API vulnerabilities in cloud computing platform: Attack and detection

Abstract

Nowadays most of cloud management software such as OpenStack and CloudStack provide an API to facilitate the communication and exchange of data between users, application, cloud components and infrastructure. Due to complexity of cloud management software implementation, the provided API has vulnerabilities which can be exploited by malicious party. Once exploited, it can cause security issue and disrupt the availability of services running on the cloud infrastructure. Hence; it is importance to address cloud API security by identifying potential threats, demonstrating how such threats could be exploited and how to detect such threat. This paper presents the topic of API Vulnerabilities in Cloud Computing Platform: Attack and Detection. We will discuss the vulnerabilities of the API in cloud management software. Based on these vulnerabilities, this paper will demonstrate how eavesdropping on cloud API authentication services and API exhaustion attack can be initiated. To address the threat due to the vulnerabilities of the API, we need to detect attack which exploits the vulnerabilities. Thus this paper also proposes and demonstrates methods to detect such attack effectively. Method to detect ongoing API exhaustion attack will be based on AD3 algorithm. From the experiments result, it shows that attacks on the cloud platform AP can be detected effectively.