A Novel Framework to Carry Out Cloud Penetration Test

in current cloud services, users put their data and resources into the cloud so as to enjoy the on-demand high quality applications and services. Different from the conventional services, users in cloud services lose control of their data which is instead manipulated by the large-scale cloud. Therefore, cloud service providers (CSP) guarantee that the cloud which they provide is of high confidence in accuracy and integrity. Traditional penetration test is carried out manually and has low efficiency. In this paper, we propose FPTC, a novel framework of penetration test in cloud environment. In FPTC, there are managers, executors and toolkits. FPTC managers guide FPTC executors to gather information from the cloud environment, generate appropriate testing scenarios, run matched tools in the toolkit and collect test results to do evaluation. The capacity and quality of the toolkit is a key issue in FPTC. We develop a prototype in which FPTC is implemented and the experimental results show that FPTC is helpful to automatically carry out penetration test in cloud environment.

[1]  William H. Sanders,et al.  A Parsimonious Approach for Obtaining Resource-Efficient and Trustworthy Execution , 2007, IEEE Transactions on Dependable and Secure Computing.

[2]  Krishna P. Gummadi,et al.  Towards Trusted Cloud Computing , 2009, HotCloud.

[3]  Andreas Haeberlen,et al.  PeerReview: practical accountability for distributed systems , 2007, SOSP.

[4]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[5]  Brian A. Coan,et al.  A Compiler that Increases the Fault Tolerance of Asynchronous Protocols , 1988, IEEE Trans. Computers.

[6]  Robert Grimm,et al.  Ensuring Content Integrity for Untrusted Peer-to-Peer Content Distribution Networks , 2007, NSDI.

[7]  Rida A. Bazzi,et al.  Simplifying fault-tolerance: providing the abstraction of crash failures , 2001, JACM.

[8]  Michael Dahlin,et al.  BAR fault tolerance for cooperative services , 2005, SOSP '05.

[9]  Arun Venkataramani,et al.  Separating agreement from execution for byzantine fault tolerant services , 2003, SOSP '03.

[10]  Gabriel Bracha,et al.  Asynchronous Byzantine Agreement Protocols , 1987, Inf. Comput..

[11]  Sam Toueg,et al.  Simulating authenticated broadcasts to derive simple fault-tolerant algorithms , 1987, Distributed Computing.

[12]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[13]  Leslie Lamport,et al.  Using Time Instead of Timeout for Fault-Tolerant Distributed Systems. , 1984, TOPL.

[14]  Gil Neiger,et al.  Automatically increasing the fault-tolerance of distributed systems , 1988, PODC '88.

[15]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[16]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[17]  Andreas Haeberlen,et al.  NetReview: Detecting When Interdomain Routing Goes Wrong , 2009, NSDI.

[18]  Sam Toueg,et al.  Asynchronous consensus and broadcast protocols , 1985, JACM.

[19]  Jeffrey S. Chase,et al.  Strong accountability for network storage , 2007, TOS.

[20]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[21]  Idit Keidar,et al.  Trusting the cloud , 2009, SIGA.