Sign In

Communications of the ACM

ACM TechNews

Careless Behavior of Cloud ­sers Leads to Crucial Security Threats

View as: Print Mobile App Share:

Cloud computing security experts often focus on the underlying infrastructure and provider, but a new analysis from researchers at Fraunhofer SIT and the System Security Lab at the Technische Universitat Darmstadt sheds light on the consequences of the careless behavior of users.

The researchers studied the cloud services published by customers of Amazon Web Services and found that at least one-third of the 1,100 public Amazon Machine Images have flawed configurations. Amazon provides detailed security recommendations on its Web pages, but the researchers were able to extract critical security data such as passwords, cryptographic keys, and certificates. Attackers would be able to use the information to operate criminal virtual infrastructures, manipulate Web services, or circumvent security mechanisms.

"The problem clearly lies in the customers' unawareness and not in Amazon Web Services," says professor Ahmad-Reza Sadeghi from the Darmstadt Research Center for Advanced Security. "We believe that customers of other cloud providers endanger themselves and other cloud users similarly by ignoring or underestimating security recommendations."

From Technische Universitat Darmstadt
View Full Article

Abstracts Copyright © 2011 Information Inc. External Link, Bethesda, Maryland, USA 


No entries found