绕过云提供商的数据验证来存储任意数据

2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013) Pub Date : 2013-05-27 DOI:10.5167/UZH-89242

Guilherme Sperb Machado, F. Hecht, M. Waldburger, B. Stiller

{"title":"绕过云提供商的数据验证来存储任意数据","authors":"Guilherme Sperb Machado, F. Hecht, M. Waldburger, B. Stiller","doi":"10.5167/UZH-89242","DOIUrl":null,"url":null,"abstract":"A fundamental Software-as-a-Service (SaaS) characteristic in Cloud Computing is to be application-specific; depending on the application, Cloud Providers (CPs) restrict data formats and attributes allowed into their servers via a data validation process. An ill-defined data validation process may directly impact both security (e.g. application failure, legal issues) and accounting and charging (e.g. trusting metadata in file headers). Therefore, this paper investigates, evaluates (by means of tests), and discusses data validation processes of popular CPs. A proof of concept system was thus built, implementing encoders carefully crafted to circumvent data validation processes, ultimately demonstrating how large amounts of unaccounted, arbitrary data can be stored into CPs.","PeriodicalId":285812,"journal":{"name":"2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013)","volume":"273 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Bypassing Cloud Providers' data validation to store arbitrary data\",\"authors\":\"Guilherme Sperb Machado, F. Hecht, M. Waldburger, B. Stiller\",\"doi\":\"10.5167/UZH-89242\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A fundamental Software-as-a-Service (SaaS) characteristic in Cloud Computing is to be application-specific; depending on the application, Cloud Providers (CPs) restrict data formats and attributes allowed into their servers via a data validation process. An ill-defined data validation process may directly impact both security (e.g. application failure, legal issues) and accounting and charging (e.g. trusting metadata in file headers). Therefore, this paper investigates, evaluates (by means of tests), and discusses data validation processes of popular CPs. A proof of concept system was thus built, implementing encoders carefully crafted to circumvent data validation processes, ultimately demonstrating how large amounts of unaccounted, arbitrary data can be stored into CPs.\",\"PeriodicalId\":285812,\"journal\":{\"name\":\"2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013)\",\"volume\":\"273 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-05-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.5167/UZH-89242\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5167/UZH-89242","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

云计算中软件即服务(SaaS)的一个基本特征是特定于应用程序;根据应用程序，云提供商(CPs)通过数据验证过程限制允许进入其服务器的数据格式和属性。定义不清的数据验证过程可能直接影响安全性(例如应用程序失败、法律问题)和会计和收费(例如信任文件头中的元数据)。因此，本文调查，评估(通过测试的方式)，并讨论了流行的CPs的数据验证过程。因此，建立了一个概念验证系统，实现了精心设计的编码器，以绕过数据验证过程，最终演示了如何将大量未计算的任意数据存储到cp中。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Bypassing Cloud Providers' data validation to store arbitrary data

A fundamental Software-as-a-Service (SaaS) characteristic in Cloud Computing is to be application-specific; depending on the application, Cloud Providers (CPs) restrict data formats and attributes allowed into their servers via a data validation process. An ill-defined data validation process may directly impact both security (e.g. application failure, legal issues) and accounting and charging (e.g. trusting metadata in file headers). Therefore, this paper investigates, evaluates (by means of tests), and discusses data validation processes of popular CPs. A proof of concept system was thus built, implementing encoders carefully crafted to circumvent data validation processes, ultimately demonstrating how large amounts of unaccounted, arbitrary data can be stored into CPs.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013)

自引率

0.00%

发文量

期刊最新文献

Differentiating data collection for cloud environment monitoring Video quality monitoring based on precomputed frame distortions Bypassing Cloud Providers' data validation to store arbitrary data Diagnosis of stochastic discrete event systems based on N-gram models with wildcard characters Dynamic SLA management with forecasting using multi-objective optimization