Cargando…
Analyzing Infrastructure as Code to Prevent Intra-update Sniping Vulnerabilities
Infrastructure as Code is a new approach to computing infrastructure management that allows users to leverage tools such as version control, automatic deployments, and program analysis for infrastructure configurations. This approach allows for faster and more homogeneous configuration of a complete...
| Autores principales: | , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
2021
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7984555/ http://dx.doi.org/10.1007/978-3-030-72013-1_6 |
| _version_ | 1783668090168410112 |
|---|---|
| author | Lepiller, Julien Piskac, Ruzica Schäf, Martin Santolucito, Mark |
| author_facet | Lepiller, Julien Piskac, Ruzica Schäf, Martin Santolucito, Mark |
| author_sort | Lepiller, Julien |
| collection | PubMed |
| description | Infrastructure as Code is a new approach to computing infrastructure management that allows users to leverage tools such as version control, automatic deployments, and program analysis for infrastructure configurations. This approach allows for faster and more homogeneous configuration of a complete infrastructure. Infrastructure as Code languages, such as CloudFormation or TerraForm, use a declarative model so that users only need to describe the desired state of the infrastructure. However, in practice, these languages are not processed atomically. During an upgrade, the infrastructure goes through a series of intermediate states. We identify a security vulnerability that occurs during an upgrade even when the initial and final states of the infrastructure are secure, and we show that those vulnerability are possible in Amazon’s AWS and Google Cloud. We call such attacks intra-update sniping vulnerabilities. In order to mitigate this shortcoming, we present a technique that detects such vulnerabilities and pinpoints the root causes of insecure deployment migrations. We implement this technique in a tool, Häyhä, that uses dataflow graph analysis. We evaluate our tool on a set of open-source CloudFormation templates and find that it is scalable and could be used as part of a deployment workflow. |
| format | Online Article Text |
| id | pubmed-7984555 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2021 |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-79845552021-03-23 Analyzing Infrastructure as Code to Prevent Intra-update Sniping Vulnerabilities Lepiller, Julien Piskac, Ruzica Schäf, Martin Santolucito, Mark Tools and Algorithms for the Construction and Analysis of Systems Article Infrastructure as Code is a new approach to computing infrastructure management that allows users to leverage tools such as version control, automatic deployments, and program analysis for infrastructure configurations. This approach allows for faster and more homogeneous configuration of a complete infrastructure. Infrastructure as Code languages, such as CloudFormation or TerraForm, use a declarative model so that users only need to describe the desired state of the infrastructure. However, in practice, these languages are not processed atomically. During an upgrade, the infrastructure goes through a series of intermediate states. We identify a security vulnerability that occurs during an upgrade even when the initial and final states of the infrastructure are secure, and we show that those vulnerability are possible in Amazon’s AWS and Google Cloud. We call such attacks intra-update sniping vulnerabilities. In order to mitigate this shortcoming, we present a technique that detects such vulnerabilities and pinpoints the root causes of insecure deployment migrations. We implement this technique in a tool, Häyhä, that uses dataflow graph analysis. We evaluate our tool on a set of open-source CloudFormation templates and find that it is scalable and could be used as part of a deployment workflow. 2021-02-26 /pmc/articles/PMC7984555/ http://dx.doi.org/10.1007/978-3-030-72013-1_6 Text en © The Author(s) 2021 Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made. The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. |
| spellingShingle | Article Lepiller, Julien Piskac, Ruzica Schäf, Martin Santolucito, Mark Analyzing Infrastructure as Code to Prevent Intra-update Sniping Vulnerabilities |
| title | Analyzing Infrastructure as Code to Prevent Intra-update Sniping Vulnerabilities |
| title_full | Analyzing Infrastructure as Code to Prevent Intra-update Sniping Vulnerabilities |
| title_fullStr | Analyzing Infrastructure as Code to Prevent Intra-update Sniping Vulnerabilities |
| title_full_unstemmed | Analyzing Infrastructure as Code to Prevent Intra-update Sniping Vulnerabilities |
| title_short | Analyzing Infrastructure as Code to Prevent Intra-update Sniping Vulnerabilities |
| title_sort | analyzing infrastructure as code to prevent intra-update sniping vulnerabilities |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7984555/ http://dx.doi.org/10.1007/978-3-030-72013-1_6 |
| work_keys_str_mv | AT lepillerjulien analyzinginfrastructureascodetopreventintraupdatesnipingvulnerabilities AT piskacruzica analyzinginfrastructureascodetopreventintraupdatesnipingvulnerabilities AT schafmartin analyzinginfrastructureascodetopreventintraupdatesnipingvulnerabilities AT santolucitomark analyzinginfrastructureascodetopreventintraupdatesnipingvulnerabilities |