Sign In

Communications of the ACM

ACM TechNews

Cloud Computing: Gaps in the 'cloud'


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
cloud computing image

Credit: WATBlog.com

Ruhr-University Bochum (RUB) researchers discovered a massive security gap at Amazon Cloud Services and presented their findings at the recent ACM Cloud Computing Security Workshop in Chicago.

"Based on our research results, Amazon confirmed the security gaps and closed them immediately," says RUB professor Jorg Schwenk. The researchers used various XML signature wrapping attacks to completely take over the administrative rights of cloud customers, according to RUB researcher Juraj Somorovsky.

Many cloud systems could be susceptible to signature wrapping attacks because the relevant service standards make performance and security incompatible, according to the RUB researchers.

"We are working on a high-performance solution, however, that no longer has any of the known security gaps," Schwenk says. The researchers also found gaps in the Amazon Web Services interface and in the Amazon shop.

From Ruhr-University Bochum (Germany)
View Full Article

Abstracts Copyright © 2011 Information Inc. External Link, Bethesda, Maryland, USA 


 

No entries found