Title :
Bypassing Cloud Providers´ data validation to store arbitrary data
Author :
Machado, Guilherme Sperb ; Hecht, Fabio V. ; Waldburger, Martin ; Stiller, Burkhard
Author_Institution :
Dept. of Inf. IFI, Univ. of Zurich, Zurich, Switzerland
Abstract :
A fundamental Software-as-a-Service (SaaS) characteristic in Cloud Computing is to be application-specific; depending on the application, Cloud Providers (CPs) restrict data formats and attributes allowed into their servers via a data validation process. An ill-defined data validation process may directly impact both security (e.g. application failure, legal issues) and accounting and charging (e.g. trusting metadata in file headers). Therefore, this paper investigates, evaluates (by means of tests), and discusses data validation processes of popular CPs. A proof of concept system was thus built, implementing encoders carefully crafted to circumvent data validation processes, ultimately demonstrating how large amounts of unaccounted, arbitrary data can be stored into CPs.
Keywords :
cloud computing; security of data; storage management; accounting; arbitrary data storage; charging; cloud computing; cloud provider; data format; data validation process; security; software as a service; Cascading style sheets; Electronic mail; Google; Security; Servers; Software as a service; Cloud Computing; Cloud Providers; Cloud Services; Data Validation; Security; Software-as-a-Service;
Conference_Titel :
Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on
Conference_Location :
Ghent
Print_ISBN :
978-1-4673-5229-1
