet Security. (2024). CIS Kubernetes Benchmark.

The Linux Foundation. (2024). Open Policy Agent Documentation.

The Linux Foundation. (2024). Falco Documentation.

Arrieta, A. B., Díaz-Rodríguez, N., Del Ser, J., et al. (2020). Explainable artificial intelligence: Concepts, taxonomies, opportunities and challenges. Information Fusion, 58, 82–115.