Ecole d'ingénieur et centre de recherche en Sciences du numérique

A security analysis of amazon's elastic compute cloud service

Balduzzi, Marco; Zaddach, Jonas; Balzarotti, Davide; Kirda, Engin; Loureiro, Sergio

SAC 2012, 27th ACM Symposium On Applied Computing, Security Track, March 26-30, 2012, Trento, Italy

Cloud services such as Amazon's Elastic Compute Cloud and IBM's SmartCloud are quickly changing the way organizations are dealing with IT infrastructures and are providing online services. Today, if an organization needs computing power, it can simply buy it online by instantiating a virtual server image on the cloud. Servers can be quickly launched and shut down via application programming interfaces, offering the user a greater exibility compared to traditional server rooms. This paper explores the general security risks associated with using virtual server images from the public catalogs of cloud service providers. In particular, we investigate in detail the security problems of public images that are available on the Amazon EC2 service. We describe the design and implementation of an automated system that we used to instantiate and analyze the security of public AMIs on the Amazon EC2 platform, and provide detailed descriptions of the security tests that we performed on each image. Our findings demonstrate that both the users and the providers of public AMIs may be vulnerable to security risks such as unauthorized access, malware infections, and loss of sensitive information. The Amazon Web Services Security Team has acknowledged our findings, and has already taken steps to properly address all the security risks we present in this paper.  

Document Doi Bibtex

Titre:A security analysis of amazon's elastic compute cloud service
Mots Clés:Cloud Computing, Elastic Compute Cloud Service, Security
Type:Conférence
Langue:English
Ville:Trento
Pays:ITALIE
Date:
Département:Sécurité numérique
Eurecom ref:3548
Copyright: © ACM, 2012. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in SAC 2012, 27th ACM Symposium On Applied Computing, Security Track, March 26-30, 2012, Trento, Italy http://dx.doi.org/10.1145/2245276.2232005
Bibtex: @inproceedings{EURECOM+3548, doi = {http://dx.doi.org/10.1145/2245276.2232005}, year = {2012}, title = {{A} security analysis of amazon's elastic compute cloud service}, author = {{B}alduzzi, {M}arco and {Z}addach, {J}onas and {B}alzarotti, {D}avide and {K}irda, {E}ngin and {L}oureiro, {S}ergio}, booktitle = {{SAC} 2012, 27th {ACM} {S}ymposium {O}n {A}pplied {C}omputing, {S}ecurity {T}rack, {M}arch 26-30, 2012, {T}rento, {I}taly}, address = {{T}rento, {ITALIE}}, month = {03}, url = {http://www.eurecom.fr/publication/3548} }
Voir aussi: