The paper follows by describing the practical attacks on Amazon EC2 and on Eucalyptus specifying attack vectors and consequence of the designed attacks. Finally, the paper describes some countermeasures for the described attacks. The most important lesson learned from their analysis is that managing and maintaining the security of a cloud control system and interface is one of the most critical challenges for cloud system providers worldwide.
My personal opinion is that of course they did a pretty nice job with the vulnerability analysis even if they clearly did not use a specific “bug hunting” methodology. It would be quite interesting, at least to me, mapping what they found and the way they discovered it to the current penetration testing methodologies to see what kind of correlation is there. Such a great work without any contribution to the current methodologies might be “end to itself”, like a single attacker that has experimented a vulnerability to a big system and finally found it.
One thought on “ Amazon and Eucalyptus hacked. ”
Hello, was wondering if you would be willing to place a link on your site/blog to my blog in exchange for a contribution?? Or donation. Please contact me if your interested and we can work out a month to month plan of some sort.