Exportar Publicação

A publicação pode ser exportada nos seguintes formatos: referência da APA (American Psychological Association), referência do IEEE (Institute of Electrical and Electronics Engineers), BibTeX e RIS.

Exportar Referência (APA)
Andrei-Cristian, I., Gasiba, T. E., Zhao, T., Lechner, U. & Pinto-Albuquerque, M. (2022). A large-scale study on the security vulnerabilities of cloud deployments. In Wang, G., Choo, K.-K. R., Ko, R. K. L., Xu, Y., and Crispo, B. (Ed.), Ubiquitous Security. UbiSec 2021. Communications in Computer and Information Science. (pp. 171-188). Guangzhou: Springer.
Exportar Referência (IEEE)
I. Andrei-Cristian et al.,  "A large-scale study on the security vulnerabilities of cloud deployments", in Ubiquitous Security. UbiSec 2021. Communications in Computer and Information Science, Wang, G., Choo, K.-K. R., Ko, R. K. L., Xu, Y., and Crispo, B., Ed., Guangzhou, Springer, 2022, vol. 1557, pp. 171-188
Exportar BibTeX
@inproceedings{andrei-cristian2022_1734892700487,
	author = "Andrei-Cristian, I. and Gasiba, T. E. and Zhao, T. and Lechner, U. and Pinto-Albuquerque, M.",
	title = "A large-scale study on the security vulnerabilities of cloud deployments",
	booktitle = "Ubiquitous Security. UbiSec 2021. Communications in Computer and Information Science",
	year = "2022",
	editor = "Wang, G., Choo, K.-K. R., Ko, R. K. L., Xu, Y., and Crispo, B.",
	volume = "1557",
	number = "",
	series = "",
	doi = "10.1007/978-981-19-0468-4_13",
	pages = "171-188",
	publisher = "Springer",
	address = "Guangzhou",
	organization = "",
	url = "https://link.springer.com/book/10.1007/978-981-19-0468-4"
}
Exportar RIS
TY  - CPAPER
TI  - A large-scale study on the security vulnerabilities of cloud deployments
T2  - Ubiquitous Security. UbiSec 2021. Communications in Computer and Information Science
VL  - 1557
AU  - Andrei-Cristian, I.
AU  - Gasiba, T. E.
AU  - Zhao, T.
AU  - Lechner, U.
AU  - Pinto-Albuquerque, M.
PY  - 2022
SP  - 171-188
SN  - 1865-0929
DO  - 10.1007/978-981-19-0468-4_13
CY  - Guangzhou
UR  - https://link.springer.com/book/10.1007/978-981-19-0468-4
AB  - As cloud deployments are becoming ubiquitous, the rapid adoption of this new paradigm may potentially bring additional cyber security issues. It is crucial that practitioners and researchers pose questions about the current state of cloud deployment security. By better understanding existing vulnerabilities, progress towards a more secure cloud can be accelerated. This is of paramount importance especially with more and more critical infrastructures moving to the cloud, where the consequences of a security incident can be significantly broader. This study presents a data-centric approach to security research – by using three static code analysis tools and scraping the internet for publicly available codebases, a footprint of the current state of open-source infrastructure-as-code repositories can be achieved. Out of the scraped 44485 repository links, the study is concentrated on 8256 repositories from the same cloud provider, across which 292538 security violations have been collected. Our contributions consist of: understanding on existing security vulnerabilities of cloud deployments, contributing a list of Top Guidelines for practitioners to follow to securely deploy systems in the cloud, and providing the raw data for further studies.
ER  -