A Novel Framework to Carry Out Cloud Penetration Test

Full Text (PDF, 278KB), PP.1-7

Views: 0 Downloads: 0

Author(s)

Jianbin Hu 1,2,* Yonggang Wang 1,2 Cong Tang 1,2 Zhi Guan 1,2 Fengxian Ren 1,2 Zhong Chen 1,2

1. School of EECS, Peking University, Beijing, China

2. Key Laboratory of High Confidence Software Technologies, Ministry of Education, Beijing, China

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2011.03.01

Received: 10 Sep. 2010 / Revised: 3 Jan. 2011 / Accepted: 15 Feb. 2011 / Published: 8 Apr. 2011

Index Terms

Penetration test, cloud computing, high confidence, framework

Abstract

In current cloud services, users put their data and resources into the cloud so as to enjoy the on-demand high quality applications and services. Different from the conventional services, users in cloud services lose control of their data which is instead manipulated by the large-scale cloud. Therefore, cloud service providers (CSP) guarantee that the cloud which they provide is of high confidence in accuracy and integrity. Traditional penetration test is carried out manually and has low efficiency. In this paper, we propose FPTC, a novel framework of penetration test in cloud environment. In FPTC, there are managers, executors and toolkits. FPTC managers guide FPTC executors to gather information from the cloud environment, generate appropriate testing scenarios, run matched tools in the toolkit and collect test results to do evaluation. The capacity and quality of the toolkit is a key issue in FPTC. We develop a prototype in which FPTC is implemented and the experimental results show that FPTC is helpful to automatically carry out penetration test in cloud environment.

Cite This Paper

Jianbin Hu, Yonggang Wang, Cong Tang, Zhi Guan, Fengxian Ren, Zhong Chen, "A Novel Framework to Carry Out Cloud Penetration Test", International Journal of Computer Network and Information Security(IJCNIS), vol.3, no.3, pp.1-7, 2011. DOI:10.5815/ijcnis.2011.03.01

Reference

[1]“Penetration Test. http://en.wikipedia.org/wiki/Penetration test/.”
[2]C. Cachin, I. Keidar, and A. Shraer, “Trusting the cloud,” SIGACT News, vol. 40, no. 2, pp. 81–86, 2009.
[3]M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz, A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “Above the clouds: A berkeley view of cloud computing,” in EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2009-28., 2009. [Online]. Available: http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.html
[4]A. Haeberlen, P. Kouznetsov, and P. Druschel, “Peerreview: practical accountability for distributed systems,” in SOSP, 2007, pp. 175–188.
[5]A. Haeberlen, I. C. Avramopoulos, J. Rexford, and P. Druschel, “Netreview: Detecting when interdomain routing goes wrong,” in NSDI, 2009, pp. 437–452.
[6]N. Michalakis, R. Soule, and R. Grimm, “Ensuring content integrity for untrusted peer-to-peer content distribution networks,” in NSDI, 2007.
[7]A. R. Yumerefendi and J. S. Chase, “Strong accountability for network storage,” TOS, vol. 3, no. 3, 2007.
[8]L. Lamport, R. Shostak, and M. Pease, “The byzantine generals problem,” ACM Trans. Program. Lang. Syst., vol. 4, no. 3, pp. 382–401, 1982.
[9]M. C. Pease, R. E. Shostak, and L. Lamport, “Reaching agreement in the presence of faults,” J. ACM, vol. 27, no. 2, pp. 228–234, 1980.
[10]L. Lamport, “Using time instead of timeout for faulttolerant distributed systems,” ACM Trans. Program. Lang. Syst., vol. 6, no. 2, pp. 254–280, 1984.
[11]F. B. Schneider, “Implementing fault-tolerant services using the state machine approach: A tutorial,” ACM Comput. Surv., vol. 22, no. 4, pp. 299–319, 1990.
[12]M. Castro and B. Liskov, “Practical byzantine fault tolerance and proactive recovery,” ACM Trans. Comput. Syst., vol. 20, no. 4, pp. 398–461, 2002.
[13]H. V. Ramasamy, A. Agbaria, and W. H. Sanders, “A parsimonious approach for obtaining resource-efficient and trustworthy execution,” IEEE Trans. Dependable Sec. Comput., vol. 4, no. 1, pp. 1–17, 2007.
[14]J. Yin, J.-P. Martin, A. Venkataramani, L. Alvisi, and M. Dahlin, “Separating agreement from execution for byzantine fault tolerant services,” in SOSP, 2003, pp. 253–267.
[15]G. Bracha and S. Toueg, “Asynchronous consensus and broadcast protocols,” J. ACM, vol. 32, no. 4, pp. 824–840, 1985.
[16]A. S. Aiyer, L. Alvisi, A. Clement, M. Dahlin, J.-P. Martin, and C. Porth, “Bar fault tolerance for cooperative services,” in SOSP, 2005, pp. 45–58.
[17]G. Bracha, “Asynchronous byzantine agreement protocols,” Inf. Comput., vol. 75, no. 2, pp. 130–143, 1987.
[18]T. K. Srikanth and S. Toueg, “Simulating authenticated broadcasts to derive simple fault-tolerant algorithms,” Distributed Computing, vol. 2, no. 2, pp. 80–94, 1987.
[19]G. Neiger and S. Toueg, “Automatically increasing the fault-tolerance of distributed systems,” in PODC, 1988, pp. 248–262.
[20]B. A. Coan, “A compiler that increases the fault tolerance of asynchronous protocols,” IEEE Trans. Computers, vol. 37, no. 12, pp. 1541–1553, 1988.
[21]R. A. Bazzi and G. Neiger, “Simplifying fault-tolerance: providing the abstraction of crash failures,” J. ACM, vol. 48, no. 3, pp. 499–554, 2001.
[22]N. Santos, K. P. Gummadi, and R. Rodrigues, “Towards trusted cloud computing,” in HotCloud’09: Proceedings of the 2009 conference on Hot topics in cloud computing. Berkeley, CA, USA: USENIX Association, 2009, pp. 3–3.