All your clouds are belong to us - Security analysis of cloud management interfaces

Juraj Somorovsky*, Mario Heiderich, Meiko Jensen, Jörg Schwenk, Nils Gruschka, Luigi Lo Iacono

*Kontaktforfatter for dette arbejde

Publikation: Bidrag til bog/antologi/rapport/konference-proceedingKonferencebidrag i proceedingsForskningpeer review

Resumé

Cloud Computing resources are handled through control interfaces. It is through these interfaces that the new machine images can be added, existing ones can be modified, and instances can be started or ceased. Effectively, a successful attack on a Cloud control interface grants the attacker a complete power over the victim's account, with all the stored data included. In this paper, we provide a security analysis pertaining to the control interfaces of a large Public Cloud (Amazon) and a widely used Private Cloud software (Eucalyptus). Our research results are alarming: in regards to the Amazon EC2 and S3 services, the control interfaces could be compromised via the novel signature wrapping and advanced XSS techniques. Similarly, the Eucalyptus control interfaces were vulnerable to classical signature wrapping attacks, and had nearly no protection against XSS. As a follow up to those discoveries, we additionally describe the countermea-sures against these attacks, as well as introduce a novel "black box" analysis methodology for public Cloud interfaces.

OriginalsprogEngelsk
TitelProceedings of the ACM Conference on Computer and Communications Security
Antal sider12
Publikationsdato16. nov. 2011
Sider3-14
ISBN (Trykt)9781450310048
DOI
StatusUdgivet - 16. nov. 2011

Fingeraftryk

Cloud computing

Citer dette

Somorovsky, J., Heiderich, M., Jensen, M., Schwenk, J., Gruschka, N., & Iacono, L. L. (2011). All your clouds are belong to us - Security analysis of cloud management interfaces. I Proceedings of the ACM Conference on Computer and Communications Security (s. 3-14) https://doi.org/10.1145/2046660.2046664
Somorovsky, Juraj ; Heiderich, Mario ; Jensen, Meiko ; Schwenk, Jörg ; Gruschka, Nils ; Iacono, Luigi Lo. / All your clouds are belong to us - Security analysis of cloud management interfaces. Proceedings of the ACM Conference on Computer and Communications Security. 2011. s. 3-14
@inproceedings{7e18732fa3fb4cf0af26987a688568dc,
title = "All your clouds are belong to us - Security analysis of cloud management interfaces",
abstract = "Cloud Computing resources are handled through control interfaces. It is through these interfaces that the new machine images can be added, existing ones can be modified, and instances can be started or ceased. Effectively, a successful attack on a Cloud control interface grants the attacker a complete power over the victim's account, with all the stored data included. In this paper, we provide a security analysis pertaining to the control interfaces of a large Public Cloud (Amazon) and a widely used Private Cloud software (Eucalyptus). Our research results are alarming: in regards to the Amazon EC2 and S3 services, the control interfaces could be compromised via the novel signature wrapping and advanced XSS techniques. Similarly, the Eucalyptus control interfaces were vulnerable to classical signature wrapping attacks, and had nearly no protection against XSS. As a follow up to those discoveries, we additionally describe the countermea-sures against these attacks, as well as introduce a novel {"}black box{"} analysis methodology for public Cloud interfaces.",
keywords = "Security",
author = "Juraj Somorovsky and Mario Heiderich and Meiko Jensen and J{\"o}rg Schwenk and Nils Gruschka and Iacono, {Luigi Lo}",
year = "2011",
month = "11",
day = "16",
doi = "10.1145/2046660.2046664",
language = "English",
isbn = "9781450310048",
pages = "3--14",
booktitle = "Proceedings of the ACM Conference on Computer and Communications Security",

}

Somorovsky, J, Heiderich, M, Jensen, M, Schwenk, J, Gruschka, N & Iacono, LL 2011, All your clouds are belong to us - Security analysis of cloud management interfaces. i Proceedings of the ACM Conference on Computer and Communications Security. s. 3-14. https://doi.org/10.1145/2046660.2046664

All your clouds are belong to us - Security analysis of cloud management interfaces. / Somorovsky, Juraj; Heiderich, Mario; Jensen, Meiko; Schwenk, Jörg; Gruschka, Nils; Iacono, Luigi Lo.

Proceedings of the ACM Conference on Computer and Communications Security. 2011. s. 3-14.

Publikation: Bidrag til bog/antologi/rapport/konference-proceedingKonferencebidrag i proceedingsForskningpeer review

TY - GEN

T1 - All your clouds are belong to us - Security analysis of cloud management interfaces

AU - Somorovsky, Juraj

AU - Heiderich, Mario

AU - Jensen, Meiko

AU - Schwenk, Jörg

AU - Gruschka, Nils

AU - Iacono, Luigi Lo

PY - 2011/11/16

Y1 - 2011/11/16

N2 - Cloud Computing resources are handled through control interfaces. It is through these interfaces that the new machine images can be added, existing ones can be modified, and instances can be started or ceased. Effectively, a successful attack on a Cloud control interface grants the attacker a complete power over the victim's account, with all the stored data included. In this paper, we provide a security analysis pertaining to the control interfaces of a large Public Cloud (Amazon) and a widely used Private Cloud software (Eucalyptus). Our research results are alarming: in regards to the Amazon EC2 and S3 services, the control interfaces could be compromised via the novel signature wrapping and advanced XSS techniques. Similarly, the Eucalyptus control interfaces were vulnerable to classical signature wrapping attacks, and had nearly no protection against XSS. As a follow up to those discoveries, we additionally describe the countermea-sures against these attacks, as well as introduce a novel "black box" analysis methodology for public Cloud interfaces.

AB - Cloud Computing resources are handled through control interfaces. It is through these interfaces that the new machine images can be added, existing ones can be modified, and instances can be started or ceased. Effectively, a successful attack on a Cloud control interface grants the attacker a complete power over the victim's account, with all the stored data included. In this paper, we provide a security analysis pertaining to the control interfaces of a large Public Cloud (Amazon) and a widely used Private Cloud software (Eucalyptus). Our research results are alarming: in regards to the Amazon EC2 and S3 services, the control interfaces could be compromised via the novel signature wrapping and advanced XSS techniques. Similarly, the Eucalyptus control interfaces were vulnerable to classical signature wrapping attacks, and had nearly no protection against XSS. As a follow up to those discoveries, we additionally describe the countermea-sures against these attacks, as well as introduce a novel "black box" analysis methodology for public Cloud interfaces.

KW - Security

U2 - 10.1145/2046660.2046664

DO - 10.1145/2046660.2046664

M3 - Article in proceedings

AN - SCOPUS:80955143542

SN - 9781450310048

SP - 3

EP - 14

BT - Proceedings of the ACM Conference on Computer and Communications Security

ER -

Somorovsky J, Heiderich M, Jensen M, Schwenk J, Gruschka N, Iacono LL. All your clouds are belong to us - Security analysis of cloud management interfaces. I Proceedings of the ACM Conference on Computer and Communications Security. 2011. s. 3-14 https://doi.org/10.1145/2046660.2046664