Sharing is Caring: Towards Analyzing Attack Surfaces on Shared Hosting Providers - Prof. Dr. Norbert Pohlmann

Sharing is Caring: Towards Analyzing Attack Surfaces on Shared Hosting Providers

J. Hörnemann, N. Pohlmann, T. Urban, Matteo Große-Kampmann: “Sharing is Caring: Towards Analyzing Attack Surfaces on Shared Hosting Providers”, GI-Sicherheit: Sicherheit, Schutz und Zuverlässigkeit. 2024

Towards Analyzing Attack Surfaces
Abstract: In this paper, we shed light on shared hosting services’ security and trust implications and measure their attack surfaces. To do so, we analyzed 30 shared hosters and found that all of them might leak relevant information, which could be abused unnoticed. An adversary could use this attack surface to covertly extract data from various third parties registered with a shared hoster.
Furthermore, we found that most hosters suffer from vulnerabilities that can be used by an internal attacker (i.e., someone using the service) to compromise other hosted services or the entire system.
Keywords: shared hosting; data leaks; cloud computing

1 Introduction
Shared hosting providers offer web services like storage, hosting, or data warehousing at affordable and competitive prices. Shared hosting vendors often advertise that they are suitable for small and medium-sized enterprises (SMEs) as an easy and affordable way to offer web services. Shared hosting is affordable because one shares the hosting hardware with other users.
In contrast to dedicated hosting, shared hosting provides the same computing and storage resources to different parties. This circumstance makes shared hosters a rich target for malicious actors because they might be able to not intrude into one but multiple entities at the same time. Shared hosting providers need to be aware of these risks and need to account for them accordingly (e.g., by implementing suiting security measures).
In this work, we focus on the technical security of shared hosting services. Based on 30 randomly selected hosters, we analyze if and to what extent an adversary could get access to the private data of other users or even overtake (some) services on the server. To do so, we evaluate common security threats used for privilege escalation. When analyzing the shared hosting providers, we processed over 3.5 million log files, analyzed 219 SUID binaries, and found 4,319 usernames. Finally, we assess the deployed security mechanisms of three randomly sampled hosters in a case study.

In summary, we make the following contributions:
• We analyze real-world shared hosters and identify tactics adversaries could use to escalate their privileges or exfiltrate data from shared hosters.
• For 30 randomly sampled hosters, we check for potential vulnerabilities an adversary could abuse (e.g., based on the installed kernel version) or sensitive data the hosters might leak (e.g., usernames and passwords).
• In three case studies, we assess specific implemented security mechanisms, and find that these hosters expose valuable information adversaries can use to attack the system (e.g., endpoints of other users or installed software).

…

kostenlos downloaden