Ruhr-University Bochum (RUB) researchers discovered a massive security gap at Amazon Cloud Services and presented their findings at the recent ACM Cloud Computing Security Workshop in Chicago.
"Based on our research results, Amazon confirmed the security gaps and closed them immediately," says RUB professor Jorg Schwenk. The researchers used various XML signature wrapping attacks to completely take over the administrative rights of cloud customers, according to RUB researcher Juraj Somorovsky.
Many cloud systems could be susceptible to signature wrapping attacks because the relevant service standards make performance and security incompatible, according to the RUB researchers.
"We are working on a high-performance solution, however, that no longer has any of the known security gaps," Schwenk says. The researchers also found gaps in the Amazon Web Services interface and in the Amazon shop.
From Ruhr-University Bochum (Germany)
View Full Article
Abstracts Copyright © 2011 Information Inc. , Bethesda, Maryland, USA