Digital Twins for Cloud Security

Security penetration testing of cloud-based systems typically requires direct access to the production environment, which introduces legal, operational, and cost-related constraints. In many cases, conducting extensive security tests on the original system is impractical due to potential service disruption, compliance requirements, or financial overhead. This thesis proposal explores the use of a digital twin of a cloud system as an alternative environment for security pentesting. The goal of the project is to design and implement a cloud-based digital twin that faithfully replicates the network structure, exposed services, and security-relevant characteristics of the original system. A key focus is on evaluating the fidelity of the digital twin by comparing penetration testing results obtained from both environments. The work will involve the use of standard security assessment tools, such as Nmap, to measure similarities and discrepancies in attack surfaces and observable behaviors. The thesis will investigate the challenges and limitations of creating faithful security-oriented digital twins and aims to assess their suitability for realistic cloud security testing scenarios.