It’s true. You don’t have to worry about physical equipment on the cloud. What about your data? Lately, there is a number of security concerns associated with cloud computing and one of them involves the protection of a client’s virtual machines (VM), data and running applications. For instance, a recent research showed that it is possible for software hosted by a cloud-computing provider to acquire data like encryption keys from software hosted on the same cloud.
To examine data security in a cloud environment together with two colleagues, Periklis Gkolias and Prof. Diomidis Spinellis, we performed a series of penetration tests on a number of virtual machines running different operating systems. All VMs were hosted on the Amazon Elastic Compute Cloud (EC2), which is a part of the Amazon Web Services (AWS) platform. To perform the penetration tests, we used the Tenable Nessus vulnerability scanner. Our methodology included the following steps; first, we retrieved a list of available Amazon machine images. Then we picked a random image, launched it on the cloud and retrieved its IP address. After that, we invoked the Nessus scanner and passed the IP address as a parameter to it. When the test was over, we terminated the image.
In total, we examined 70 VMs. The operating systems (OS) running on these images can be distinguished in four basic categories, namely: Windows Server (14 images), Ubuntu (26 images), CentOS (9 images) and other Linux OSs (21 images, including Slackware, Arch Linux). Keep in mind that Amazon does not use vanilla distributions of these operating systems but modified distributions that match the requirements of virtual machines. Our first observation was that 22 VMs (10 Ubuntu images, 8 other Linux images, 3 Windows Server images and 1 CentOS) were vulnerable through HTTP methods. These VMs had minimum three vulnerabilities that exploit the HTTP protocol. In addition, the virtual machines of the Windows family present many serious problems with the MS RDP (Remote Desktop Protocol) protocol. Specifically, all images running Windows, except for one, were vulnerable to attacks targeting this protocol. These images had minimum four defects coming from this protocol. Another observation, involved virtual machines with obsolete versions of the Apache Server. Regardless of the operation system, such images were vulnerable to numerous attacks like man-in-the-middle, cross-site scripting and SQL injection. This indicates that installing the latest version of the Apache Server software could solve the above problems. In general, as you can see in the figure below, the VMs were vulnerable to different types of critical attacks. Most defects found on the VMs, could lead mostly to man-in-the-middle and denial-of-service attacks. Such attacks could be avoided by configuring SSL (Secure Sockets Layer) protocol settings properly. For example, in many cases there were mistakes in the computers name and some certificates had expired. From the 70 images only 26 turned out to be secure, namely: 8 CentOS VMs, 8 Ubuntu, 8 VMs with other Linux OSs and 2 VMs with the Windows Server OS.
Similar research from Malduzzi et al. also indicates that if you are thinking of using a 3rd party Amazon Web Service image or publishing your own you better think again. If you are interested in reading more about cloud security issues you can have a look on “a survey on security issues in service delivery models of cloud computing” by Subashini et al. and “who can you trust in the cloud?” by C. Roberts II et al. Finally, you can check out this interesting presentation concerning the various security issues of the Dropbox cloud back-up service.