HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Virtual machine contracts for datacenter and cloud computing environments
ACDC '09 Proceedings of the 1st workshop on Automated control for datacenters and clouds
Managing security of virtual machine images in a cloud environment
Proceedings of the 2009 ACM workshop on Cloud computing security
Security audits of multi-tier virtual infrastructures in public infrastructure clouds
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Protecting grids from cross-domain attacks using security alert sharing mechanisms
Future Generation Computer Systems
Position paper: cloud-based performance testing: issues and challenges
Proceedings of the 2013 international workshop on Hot topics in cloud services
Security vulnerabilities from inside and outside the Eucalyptus cloud
Proceedings of the 6th Balkan Conference in Informatics
Appinspect: large-scale evaluation of social networking apps
Proceedings of the first ACM conference on Online social networks
VM image update notification mechanism based on pub/sub paradigm in cloud
Proceedings of the 5th Asia-Pacific Symposium on Internetware
DupLESS: server-aided encryption for deduplicated storage
SEC'13 Proceedings of the 22nd USENIX conference on Security
CloRExPa: Cloud resilience via execution path analysis
Future Generation Computer Systems
Hi-index | 0.00 |
Cloud services such as Amazon's Elastic Compute Cloud and IBM's SmartCloud are quickly changing the way organizations are dealing with IT infrastructures and are providing online services. Today, if an organization needs computing power, it can simply buy it online by instantiating a virtual server image on the cloud. Servers can be quickly launched and shut down via application programming interfaces, offering the user a greater flexibility compared to traditional server rooms. This paper explores the general security risks associated with using virtual server images from the public catalogs of cloud service providers. In particular, we investigate in detail the security problems of public images that are available on the Amazon EC2 service. We describe the design and implementation of an automated system that we used to instantiate and analyze the security of public AMIs on the Amazon EC2 platform, and provide detailed descriptions of the security tests that we performed on each image. Our findings demonstrate that both the users and the providers of public AMIs may be vulnerable to security risks such as unauthorized access, malware infections, and loss of sensitive information. The Amazon Web Services Security Team has acknowledged our findings, and has already taken steps to properly address all the security risks we present in this paper.