3. Introduction
Research funded by Fulton Undergraduate Research
Initiative (FURI).
Co-Author: Dr. Partha Dasgupta.
Purpose of research is bring to attention, existent
vulnerabilities in Software as a Service layer of cloud
computing.
4. Cloud Computing Overview
Cloud Computing architecture is
divided into three layers:
Infrastructure as a Service (IaaS)
Platform as a Service (Paas)
Software as a Service (SaaS)
http://lh6.ggpht.com/-t0mXLnfOQnM/ThMyEzI34LI/AAAAAAAAALU/6OLqERfVAu8/cloud-delivery-
models_thumb%25255B4%25255D.png
5. Cloud Computing Models
Most common cloud computing models:
Public Cloud
Private Cloud
Hybrid Cloud
7. Research
Two main points of entry into SaaS layer:
User Point of Entry
o Most common point of attack in a SaaS model
Provider Point of Entry
An example query that exploits the vulnerability in most database
servers like PostgresSQL and MySQL, which will grant the
attacker administrator privileges could be:
<?php
// $uid: ' or uid like '%admin%
$query = "UPDATE usertable SET pwd='...' WHERE uid='' or uid like '%a
dmin%';";
// $pwd: hehehe', trusted=100, admin='yes
$query = "UPDATE usertable SET pwd='hehehe', trusted=100, admin='yes'
WHERE
...;";
?>
8. Research
To connect to the uploaded SaaS application, user will
have to use a client/user portal which uses a web
service interface that is vulnerable to a variety of
attacks, some of which include:
Buffer Overflow Cross Site Scripting
SQL Injection Denial of Service
9. Result
w
The most common •Denial of Service
Availability •Account lockout
attacks associated with •Buffer-over-flo
SaaS model in a public •Cross-site scrip ng
cloud infrastructure. Data Security •Access control weakness
•Privilege escala on
They are divided into the •Network Penetra on
Network Security •Session Hijacking
following four groups: •Data Packet Intercep on
Iden ty Management •Authen ca on Weakness
•Insecure Trust
SaaS (Software as a Service) vulnerabilities
10. Discussion
Zero-Day Vulnerability Found in McAfee’s SaaS Products (
April 2011)
Attacker can execute arbitrary code by exploiting the flaw if
victim visits a malicious page or open the file.
Common Vulnerability Scoring System score it to be 9 out of 10
maximum.
Method will accept commands that are passed to a function that
simply executes them without authentication.
McAfee SaaS includes:
Email Protection (Protection against viruses and spam)
McAfee Integrated Suites (Protection against viruses, web
threats, etc…)
Patch released in August 2011.
http://news.softpedia.com/news/Zero-Day-Vulnerability-Found-in-McAfee-s-SaaS-Products-247051.shtml
11. Conclusion
Two main points of entry into SaaS layer:
User Point of Entry
o Most common point of attack in a SaaS model
Provider Point of Entry
w
•Denial of Service
Availability •Account lockout
•Buffer-over-flo
•Cross-site scrip ng
Data Security •Access control weakness
•Privilege escala on
•Network Penetra on
Network Security •Session Hijacking
•Data Packet Intercep on
Iden ty Management •Authen ca on Weakness
•Insecure Trust
SaaS (Software as a Service) vulnerabilities
12. Future Work
Next approach is to design test cases of a security breach
common to the SaaS structure including the web-services
involved.
Propose a suitable solution for how to minimize the intensity of the
penetration attack.
Document resultant effects and extent of the exploit and compare
with other research projects/paper results.
Document and explore the extent to which data can be exploited.
Distribution model in which the applications are hosted by the vendor and made available to the customer over a network either through a web or mobile interface.
To change the admin's password: '%admin% to $uid Or Simply sets: $pwd to hehehe', trusted=100, admin='yes