Abstract
AbstractInfrastructure as Code is a new approach to computing infrastructure management that allows users to leverage tools such as version control, automatic deployments, and program analysis for infrastructure configurations. This approach allows for faster and more homogeneous configuration of a complete infrastructure. Infrastructure as Code languages, such as CloudFormation or TerraForm, use a declarative model so that users only need to describe the desired state of the infrastructure. However, in practice, these languages are not processed atomically. During an upgrade, the infrastructure goes through a series of intermediate states. We identify a security vulnerability that occurs during an upgrade even when the initial and final states of the infrastructure are secure, and we show that those vulnerability are possible in Amazon’s AWS and Google Cloud. We call such attacks intra-update sniping vulnerabilities. In order to mitigate this shortcoming, we present a technique that detects such vulnerabilities and pinpoints the root causes of insecure deployment migrations. We implement this technique in a tool, Häyhä, that uses dataflow graph analysis. We evaluate our tool on a set of open-source CloudFormation templates and find that it is scalable and could be used as part of a deployment workflow.
Publisher
Springer International Publishing
Reference30 articles.
1. Julian Wood: Building well-architected serverless applications: Controlling serverless API access. AWS Compute Blog, https://aws.amazon.com/blogs/compute/building-well-architected-serverless-applications-controlling-serverless-api-access-part-1/
2. Al-Shaer, E., Marrero, W., El-Atawy, A., ElBadawi, K.: Network configuration in a box: towards end-to-end verification of network reachability and security. In: 2009 17th IEEE International Conference on Network Protocols (2009)
3. Amazon.com Inc: CloudFormation, aws.amazon.com
4. Backes, J., Bolignano, P., Cook, B., Dodge, C., Gacek, A., Luckow, K., Rungta, N., Tkachuk, O., Varming, C.: Semantic-based automated reasoning for AWS access policies using smt. In: 2018 Formal Methods in Computer Aided Design (FMCAD). IEEE (2018)
5. Ball, T., Bjørner, N., Gember, A., Itzhaky, S., Karbyshev, A., Sagiv, M., Schapira, M., Valadarsky, A.: Vericon: towards verifying controller programs in software-defined networks. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (2014)
Cited by
6 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Towards Inter-Service Data Flow Analysis of Serverless Applications;2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER);2024-03-12
2. The role of program analysis in security vulnerability detection: Then and now;Computers & Security;2023-12
3. SoK: Static Configuration Analysis in Infrastructure as Code Scripts;2023 IEEE International Conference on Cyber Security and Resilience (CSR);2023-07-31
4. Control and Data Flow in Security Smell Detection for Infrastructure as Code: Is It Worth the Effort?;2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR);2023-05
5. GLITCH: Automated Polyglot Security Smell Detection in Infrastructure as Code;Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering;2022-10-10