Sie sind auf Seite 1von 4

FLORIDA INSTITUTE OF TECHNOLOGY

UNDERSTANDING CLOUD COMPUTING VULNERABILITIES


An Article Summar
AN ARTICLE SUMMARY ASSIGNMENT SUBMITTED TO!
DR" #ILLIAM ALLEN
IN PARTIAL FULFILLMENT OF THE RE$UIREMENTS FOR
CYB %&''! SECURE COMPUTER SYSTEMS AND ORGANI(ATION
BY
CRAIG CANNON
MELBOURNE) FLORIDA
APRIL *+TH &,*-
T.ere i/ n0t a 1a t.at 20e/ 3 4.ere I .a5en6t /een a c0mmercial) rea1 it in a 3007) 0r
e5en /een it in a ma2a8ine article) /0me menti0n 09 t.e term cl0u1 c0m:utin2" T.i/ c0nce:t) t.i/
ne4 i1ea 09 cl0u1 c0m:utin2 t.at man 09 u/ 0l1 timer/ 7n04 a30ut actuall i/n6t a ne4 c0nce:t
at all 3ut /im:l an1 0l1 i1ea 4it. ne4 tec.n0l02 t.at a/ it /tan1/ n04 i/ :0i/e1 t0 c.an2e
e5ert.in2 /:eci9icall in t.e IT in1u/tr 4.ere it 4ill initiall .a5e t.e 2reate/t im:act"
Ne5ert.ele//) li7e all ne4 tec.n0l02ie/ t.ere are r0a1 3l0c7/ t0 it/ a::r05al an1 cl0u1 c0m:utin2
i/ n0 e;ce:ti0n" T.e 3i22e/t r0a1 3l0c7 t0 it/ acce:tance i/ centere1 0n /ecurit" Sim:l /tate1)
man :e0:le are n0t c0m90rta3le 4it. t.e /ecurit a/:ect/ 09 cl0u1 c0m:utin2 3ecau/e t.e
/im:l 10n6t un1er/tan1 t.e ri/7/) t.reat/) an1 5ulnera3ilitie/ /urr0un1in2 t.i/ ne4 tec.n0l02"
In <Un1er/tan1in2 Cl0u1 C0m:utin2 Vulnera3ilitie/= aut.0r6/ Berna1 Gr03au/er) T03ia/
#all0/c.e7) an1 Elmar Stic7er 10 an1 e;cellent >03 09 a11re//in2 t.e/e/ c0ncern/ an1 cite/
/i2ni9icant cl0u1?/:eci9ic i//ue/ in an un1er/tan1a3le manner t.at alm0/t an0ne can
c0m:re.en1 an1 c0me t0 a::reciate t.e im:0rtance 09 t.e man ri/7 9act0r/ im:actin2 cl0u1
c0m:utin2"
T.e article /tart/ 0ut 3 1e9inin2 /0me 3a/ic /ecurit relate1 term/ t0 /.04 .04 t.e
relate t0 cl0u1 c0m:utin2" T.e O:en Gr0u:6/ ri/7 ta;0n0m an1 ISO&@,,% ri/7 9act0r/ are 30t.
menti0ne1 a/ u/e9ul 05er5ie4 t00l/ t0 re9er t0 4.en c0n/i1erin2 l0// e5ent 9reAuencie/ an1 ri/7
9act0r/" Acc0r1in2 t0 t.e article) a l0// e5ent 0ccur/ 4.en a .ac7er /ucce//9ull e;:l0it/
5ulnera3ilit" T.e 0ccurrence 09 /uc. an e5ent i/ 1e:en1ent u:0n it/ 9reAuenc 09 0ccurrence"
T.i/ 9reAuenc i/ 3a/e1 0n t.e attac7er6/ m0ti5ati0n) .i/ e990rt/) .i/ ri/7/ an1 current le5el 09
acce//) a/ 4ell a/ t.e //tem/ a3ilit t0 1e9en1 a2ain/t an attac7" Acc0r1in2 t0 t.e article
5ulnera3ilit i/ /een a/ a 4ea7 re/i/tance an1 4.en t.e/e 4ea7ne//e/ are rem05e1) /ecurit i/
im:r05e1" U:1ate/ an1 :atc.e/ are 0ne 4a 09 increa/in2 /ecurit in an e990rt t0 /t0: attac7er/
9r0m ta7in2 a15anta2e 09 t.e/e 4ea7ne//e/"
T.e article 10e/ an e;cellent >03 09 :re/entin2 ri/7 9act0r ta;0n0m in t.e 90rm 09 a
1ia2ram" In a nut/.ell) t.e 1ia2ram /.04/ t.at t.ere i/ n0 1i99erence in t.e 1e2ree 09 l0//e/ 9r0m
a 1ata 5i0lati0n 9r0m t.e cl0u1 cu/t0mer6/ 5ie4:0int an1 t.e n0rmal IT in9ra/tructure 5ie4:0int"
H04e5er) 4.en 4e l007 at t.e 5ie4:0int 09 t.e cl0u1 :r05i1er t.e im:act 4a/ 2reater an1
clearl /.04/ .04 5ulnera3ilitie/ can in9luence t.e l0// e5ent 9reAuenc" In t.e article t.ere i/
menti0n 09 t.e term <cl0u1?/:eci9ic <5ulnera3ilit" T.i/ term in e//ence im:lie/ t.at t.ere are
certain 4ea7ne//e/ t.at are 0nl tar2ete1 90r t.e cl0u1" T.ere are man 1i99erent tec.n0l02ie/
ma7in2 u: t.e cl0u1 c0m:utin2 c0nce:tual i1ea" F0r in/tance) 4e3 a::licati0n/ an1 /er5ice/ li7e
SaaS) PaaS) an1 IaaS all /it 0n t0: 09 /0me /0rt 09 5irtuali8ati0n 90un1ati0n an1 e5entuall nee1
t0 u/e /0me /0rt 09 cr:t02ra:. t0 .an1le t.eir c0n9i1entialit nee1/" EAuall im:0rtant) t.e
Nati0nal In/titute 09 Stan1ar1/ an1 Tec.n0l02 BNISTC 10e/ a 2reat >03 09 1e9inin2 t.e 5ari0u/
IT cl0u1 3a/e1 /er5ice c.aracteri/tic/" In /ummar NIST /tate/ t.at 0n?1eman1 /el9 /er5ice
all04/ u/er/ t0 0r1er an1 mana2e /er5ice/ 4it.0ut an .uman interacti0n 4it. t.e /er5ice
:r05i1er" T.i/ met.01 i/ 10ne t.r0u2. a u3iAuit0u/ net40r7 4.ere t.e cl0u1 i/ acce//e1 t.r0u2.
t.e internet" M0/t 09 t.e cl0u1 /er5ice/ are /.are1 4it. 0t.er/ u/in2 re/0urce :00lin2 an1 i9 m0re
re/0urce/ are nee1e1 /cala3ilit i/ :r05i1e1 3 a :r0ce// calle1 ra:i1 ela/ticit" All in all t.e/e/
/er5ice/ an1 re/0urce/ are 30t. m0nit0re1 an1 metere1 3 mea/ure1 /er5ice t:e 3u/ine//
m01el/"
Acc0r1in2 t0 t.e article) a/ a re/ult 09 t.e/e i1ea/ cl0u1 /:eci9ic 5ulnera3ilitie/ can
clearl 3e 1e9ine1 a/ 0ne t.at .a/ it r00t cau/e/ in 0ne 09 t.e/e NIST c.aracteri/tic/ an1
9urt.erm0re ma7e/ it 1i99icult t0 u/e t.e tra1iti0nal /ecurit c0ntr0l/ in an 09 it/ 099erin2/ an1
m0/t im:0rtantl in it/ c0re cl0u1 c0m:utin2 tec.n0l02" #.en an 09 t.e/e c.aracteri/tic/ are
im:acte1 in t.e manner 4e >u/t menti0n) cl0u1 c0m:utin2 /ecurit i/ at /ta7e lea1in2 t0 cl0u1
3a/e1 4ea7ne//e/" Becau/e 09 t.e/e t:e 9un1amental 9la4/) t.e c0re :art/ 09 cl0u1 c0m:utin2
/uc. a/! 4e3 a::licati0n/ an1 /er5ice/) 5irtuali8ati0n) an1 cr:t02ra:. .a5e 3uilt in
/u/ce:ti3ilitie/" T.e/e inclinati0n/ in50l5e t.in2/ /uc. a/! e/ca:in2 9r0m a 5irtual mac.ine 4.ere
an attac7er c0ul1 :0//i3l 3rea7 a4a 9r0m a 5irtual en5ir0nment int0 an0t.er en5ir0nment)
:er90rm /e//i0n ri1in2 an1 .i>ac7in2 4.ere an attac7er c0ul1 ta7e 05er 0r .i>ac7 a u/er/ /e//i0n
an1 im:er/0nate t.at u/er) 0r 9inall e5en 1e9 /0me 03/0lete cr:t02ra:. 4.ere t.e attac7er
rec02ni8e/ t.at t.e cr:t02ra:.ic al20rit.m t.at t.e cl0u1 :r05i1er i/ u/in2 .a/ alrea1 3een
crac7e1 an1 t.ere90re .e u/e/ it t0 .i/ a15anta2e t0 .ac7 int0 t.e //tem" All 09 t.e/e
5ulnera3ilitie/ l0cate1 at t.e 5er c0re 09 cl0u1 c0m:utin2 are 5er real :0//i3ilitie/ in t.e cl0u1
c0m:utin2 en5ir0nment"
S0me 09 t.e 4ea7 /:0t/ in50l5in2 t.e critical cl0u1 c.aracteri/tic/ cite1 3 t.e article are
/ituati0n/ 4.ere! unaut.0ri8e1 acce// t0 t.e mana2ement inter9ace 0ccurre1? 4.ere an attac7er
20t acce// t0 a client/ mana2ement inter9ace an1 1i1 c0n/i1era3le 1ama2e 0r acce//e1
c0n9i1ential in90rmati0n) t.ere 4a/ an internet :r0t0c0l i//ue? 4.ere a man in t.e mi11le attac7
0ccurre1 an1 t.e attac7er 4a/ a3le t0 im:er/0nate a :er/0n an1 2ain acce// t0 /en/iti5e
in90rmati0n 0r aut.0ri8e1 area/) t.ere 4a/ a 1ata rec05er 9la4? 4.ere 05er4ritten 1ata 90rm 0ne
client 4a/ actuall rec05era3le 3 a t0tall 1i99erent client 3ecau/e t.e 30t. at 0ne time u/e1 t.e
/ame area 0n t.e .ar1 1ri5e) an1 9inall a meterin2 an1 3illin2 c0ncern? 4.ere 1ata mani:ulati0n
0ccurre1 an1 a :er/0n 4a/ 05er 3ille1 0r un1er 3ille1 an1 /er5ice/ 4ere im:acte1 a/ a re/ult" One
2001 :0int t.e article ma1e in50l5e1 c0ntr0l c.allen2e 5ulnera3ilitie/" In cl0u1 3a/e1
en5ir0nment/ t.in2/ /uc. a/ net40r7 /cannin2 0r IP 3a/e1 net40r7 80nin2 can 3e a::lie1
3ecau/e it/ 1i99icult t0 1i/tin2ui/. 3et4een 4.en it6/ a 9rien1l /can 0r a net40r7 attac7" Al/0
3ecau/e 5irtual mac.ine/ u/e 30t. real net40r7/ an1 5irtual net40r7/ it/ 1i99icult t0 a::l t.e
tra1iti0nal net40r7?le5el /ecurit c0ntr0l/ in t.i/ t:e 09 en5ir0nment" Ot.er :r03lem/ 4it. t.e/e
7n04n /ecurit c0ntr0l/ are :00r 7e mana2ement :r0ce1ure/ 3ecau/e 5irtual mac.ine/ 10n6t
.a5e a//0ciate1 .ar14are 9eature/ an1 n0n?/tan1ar1 /ecurit metric/ 4.ic. 9ail t0 all04 an t:e
09 m0nit0rin2 0r au1itin2 t0 0ccur"
I reall 4a/ /ur:ri/e1 t.at t.e article :0inte1 0ut t.at c0n5enti0nal 5ulnera3ilitie/ /uc. a/
S$L in>ecti0n) cr0//?/ite /cri:tin2BDSSC) c0mman1 in>ecti0n) an1 4ea7 aut.enticati0n met.01/
all /till a::l an1 t.u/ can 3e c0n/i1ere1 a/ cl0u1 /:eci9ic t:e 4ea7ne//e/ 4.en it c0me/ t0
cl0u1 c0m:utin2" T.e/e l0n2?e/ta3li/.e1 4ea7ne//e/ are 4ell 7n04n in t.e n0n?cl0u1 3a/e1
in9ra/tructure/ an1 40ul1 n0rmall 3e c0n/i1ere1 a/ miti2ate1 ri/7/ in t.e cl0u1 en5ir0nment"
H04e5er) a/ /tate1 in t.e article t.at i/ clearl n0t t.e ca/e"
Finall) t.e article :r05i1e/ a 2reat 1ia2ram 09 t.e cl0u1 re9erence arc.itecture" T.i/
1ia2ram i/ 3r07en 104n int0 t.ree 5ital area/ an1 10e/ a 2reat >03 09 ma::in2 cl0u1 /:eci9ic
5ulnera3ilitie/ t0 eac. 09 it/ c0m:0nent/" T.e t.ree c0m:0nent/ 09 t.e m01el are! c0m:utati0n)
/t0ra2e) an1 c0mmunicati0n an1 eac. .a5e t.eir 04n in1e:en1ent 5ulnera3ilitie/" C0m:utati0nal
re/0urce/ 3i22e/t 5ulnera3ilit in50l5e/ .04 5irtual mac.ine ima2e/ are mana2e1" I9 an ima2e1
.a/ 3een rente1 an1 /tu1ie1 3 an attac7er) t.e attac7er ma 3e a3le t0 i1enti9 it/ 5ulnera3ilitie/
an1 /et u: a 3ac7100r t0 2et in" I9 in turn t.e/e ima2e/ are 1i/tri3ute1 05er /e5eral client/ n04
t.e :r03lem 4ill 3e 4i1e/:rea1" St0ra2e .a/ it/ 04n 5ulnera3ilitie/ in50l5in2 1ata 1e/tructi0n" I9
a .ar1 1ri5e t.at tenant 0ne u/e t0 u/e i/ n0t 1e/tr0e1 3ut in/tea1 3ein2 u/e1 3 tenant & t.i/
ma 3ec0me a /ecurit i//ue /ince 1ata lea7a2e c0ul1 0ccur" An cr:t02ra:. al20rit.m/
:lace1 0n t.e 1ata c0ul1 3e ea/il crac7e1 /ince m0/t al20rit.m/ are n04 4ell 7n04n"
C0mmunicati0n 5ulnera3ilitie/ inclu1e /.are1 net40r7 re/0urce/ li7e DNS an1 DHCP 4.ere
cr0// tenant attac7/ c0ul1 0ccur" #.et.er it/ client /i1e 0r 3r04/er /i1e 5ulnera3ilitie/) cl0u1
c0m:utin2 i/ in c0n/tant 1e5el0:ment" M0re an1 m0re c.allen2e/ 4ill c0ntinue t0 0ccur 90r t.i/
ne4 in1u/tr" A/ t.e cl0u1 c0m:utin2 9iel1 c0ntinue/ t0 e50l5e i1enti9in2 an1 un1er/tan1in2
cl0u1?/:eci9ic 4ea7ne//e/ a/ t.e materiali8e 4ill 3e 09 t.e utm0/t im:0rtance t0 it/ c0ntinual
/ucce//"
Re9erence/
Gr03auer) B") #all0/c.e7) T") an1 St0c7er) E" B&,**C
Understanding Cloud Computing Vulnerabilities
C0?Pu3li/.e1 3 T.e IEEE C0m:uter an1 relia3ilit S0cietie/ Marc.EA:ril &,**

Das könnte Ihnen auch gefallen