pith. sign in

arxiv: 1404.2637 · v1 · pith:HEBPHV2Enew · submitted 2014-04-09 · 💻 cs.NI · cs.CR

Bypassing Cloud Providers' Data Validation to Store Arbitrary Data

classification 💻 cs.NI cs.CR
keywords datavalidationcloudapplicationarbitraryprocessprocessesproviders
0
0 comments X
read the original abstract

A fundamental Software-as-a-Service (SaaS) characteristic in Cloud Computing is to be application-specific; depending on the application, Cloud Providers (CPs) restrict data formats and attributes allowed into their servers via a data validation process. An ill-defined data validation process may directly impact both security (e.g. application failure, legal issues) and accounting and charging (e.g. trusting metadata in file headers). Therefore, this paper investigates, evaluates (by means of tests), and discusses data validation processes of popular CPs. A proof of concept system was thus built, implementing encoders carefully crafted to circumvent data validation processes, ultimately demonstrating how large amounts of unaccounted, arbitrary data can be stored into CPs.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.