A Novel Framework to Carry Out Cloud Penetration Test
Автор: Jianbin Hu, Yonggang Wang, Cong Tang, Zhi Guan, Fengxian Ren, Zhong Chen
Журнал: International Journal of Computer Network and Information Security(IJCNIS) @ijcnis
Статья в выпуске: 3 vol.3, 2011 года.
Бесплатный доступ
In current cloud services, users put their data and resources into the cloud so as to enjoy the on-demand high quality applications and services. Different from the conventional services, users in cloud services lose control of their data which is instead manipulated by the large-scale cloud. Therefore, cloud service providers (CSP) guarantee that the cloud which they provide is of high confidence in accuracy and integrity. Traditional penetration test is carried out manually and has low efficiency. In this paper, we propose FPTC, a novel framework of penetration test in cloud environment. In FPTC, there are managers, executors and toolkits. FPTC managers guide FPTC executors to gather information from the cloud environment, generate appropriate testing scenarios, run matched tools in the toolkit and collect test results to do evaluation. The capacity and quality of the toolkit is a key issue in FPTC. We develop a prototype in which FPTC is implemented and the experimental results show that FPTC is helpful to automatically carry out penetration test in cloud environment.
Penetration test, cloud computing, high confidence, framework
Короткий адрес: https://sciup.org/15011016
IDR: 15011016
Список литературы A Novel Framework to Carry Out Cloud Penetration Test
- “Penetration Test. http://en.wikipedia.org/wiki/Penetration test/.”
- C. Cachin, I. Keidar, and A. Shraer, “Trusting the cloud,” SIGACT News, vol. 40, no. 2, pp. 81–86, 2009.
- M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz, A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “Above the clouds: A berkeley view of cloud computing,” in EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2009-28., 2009. [Online]. Available: http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.html
- A. Haeberlen, P. Kouznetsov, and P. Druschel, “Peerreview: practical accountability for distributed systems,” in SOSP, 2007, pp. 175–188.
- A. Haeberlen, I. C. Avramopoulos, J. Rexford, and P. Druschel, “Netreview: Detecting when interdomain routing goes wrong,” in NSDI, 2009, pp. 437–452.
- N. Michalakis, R. Soule, and R. Grimm, “Ensuring content integrity for untrusted peer-to-peer content distribution networks,” in NSDI, 2007.
- A. R. Yumerefendi and J. S. Chase, “Strong accountability for network storage,” TOS, vol. 3, no. 3, 2007.
- L. Lamport, R. Shostak, and M. Pease, “The byzantine generals problem,” ACM Trans. Program. Lang. Syst., vol. 4, no. 3, pp. 382–401, 1982.
- M. C. Pease, R. E. Shostak, and L. Lamport, “Reaching agreement in the presence of faults,” J. ACM, vol. 27, no. 2, pp. 228–234, 1980.
- L. Lamport, “Using time instead of timeout for faulttolerant distributed systems,” ACM Trans. Program. Lang. Syst., vol. 6, no. 2, pp. 254–280, 1984.
- F. B. Schneider, “Implementing fault-tolerant services using the state machine approach: A tutorial,” ACM Comput. Surv., vol. 22, no. 4, pp. 299–319, 1990.
- M. Castro and B. Liskov, “Practical byzantine fault tolerance and proactive recovery,” ACM Trans. Comput. Syst., vol. 20, no. 4, pp. 398–461, 2002.
- H. V. Ramasamy, A. Agbaria, and W. H. Sanders, “A parsimonious approach for obtaining resource-efficient and trustworthy execution,” IEEE Trans. Dependable Sec. Comput., vol. 4, no. 1, pp. 1–17, 2007.
- J. Yin, J.-P. Martin, A. Venkataramani, L. Alvisi, and M. Dahlin, “Separating agreement from execution for byzantine fault tolerant services,” in SOSP, 2003, pp. 253–267.
- G. Bracha and S. Toueg, “Asynchronous consensus and broadcast protocols,” J. ACM, vol. 32, no. 4, pp. 824–840, 1985.
- A. S. Aiyer, L. Alvisi, A. Clement, M. Dahlin, J.-P. Martin, and C. Porth, “Bar fault tolerance for cooperative services,” in SOSP, 2005, pp. 45–58.
- G. Bracha, “Asynchronous byzantine agreement protocols,” Inf. Comput., vol. 75, no. 2, pp. 130–143, 1987.
- T. K. Srikanth and S. Toueg, “Simulating authenticated broadcasts to derive simple fault-tolerant algorithms,” Distributed Computing, vol. 2, no. 2, pp. 80–94, 1987.
- G. Neiger and S. Toueg, “Automatically increasing the fault-tolerance of distributed systems,” in PODC, 1988, pp. 248–262.
- B. A. Coan, “A compiler that increases the fault tolerance of asynchronous protocols,” IEEE Trans. Computers, vol. 37, no. 12, pp. 1541–1553, 1988.
- R. A. Bazzi and G. Neiger, “Simplifying fault-tolerance: providing the abstraction of crash failures,” J. ACM, vol. 48, no. 3, pp. 499–554, 2001.
- N. Santos, K. P. Gummadi, and R. Rodrigues, “Towards trusted cloud computing,” in HotCloud’09: Proceedings of the 2009 conference on Hot topics in cloud computing. Berkeley, CA, USA: USENIX Association, 2009, pp. 3–3.