International Journal of Scientific & Engineering Research, Volume 6, Issue 4, April-2015 1854 ISSN 2229-5518 A Security Analysis of Amazon’s Elastic Compute Cloud Service Mr. N NIRANJAN RAO, Mr SREERAG P.S, Mr. SHRIHARI M.R Abstract— Cloud services such as Amazon’s Elastic Compute Cloud and IBM’s SmartCloud are quickly changing the way organiza- tions are dealing with IT infrastructures and are providing online services. Today, if an organization needs computing power, it can simply buy it online by instantiating a virtual server image on the cloud. Servers can be quickly launched and shut down via application programming interfaces, of- fering the user a greater flexibility compared to traditional server rooms. A popular approach in cloud-based services is to allow users to create and share virtual images with other users. In addition to these user-shared images, the cloud providers also often provide virtual images that have been pre-configured with popular software such as open source databases and web serv- ers.This paper explores the general security risks associated with using virtual server images from the public cata- logs of cloud service providers. In particular, we investigate in detail the security problems of public images that are avail- able on the Amazon EC2 service. We describe the design and implementation of an automated system that we used to instantiate and analyze the security of public AMIs on the Amazon EC2 platform, and provide detailed de- scriptions of the security tests that we performed on each image. Our findings demonstrate that both the users and the providers of public AMIs may be vulnerable to security risks such as unauthorized access, malware infections, and loss of sensi- tive information. The Amazon Web Services Security Team has acknowledged our findings, and has already taken steps to properly address all the security risks we present in this paper. Index Terms— Cloud Computing, Elastic Compute Cloud Service, Security, AMI, Amazon. —————————— —————————— 1 INTRODUCTION Cloud computing has changed the view on IT as a pre- servers, without the hassle of installing new software paid asset to a pay-as-you-go service. Several com- them- selves.Unfortunately, while the trust model be- panies such as AmazonIJSER Elastic Compute Cloud [7] tween the cloud user and the cloud provider is well- (EC2), Rackspace[9], IBM SmartCloud [12], Joyent Smart defined (i.e., the user can assume that cloud providers Data Center [14] or Ter- remark vCloud [10] are offering such as Amazon and Mi- crosoft are not malicious), the access to virtualized servers in their data centers on an trust relationship between the provider of the virtual hourly basis. Servers can be quickly launched and shut image and the cloud user is not as clear. In this paper, down via application program- ming interfaces, offer- we explore the general security risks asso- ciated ing the user a greater flexibility com- pared to tradi- with the use of virtual server images from the public tional server rooms. This paradigm shift is changing catalogs of a cloud service provider. In particular, we the existing IT infrastructures of organizations, al- low- fo- cus our investigation to the security problems of ing smaller companies that cannot afford a large infras- the public images available on the Amazon EC2 ser- tructure to create and maintain online services with vice. Over several months, we instantiated and ana- ease. lyzed over five thousands Linux and Windows images A popular approach in cloud-based services is to al- provided by the Amazon cata- log, checking for a low users to create and share virtual images with wide-range of security problems such as the prevalence other users. For example, a user who has created a of malware, the quantity of sensitive data left on such legacy Linux De- bian Sarge image may decide to images, and the privacy risks of sharing an image on make this image public so that other users can easily the cloud. In particular, we identified three main reuse it. In addition to user- shared images, the cloud threats related, re- spectively, to: 1) secure the image service provider may also provide customized public against external attacks, secure the image against a ma- images based on common needs of their customers licious image provider Sanitize the image to prevent (e.g., an Ubuntu web server image that has been pre- users from extracting and abusing private information configured with MySQL, PHP and an Apache). This left on the disk by the image provider. allows the customers to simply instantiate and startnew IJSER © 2015 http://www.ijser.org 1855 INTERNATIONAL JOURNAL OF SCIENTIFIC & ENGINEERING RESEARCH, VOLUME 6, ISSUE 4, APRIL-2015 ISSN 2229-5518 2) For example, in our experiments we identified report on the information campaigns that many images in which a user can use standard tools they have started. to un- delete files from the filesystem, and recover 1 Overview of Amazon EC2 important doc- uments including credentials and private keys. The Amazon Elastic Compute Cloud (EC2) is an Although public cloud server images are highly Infrastructure- as-a-Service cloud provider where useful for organizations, if users are not properly users can rent virtualized trained, the risk as- sociated with using these Servers (called instances) on an hourly base. In images can be quite high. The fact that these particular, each user is allowed to run any pre- machines come pre-installed and pre-configured installed virtual machine image (called Amazon may communicate the wrong message, i.e., that Machine Image, or AMI ) on this ser- vice. To simplify they can provide an easy-to-use shortcut for users the setup of a server, Amazon offers an online that do not have the skills to configure and setup a catalog where users can choose between a large num- complex server. The reality is quite different, and ber of AMIs that come pre-installed with common this paper demonstrates that many different security services such as web servers, web applications, and considerations must be taken into account to make databases. An AMI can be created from a live sure that a virtual image can be operated securely. system, a virtual machine image, or another AMI by During our study we had continuous contact copying the file system contents to the Amazon Simple with the Amazon Web Services Security Team. Even Storage Service (S3) in a process called bundling. though Amazon is not responsible of what users Public images may be available for free, or may be put into their images, the team has been prompt in associated with a product code that allows companies addressing the security risks identified and to bill an additional usage cost via the Amazon described in this paper. Meanwhile, it has pub- DevPay payment service. Thus, some of these public lished public bulletins and tutorials to train users machines are provided by companies, some are freely on how to use Amazon Machine Images (AMIs) in a shared by single individuals, and some are created secure way [29, 28]. A more detailed description of by the Amazon team itself. the Amazon feedback is provided in Section 6. In In order to start an image, the user has to select a summary, this paper makes the following resource configuration (differing in processing, contributions: memory, and IO per- formance), a set of credentials • We describe the design and implementation of that will be used for login, a firewall configuration an au- tomated system that is able to for inbound connections (called a se- curity group ), instantiate and IJSERanalyze the security of public and the region of the data center in which the AMIs on the Amazon EC2 plat- form. machine will be started. • We provide detailed descriptions of the When an AMI is instantiated, its public DNS address is announced via the Amazon API, and the security tests that we performed on public machine is made accessible via SSH on port 22 AMIs. (Linux) or Remote Desktop on port 3389 • We describe the results of our security tests that (Windows). An important aspect of this cloud demon- strate that both the users and the computing service is that the instance’s maintenance providers of public AMIs may be vulnerable to is com- pletely under the responsibility of the user. security risks such as unau- thorized access, That is, she is the one who can be held responsible malware infections, and loss of sensi- tive for any content provided by the machine, and she is information. the one who has to assure its se- curity. This • The Amazon Web Services Security Team has includes, for example, the usual administration tasks acknowl- edged and taken steps to address of maintaining the configuration in a secure state the issues we have identified. We discuss the (i.e., applying patches for vulnerable software, countermeasures that they have taken, and choosing the right passwords, and firewall configuration), and only allowing se- cure, ———————————————— encrypted communication protocols. N Niranjan Rao is currently pursuing BE degree program in Computer science & engineering in Visvesvaraya Technological University, India, 2 AMI Testing Methodology PH-08023419099. E-mail: [email protected] Sreerag P.S is currently pursuing BE degree program in Computer To conduct our security evaluation, we developed an Science& engineering in Visvesvaraya Technological University, India, auto- mated system to instantiate and test the PH-+918050609779. E-mail: [email protected] “mazon’s AMIs. The architecture of our system is highlighted in Fig. 1, and consists of three main IJSER © 2015 http://www.ijser.org 1856 INTERNATIONAL JOURNAL OF SCIENTIFIC & ENGINEERING RESEARCH, VOLUME 6, ISSUE 4, APRIL-2015 ISSN 2229-5518 Instanciate AMI Check Login AMIs Robot published the AMI.