1. Repositório do Iscte – Instituto Universitário de Lisboa
  2. Escola de Tecnologias e Arquitetura
  3. ISTAR-Iscte - Information Sciences and Technologies and Architecture Research Center
  4. ISTAR-CRI - Comunicações a conferências internacionais
Utilize este identificador para referenciar este registo: http://hdl.handle.net/10071/27228
Autoria: Andrei-Cristian, I.
Gasiba, T. E.
Zhao, T.
Lechner, U.
Pinto-Albuquerque, M.
Editor: Wang, G., Choo, K.-K. R., Ko, R. K. L., Xu, Y., and Crispo, B.
Data: 2022
Título próprio: A large-scale study on the security vulnerabilities of cloud deployments
Volume: 1557
Título e volume do livro: Ubiquitous Security. UbiSec 2021. Communications in Computer and Information Science
Paginação: 171 - 188
Título do evento: 1st International Conference on Ubiquitous Security, UbiSec 2021
Referência bibliográfica: Iosif, A. C., Gasiba, T. E., Zhao, T., Lechner, U., & Pinto-Albuquerque, M. (2022). A large-scale study on the security vulnerabilities of cloud deployments. Em: G. Wang, K. K. R. Choo, R. K. L. Ko, Y. Xu, B. Crispo (Eds.). Ubiquitous Security. UbiSec 2021. Communications in Computer and Information Science, vol. 1557 (pp. 171-188). Springer. https://doi.org/10.1007/978-981-19-0468-4_13
ISSN: 1865-0929
ISBN: 978-981-19-0468-4
DOI (Digital Object Identifier): 10.1007/978-981-19-0468-4_13
Palavras-chave: Cloud
Security
Industry
Critical infrastructures
Awareness
Infrastructure as code
Terraform
Secure coding
Resumo: As cloud deployments are becoming ubiquitous, the rapid adoption of this new paradigm may potentially bring additional cyber security issues. It is crucial that practitioners and researchers pose questions about the current state of cloud deployment security. By better understanding existing vulnerabilities, progress towards a more secure cloud can be accelerated. This is of paramount importance especially with more and more critical infrastructures moving to the cloud, where the consequences of a security incident can be significantly broader. This study presents a data-centric approach to security research – by using three static code analysis tools and scraping the internet for publicly available codebases, a footprint of the current state of open-source infrastructure-as-code repositories can be achieved. Out of the scraped 44485 repository links, the study is concentrated on 8256 repositories from the same cloud provider, across which 292538 security violations have been collected. Our contributions consist of: understanding on existing security vulnerabilities of cloud deployments, contributing a list of Top Guidelines for practitioners to follow to securely deploy systems in the cloud, and providing the raw data for further studies.
Arbitragem científica: yes
Acesso: Acesso Aberto
Aparece nas coleções:ISTAR-CRI - Comunicações a conferências internacionais

Ficheiros deste registo:
Ficheiro TamanhoFormato 
conferenceObject_89353.pdf417,98 kBAdobe PDFVer/Abrir
Mostrar registo em formato completo Visualizar estatísticas


FacebookTwitterDeliciousLinkedInDiggGoogle BookmarksMySpaceOrkut
Formato BibTex mendeley Endnote Logotipo do DeGóis Logotipo do Orcid 

Todos os registos no repositório estão protegidos por leis de copyright, com todos os direitos reservados.