Skip to main content
SpringerLink
Log in

Angriffe gegen Cloud Computing

  • Chapter
  • First Online:
Daten- und Identitätsschutz in Cloud Computing, E-Government und E-Commerce

  • 7107 Accesses

Zusammenfassung

Der Begriff „Cloud Computing “ wurde geprägt als eine zwar nicht scharfe, aber dennoch technisch fundierte Beschreibung verschiedener neuer Outsourcing-Technologien. Mittlerweile ist daraus ein reiner Marketingbegriff geworden, der auf alle möglichen Arten von Webanwendungen, insbesondere auf Web Storage, angewandt wird. Es ist daher zunächst eine Begriffsklärung erforderlich.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 49.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Grance und Mell 2009.

  2. 2.

    http://aws.amazon.com/de/.

  3. 3.

    Eucalyptus, http://open.eucalyptus.com/.

  4. 4.

    http://www.microsoft.com/germany/business/cloudservices/.

  5. 5.

    Sempolinski und Thain 2010.

  6. 6.

    Ristenpart et al. 2009, S. 199.

  7. 7.

    Bugiel et al. 2011, S. 389.

  8. 8.

    http://code.google.com/p/browsersec/wiki/Main.

  9. 9.

    http://eisabainyo.net/weblog/2009/04/06/iframe-injection-attack/.

  10. 10.

    http://www.owasp.org/index.php/Cross-site_Scripting_(XSS).

  11. 11.

    http://en.wikipedia.org/wiki/SQL_injection.

  12. 12.

    http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF).

  13. 13.

    https://freedom-to-tinker.com/blog/wzeller/popular-websites-vulnerable-cross-site-request-forgery-attacks/.

  14. 14.

    http://en.wikipedia.org/wiki/Representational_State_Transfer

  15. 15.

    http://www.w3.org.

  16. 16.

    http://www.w3.org/XML/1999/XML-in-10-points.html.

  17. 17.

    James Clark: XSL Transformations (XSLT) Version 1.0., http://www.w3.org/TR/xslt.

  18. 18.

    Bradley W. Hill: Command Injection in XML Signatures and Encryption. http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf

  19. 19.

    David C. Fallside, Priscilla Walmsley:XML Schema Part 0: Primer Second Edition. http://www.w3.org/TR/2004/REC-xmlschema-0-20041028/.

  20. 20.

    Roberto Chinnici, Jean-Jacques Moreau, Arthur Ryman, Sanjiva Weerawarana: Web Services Description Language (WSDL) Version 2.0 Part 1: Core Language. http://www.w3.org/TR/wsdl20/.

  21. 21.

    Donald Eastlake, Joseph Reagle, David Solo, Frederick Hirsch, Thomas Roessler: XML Signature Syntax and Processing (Second Edition). http://www.w3.org/TR/xmldsig-core/.

  22. 22.

    McIntosh und Austel 2005, S. 20.

  23. 23.

    Donald Eastlake, Joseph Reagle: XML Encryption Syntax and Processing. http://www.w3.org/TR/xmlenc-core/.

  24. 24.

    Jager und Somorovsky 2011.

  25. 25.

    Nilo Mitra, Yves Lafon: SOAP Version 1.2 Part 0: Primer (Second Edition). http://www.w3.org/TR/2007/REC-soap12-part0-20070427/.

  26. 26.

    http://msdn.microsoft.com/en-us/library/ms977312.aspx.

  27. 27.

    Anthony Nadalin, Chris Kaler, Ronald Monzillo, Phillip Hallam-Baker: Web Services Security: 4 SOAP Message Security 1.1, http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf.

  28. 28.

    Asir S. Vedamuthu, David Orchard, Frederick Hirsch, Maryann Hondo, Prasad Yendluri, Toufic Boubez, Ümit Yalçinalp: Web Services Policy 1.5– Framework, http://www.w3.org/TR/ws-policy/.

  29. 29.

    Anthony Nadalin, Marc Goodner, Martin Gudgin, Abbie Barbir, Hans Granqvist: WS-SecurityPolicy 1.2, http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/ws-securitypolicy-1.2-spec-cd-01.pdf.

  30. 30.

    Anthony Nadalin, Marc Goodner, Martin Gudgin, Abbie Barbir, Hans Granqvist: WS-Trust 1.3, http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.pdf.

  31. 31.

    http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wsfed.

  32. 32.

    Anthony Nadalin, Marc Goodner, Martin Gudgin, Abbie Barbir, Hans Granqvist: WS-SecureConversation 1.3, http://docs.oasis-open.org/ws-sx/ws-secureconversation/v1.3/ws-secureconversation.pdf.

  33. 33.

    Gartner Consulting: Seven Cloud Computing Risks, http://www.infoworld.com/article/08/07/02/Gartner_Seven_cloudcomputing_security_risks_1.html.

  34. 34.

    Jensen et al. 2009

Literatur

  • Bugiel S, Nürnberger S, Pöppelmann T, Sadeghi AR, Schneider T (2011) AmazonIA: when elasticity snaps back. In: The 18th ACM conference on computer and communications security (CCS), S 389−400

    Google Scholar 

  • Grance T, Mell P (2009) The NIST definition of cloud computing, Version 1.5, October 7, 2009. http://csrc.nist.gov/groups/SNS/cloud-computing

  • Jager T, Somorovsky J (2011) How to break XML encryption. The 18th ACM conference on computer and communications security (CCS)

    Google Scholar 

  • Jensen M, Gruschka N, Lo Iacono L, Schwenk J (2009) On technical security issues in cloud computing. In: Proceedings of the IEEE international conference on cloud computing (CLOUD-II), Bangalore, India

    Google Scholar 

  • McIntosh M, Austel P (2005) XML signature element wrapping attacks and countermeasures—workshop on secure web services (SWS 2005). ACM Press, New York, S 20–27

    Google Scholar 

  • Ristenpart T, Savage S, Shacham H, Tromer E (2009) Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. The 16th ACM conference on computer and communications security (CCS), S 199−212

    Google Scholar 

  • Sempolinski P, Thain D (2010) A comparison and critique of eucalyptus, opennebula and nimbus. University of Notre Dame, USA

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Lehrstuhl für Netz- und Datensicherheit, Ruhr-Universität Bochum, Universitätsstraße 150, 44801, Bochum, Deutschland

    Prof. Dr. Jörg Schwenk

Authors
  1. Prof. Dr. Jörg Schwenk
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jörg Schwenk .

Editor information

Editors and Affiliations

  1. , Lehrstuhl für Bürgerliches Recht, Ruhr-Universität Bochum, Universitätsstraße 150, Bochum, 44801, Germany

    Georg Borges

  2. , Lehrstuhl für Netz- und Datensicherheit, Ruhr-Universität Bochum, Universitätsstraße 150, Bochum, 44801, Germany

    Jörg Schwenk

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Schwenk, J. (2012). Angriffe gegen Cloud Computing. In: Borges, G., Schwenk, J. (eds) Daten- und Identitätsschutz in Cloud Computing, E-Government und E-Commerce. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30102-5_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-30102-5_1

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-30101-8

  • Online ISBN: 978-3-642-30102-5

  • eBook Packages: Humanities, Social Science (German Language)

Publish with us

Policies and ethics

Search

Navigation