A large-scale study on the security vulnerabilities of cloud deployments

Detalhes bibliográficos
Autor(a) principal: Andrei-Cristian, I.
Data de Publicação: 2022
Outros Autores: Gasiba, T. E., Zhao, T., Lechner, U., Pinto-Albuquerque, M.
Idioma: eng
Título da fonte: Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Texto Completo: http://hdl.handle.net/10071/27228
Resumo: As cloud deployments are becoming ubiquitous, the rapid adoption of this new paradigm may potentially bring additional cyber security issues. It is crucial that practitioners and researchers pose questions about the current state of cloud deployment security. By better understanding existing vulnerabilities, progress towards a more secure cloud can be accelerated. This is of paramount importance especially with more and more critical infrastructures moving to the cloud, where the consequences of a security incident can be significantly broader. This study presents a data-centric approach to security research – by using three static code analysis tools and scraping the internet for publicly available codebases, a footprint of the current state of open-source infrastructure-as-code repositories can be achieved. Out of the scraped 44485 repository links, the study is concentrated on 8256 repositories from the same cloud provider, across which 292538 security violations have been collected. Our contributions consist of: understanding on existing security vulnerabilities of cloud deployments, contributing a list of Top Guidelines for practitioners to follow to securely deploy systems in the cloud, and providing the raw data for further studies.
id RCAP_cfafa9cc06fe3bcde193201e19858ca2
oai_identifier_str oai:repositorio.iscte-iul.pt:10071/27228
network_acronym_str RCAP
network_name_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str https://opendoar.ac.uk/repository/7160
spelling A large-scale study on the security vulnerabilities of cloud deploymentsCloudSecurityIndustryCritical infrastructuresAwarenessInfrastructure as codeTerraformSecure codingAs cloud deployments are becoming ubiquitous, the rapid adoption of this new paradigm may potentially bring additional cyber security issues. It is crucial that practitioners and researchers pose questions about the current state of cloud deployment security. By better understanding existing vulnerabilities, progress towards a more secure cloud can be accelerated. This is of paramount importance especially with more and more critical infrastructures moving to the cloud, where the consequences of a security incident can be significantly broader. This study presents a data-centric approach to security research – by using three static code analysis tools and scraping the internet for publicly available codebases, a footprint of the current state of open-source infrastructure-as-code repositories can be achieved. Out of the scraped 44485 repository links, the study is concentrated on 8256 repositories from the same cloud provider, across which 292538 security violations have been collected. Our contributions consist of: understanding on existing security vulnerabilities of cloud deployments, contributing a list of Top Guidelines for practitioners to follow to securely deploy systems in the cloud, and providing the raw data for further studies.Springer2023-01-14T22:41:51Z2022-01-01T00:00:00Z20222023-01-14T22:40:54Zconference objectinfo:eu-repo/semantics/publishedVersionapplication/pdfhttp://hdl.handle.net/10071/27228eng978-981-19-0468-41865-092910.1007/978-981-19-0468-4_13Andrei-Cristian, I.Gasiba, T. E.Zhao, T.Lechner, U.Pinto-Albuquerque, M.info:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2024-07-07T02:55:17Zoai:repositorio.iscte-iul.pt:10071/27228Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-28T18:10:40.519343Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv A large-scale study on the security vulnerabilities of cloud deployments
title A large-scale study on the security vulnerabilities of cloud deployments
spellingShingle A large-scale study on the security vulnerabilities of cloud deployments
Andrei-Cristian, I.
Cloud
Security
Industry
Critical infrastructures
Awareness
Infrastructure as code
Terraform
Secure coding
title_short A large-scale study on the security vulnerabilities of cloud deployments
title_full A large-scale study on the security vulnerabilities of cloud deployments
title_fullStr A large-scale study on the security vulnerabilities of cloud deployments
title_full_unstemmed A large-scale study on the security vulnerabilities of cloud deployments
title_sort A large-scale study on the security vulnerabilities of cloud deployments
author Andrei-Cristian, I.
author_facet Andrei-Cristian, I.
Gasiba, T. E.
Zhao, T.
Lechner, U.
Pinto-Albuquerque, M.
author_role author
author2 Gasiba, T. E.
Zhao, T.
Lechner, U.
Pinto-Albuquerque, M.
author2_role author
author
author
author
dc.contributor.author.fl_str_mv Andrei-Cristian, I.
Gasiba, T. E.
Zhao, T.
Lechner, U.
Pinto-Albuquerque, M.
dc.subject.por.fl_str_mv Cloud
Security
Industry
Critical infrastructures
Awareness
Infrastructure as code
Terraform
Secure coding
topic Cloud
Security
Industry
Critical infrastructures
Awareness
Infrastructure as code
Terraform
Secure coding
description As cloud deployments are becoming ubiquitous, the rapid adoption of this new paradigm may potentially bring additional cyber security issues. It is crucial that practitioners and researchers pose questions about the current state of cloud deployment security. By better understanding existing vulnerabilities, progress towards a more secure cloud can be accelerated. This is of paramount importance especially with more and more critical infrastructures moving to the cloud, where the consequences of a security incident can be significantly broader. This study presents a data-centric approach to security research – by using three static code analysis tools and scraping the internet for publicly available codebases, a footprint of the current state of open-source infrastructure-as-code repositories can be achieved. Out of the scraped 44485 repository links, the study is concentrated on 8256 repositories from the same cloud provider, across which 292538 security violations have been collected. Our contributions consist of: understanding on existing security vulnerabilities of cloud deployments, contributing a list of Top Guidelines for practitioners to follow to securely deploy systems in the cloud, and providing the raw data for further studies.
publishDate 2022
dc.date.none.fl_str_mv 2022-01-01T00:00:00Z
2022
2023-01-14T22:41:51Z
2023-01-14T22:40:54Z
dc.type.driver.fl_str_mv conference object
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10071/27228
url http://hdl.handle.net/10071/27228
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 978-981-19-0468-4
1865-0929
10.1007/978-981-19-0468-4_13
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Springer
publisher.none.fl_str_mv Springer
dc.source.none.fl_str_mv reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron:RCAAP
instname_str FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str RCAAP
institution RCAAP
reponame_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv info@rcaap.pt
_version_ 1833597237846867968

Registros relacionados