Security Tests of ProtoGENI and Attack Experimentations
We conducted tests and experiments to investigate selected security issues through ProtoGENI. The ProtoGENI has just finished its Spiral 1 time period, which primarily focused on developing control and aggregating functions. Due to the lack of security related functions in the ProtoGENIs initial status, it is necessary to explore the security vulnerabilities of ProtoGENI. We designed a set of security tests to create many slices and slivers to consume ProtoGENIs resources; we also conducted an experiment designed to attack the ProtoGENI user to compromise the users local machine. Our results showed that certain vulnerabilities exist in the current ProtoGENI testbed. First, available ProtoGENI nodes and links can be assigned to the hackers requests, which can make nodes and links unavailable to normal users. Second, we showed how a hacker could successfully steal the ProtoGENI users credentials and pretended to be the real user to access the ProtoGENI. Finally, we conducted experiments to scan ports of nodes from both inside and outside of the ProtoGENIs nodes.
Security Attacks GENl ProtoGENI
Jingcheng Gao Yang Xiao Sneha Rao Fnu Shalini
Department of Computer Science, The University of Alabama, Tuscaloosa, AL 35487-0290 USA
国际会议
2011 International Conference on Security Science and Technology(ICSST 2011) (2011年安全科学与技术国际会议)
重庆
英文
186-190
2011-01-21(万方平台首次上网日期,不代表论文的发表时间)