UZH-Logo

Maintenance Infos

Bypassing cloud providers data validation to store arbitrary data


Machado, Guilherme Sperb; Hecht, Fabio; Waldburger, Martin; Stiller, Burkhard (2013). Bypassing cloud providers data validation to store arbitrary data. In: IFIP/IEEE Integrated Network Management Symposium (IM 2013), Ghent, Belgium, 27 May 2013 - 31 May 2013, 1-8.

Abstract

A fundamental Software-as-a-Service (SaaS) characteristic in Cloud Computing is to be application-specific; depending on the application, Cloud Providers (CPs) restrict data formats and attributes allowed into their servers via a data validation process. An ill-defined data validation process may directly impact both security (e.g. application failure, legal issues) and accounting and charging (e.g. trusting metadata in file headers). Therefore, this paper investigates, evaluates (by means of tests), and discusses data validation processes of popular CPs. A proof of concept system was thus built, implementing encoders carefully crafted to circumvent data validation processes, ultimately demonstrating how large amounts of unaccounted, arbitrary data can be stored into CPs.

A fundamental Software-as-a-Service (SaaS) characteristic in Cloud Computing is to be application-specific; depending on the application, Cloud Providers (CPs) restrict data formats and attributes allowed into their servers via a data validation process. An ill-defined data validation process may directly impact both security (e.g. application failure, legal issues) and accounting and charging (e.g. trusting metadata in file headers). Therefore, this paper investigates, evaluates (by means of tests), and discusses data validation processes of popular CPs. A proof of concept system was thus built, implementing encoders carefully crafted to circumvent data validation processes, ultimately demonstrating how large amounts of unaccounted, arbitrary data can be stored into CPs.

Altmetrics

Downloads

67 downloads since deposited on 29 Jan 2014
45 downloads since 12 months
Detailed statistics

Additional indexing

Item Type:Conference or Workshop Item (Paper), refereed, original work
Communities & Collections:03 Faculty of Economics > Department of Informatics
Dewey Decimal Classification:000 Computer science, knowledge & systems
Language:English
Event End Date:31 May 2013
Deposited On:29 Jan 2014 07:23
Last Modified:05 Apr 2016 17:26
Publisher:IEEE
ISBN:978-1-4673-5229-1
Additional Information:© 2013 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Free access at:Official URL. An embargo period may apply.
Official URL:http://publication.pics.mu/papers/CloudTests_IM2013_camera_ready_final.pdf
Related URLs:http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6572963
Other Identification Number:merlin-id:8973
Permanent URL: https://doi.org/10.5167/uzh-89242

Download

[img]
Preview
Content: Accepted Version
Filetype: PDF
Size: 103kB

TrendTerms

TrendTerms displays relevant terms of the abstract of this publication and related documents on a map. The terms and their relations were extracted from ZORA using word statistics. Their timelines are taken from ZORA as well. The bubble size of a term is proportional to the number of documents where the term occurs. Red, orange, yellow and green colors are used for terms that occur in the current document; red indicates high interlinkedness of a term with other terms, orange, yellow and green decreasing interlinkedness. Blue is used for terms that have a relation with the terms in this document, but occur in other documents.
You can navigate and zoom the map. Mouse-hovering a term displays its timeline, clicking it yields the associated documents.

Author Collaborations