Stratosphere: Finding Vulnerable Cloud Storage Buckets
Published: 6 October 2021
24th International Symposium on Research in Attacks, Intrusions and Defenses ; https://doi.org/10.1145/3471621.3473500
Abstract: Misconfigured cloud storage buckets have leaked hundreds of millions of medical, voter, and customer records. These breaches are due to a combination of easily-guessable bucket names and error-prone security configurations, which, together, allow attackers to easily guess and access sensitive data. In this work, we investigate the security of buckets, finding that prior studies have largely underestimated cloud insecurity by focusing on simple, easy-to-guess names. By leveraging prior work in the password analysis space, we introduce Stratosphere, a system that learns how buckets are named in practice in order to efficiently guess the names of vulnerable buckets. Using Stratosphere, we find wide-spread exploitation of buckets and vulnerable configurations continuing to increase over the years. We conclude with recommendations for operators, researchers, and cloud providers.
Keywords: buckets / cloud / vulnerable / prior / easily / Stratosphere / guess / names / configurations / Storage
Scifeed alert for new publicationsNever miss any articles matching your research from any publisher
- Get alerts for new papers matching your research
- Find out the new papers from selected authors
- Updated daily for 49'000+ journals and 6000+ publishers
- Define your Scifeed now
Click here to see the statistics on "24th International Symposium on Research in Attacks, Intrusions and Defenses" .