pith. sign in

arxiv: 1301.1912 · v1 · pith:MHWTJQ3Ynew · submitted 2013-01-09 · 💻 cs.CR · cs.SE

Cloud Penetration Testing

classification 💻 cs.CR cs.SE
keywords openstackcloudpenetrationadministrativecommandgainperformedprotocol
0
0 comments X
read the original abstract

This paper presents the results of a series of penetration tests performed on the OpenStack Essex Cloud Management Software. Several different types of penetration tests were performed including network protocol and command line fuzzing, session hijacking and credential theft. Using these techniques exploitable vulnerabilities were discovered that could enable an attacker to gain access to restricted information contained on the OpenStack server, or to gain full administrative privileges on the server. Key recommendations to address these vulnerabilities are to use a secure protocol, such as HTTPS, for communications between a cloud user and the OpenStack Horizon Dashboard, to encrypt all files that store user or administrative login credentials, and to correct a software bug found in the OpenStack Cinder typedelete command.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.