• DocumentCode
    627427
  • Title

    Bypassing Cloud Providers´ data validation to store arbitrary data

  • Author

    Machado, Guilherme Sperb ; Hecht, Fabio V. ; Waldburger, Martin ; Stiller, Burkhard

  • Author_Institution
    Dept. of Inf. IFI, Univ. of Zurich, Zurich, Switzerland
  • fYear
    2013
  • fDate
    27-31 May 2013
  • Firstpage
    1
  • Lastpage
    8
  • Abstract
    A fundamental Software-as-a-Service (SaaS) characteristic in Cloud Computing is to be application-specific; depending on the application, Cloud Providers (CPs) restrict data formats and attributes allowed into their servers via a data validation process. An ill-defined data validation process may directly impact both security (e.g. application failure, legal issues) and accounting and charging (e.g. trusting metadata in file headers). Therefore, this paper investigates, evaluates (by means of tests), and discusses data validation processes of popular CPs. A proof of concept system was thus built, implementing encoders carefully crafted to circumvent data validation processes, ultimately demonstrating how large amounts of unaccounted, arbitrary data can be stored into CPs.
  • Keywords
    cloud computing; security of data; storage management; accounting; arbitrary data storage; charging; cloud computing; cloud provider; data format; data validation process; security; software as a service; Cascading style sheets; Electronic mail; Google; Security; Servers; Software as a service; Cloud Computing; Cloud Providers; Cloud Services; Data Validation; Security; Software-as-a-Service;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on
  • Conference_Location
    Ghent
  • Print_ISBN
    978-1-4673-5229-1
  • Type

    conf

  • Filename
    6572963
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=627427