on the battlefield with the dragons
play

On the battlefield with the Dragons the interesting and surprising - PowerPoint PPT Presentation

Dec 04, 2022 •793 likes •2.08k views

On the battlefield with the Dragons the interesting and surprising CTF challenges Mateusz "j00ru" Jurczyk, Gynvael Coldwind CONFidence 2014, Krakw Who Gynvael Coldwind o Dragon Sector Team Captain o http://gynvael.coldwind.pl/ o

  1. dosfun4you Last 5h: What we ended up using: ● LDT had a mirror entry for the Code Segment, but marked as writable Data Segment! ● We could overwrite the code. o E.g. a couple of functions with code that grabbed the flags and sent them over COM1 :) ● And then just trigger execution of these functions. Summary: really awesome task - unreal mode is interesting!

  2. curlcore Event: PlaidCTF 2014 Organizers: Plaid Parliament of Pwning Date: 11-13.04.2014 Category: Forensics Points: 250 (scale 100 - 500) Solved by: j00ru, valis

  3. curlcore • Three files provided: – capture (pcap file, network dump) – corefile (gdb core dump) – coremaps (process memory map) Background : curl was used to download a flag over HTTPS. You get the encrypted communication and a memory dump. Objective: decrypt the flag from communication.

  4. Initial recon • Session ID: 19ab5edc… • Cipher: AES256 (cbc mode)

  5. The valis way • Download OpenSSL sources and grep for “master key”, thus finding the following (ssl/t1_enc.c): #ifdef SSL_DEBUG fprintf(stderr, "Premaster Secret:\n"); BIO_dump_fp(stderr, ( char *)p, len); fprintf(stderr, "Client Random:\n"); BIO_dump_fp(stderr, ( char *)s->s3->client_random, SSL3_RANDOM_SIZE); fprintf(stderr, "Server Random:\n"); BIO_dump_fp(stderr, ( char *)s->s3->server_random, SSL3_RANDOM_SIZE); fprintf(stderr, "Master Secret:\n"); BIO_dump_fp(stderr, ( char *)s->session->master_key, SSL3_MASTER_SECRET_SIZE); #endif

  6. The valis way • Recompile OpenSSL with debug messages on and reproduce the steps taken by the organizers. • Find the master key in his own memory dump and note where it was found in memory. • Look around the same memory areas in the CTF core dump, searching for a unique, high-entropy binary blob.

  7. The valis way

  8. The valis way • Create a key.txt file with both the session id and master key: RSA Session-ID:19ab5edc02f097d5074890e44b483a49b083b043682993f046a55f265f11b5f4 MasterKey:191E5042E6B31371AA65258E13B2DC714D984DF8D68FAD678FF0A2FC49476D65C3A161F7185 72C3F5DB8566A0DE89E58 • Feed Wireshark with the file, decrypt the communication and get flag.

  9. The valis way

  10. My way • The AES256 key and IV are derived from the Master Secret. • They are used to directly encrypt and decrypt data sent over SSL. • They are most likely high entropy. • They must be somewhere in the core dump. • After all, how many unique, high-entropy 16/32-byte long strings can there be in a 10MB memory dump?

  11. Maybe… ?

  12. My way • Simple heuristic used: extract all unique blobs with no byte more frequent than 3 instances. • 4636 possible keys • 7834 possible IV’s • 36 318 424 possible (key, IV) pairs • It’s possible to check all of them!

  13. My way for i in range(len(chunks_32)): print "%u of %u" % (i, len(chunks_32)) key = chunks_32[i] for j in range(len(chunks_16)): iv = chunks_16[j] cipher = AES.new(key, AES.MODE_CBC, iv) decrypted = cipher.decrypt(data) if "flag" in decrypted: print "[+] Key: %s, IV: %s" % (key.encode('hex'), iv.encode('hex')) print "[+] %s" % decrypted exit(1)

  14. My way 0 of 4636 1 of 4636 … 3649 of 4636 3650 of 4636 [+] Key: 68f946e9c1fd339eec04fc048e651ba7642ee8df2519aaf308ab567f7e4bc231, IV: dd8a1b3ef7bc515ad102abbfe2d305a3 [+] GET /flag.html HTTP/1.1 User-Agent: curl/7.32.0 Host: curlcore.local.plaidctf.com Accept: */* =?Wî/ Đľ° V ±“ oç ‡a

  15. Find da key Event: Olympic CTF Sochi 2014 Organizers: More Smoked Leet Chicken Date: 7-9.02.2014 Category: Steganography Points: 200 (scale 100 - 500) Solved by: j00ru

  16. The task U3RlZ2Fub2dyYXBoeSBpcyB0aGUgYXJ0IGFuZCBzY2llbmNlIG9m IHdyaXRpbmcgaGlkZGVuIG1lc3NhZ2VzIGluIHN1Y2ggYSB3YXkgdGhhdCBubyBvbmV= LCBhcGFydCBmcm9tIHRoZSBzZW5kZXIgYW5kIGludGVuZGVkIHJlY2lwaWVudCwgc3VzcGU= Y3RzIHRoZSBleGlzdGVuY2Ugb2YgdGhlIG1lc3M= YWdlLCBhIGZvcm0gb2Ygc2VjdXJpdHkgdGhyb3VnaCBvYnNjdXJpdHkuIFS= aGUgd29yZCBzdGVnYW5vZ3JhcGh5IGlzIG9mIEdyZWVrIG9yaWdpbiBhbmQgbWVhbnMgImNvbmNlYW== bGVkIHdyaXRpbmciIGZyb20gdGhlIEdyZWVrIHdvcmRzIHN0ZWdhbm9zIG1lYW5pbmcgImNv dmVyZWQgb3IgcHJvdGVjdGVkIiwgYW5kIGdyYXBoZWluIG1lYW5pbmcgInRvIHc= cml0ZSIuIFRoZSBmaXJzdCByZWNvcmRlZCB1c2Ugb2YgdGhlIHRlcm0gd2FzIGluIDE0OTkgYnkgSm9o YW5uZXMgVHJpdGhlbWl1cyBpbiBoaXMgU3RlZ2Fub2dyYXBoaWEsIGEgdHJlYV== dGlzZSBvbiBjcnlwdG9ncmFwaHkgYW5kIHN0ZWdhbm9ncmFwaHkgZGlzZ8== dWlzZWQgYXMgYSBib29rIG9uIG1hZ2ljLiBHZW5lcmFsbHksIG1lc3P= YWdlcyB3aWxsIGFwcGVhciB0byBiZSBzb21ldGhpbmcgZWxzZTogaW1hZ2VzLCBhcnRp Y2xlcywgc2hvcHBpbmcgbGlzdHMsIG9yIHNvbWUgb3R= aGVyIGNvdmVydGV4dCBhbmQsIGNsYXNzaWNhbGx5LCB0aGUgaGlkZGVuIG1lc3NhZ2UgbWF5IGJlIGluIGludmm= c2libGUgaW5rIGJldHdlZW4gdGhlIHZpc2libGUgbGluZXMgb2YgYSBwcml2YXRlIGxldHRlci4NCg0KVGhl IGFkdmFudGFnZSBvZiBzdGVnYW5vZ3JhcGh5LCBvdmVyIGNy eXB0b2dyYXBoeSBhbG9uZSwgaXMgdGhhdCBtZXNzYWdlcyBkbyBub3QgYXR0cmFjdCBhdHRlbnRpb25= IHRvIHRoZW1zZWx2ZXMuIFBsYWlubHkgdmlzaWJsZSBlbmNyeXB0ZWQgbWVzc2FnZXOXbm8gbWF0dGVyIF== aG93IHVuYnJlYWthYmxll3dpbGwgYXJvdXNlIHN= . . . .

  17. The task • 109 lines of base64-encoded data. • After decoding, contents of the “ Steganography ” entry at Wikipedia Steganography is the art and science of writing hidden messages in such a way that no one , apart from the sender and intended recipient, suspe cts the existence of the mess age, a form of security through obscurity. T he word steganography is of Greek origin and means "concea led writing" from the Greek words steganos meaning "co vered or protected", and graphein meaning "to w rite". The first recorded use of the term was in 1499 by Joh annes Trithemius in his Steganographia, a trea tise on cryptography and steganography disg uised as a book on magic. Generally, mess ages will appear to be something else: images, arti cles, shopping lists, or some ot

  18. Approach • Are there any differences between the decoded text and original Wikipedia entry?

  19. Approach • Are there any differences between the decoded text and original Wikipedia entry? NOPE

  20. Approach • Is there any meaningful data hidden in the way the chunks were split?

  21. Approach • Is there any meaningful data hidden in the way the chunks were split? We couldn’t find any…

  22. Approach • The only other place information can be found in legitimate base64-encoded is the base64 format itself. • In Steganography tasks, the flag can be typically hidden in three places: – Redundant data in file formats. NOPE  – Multiple ways to represent the same data. NOPE  – Information ignored by file format parsers. Hmm…

  23. How base64 works Source: Wikipedia

  24. What if… … or …

  25. base64 basics • Every base64 byte encodes 6 bits of data. – The number of encoded bits doesn’t have to be divisible by 8. – The extra 2 or 4 bits are just discarded and not put into the output stream. You can hide information there!

  26. The solution if line.count("=") == 2: sol += bin((ord(base64.b64decode(line[-4:-2] + "AA")[1]) & 0xf0) >> 4)[2:].rjust(4, "0") elif line.count("=") == 1: sol += bin((ord(base64.b64decode(line[-4:-1] + "A")[2]) & 0xc0) >> 6)[2:].rjust(2, "0") 010000100110000101110011011001010101111101110011011010010111100001110100 011110010101111101100110011011110111010101110010010111110111000001101111 011010010110111001110100010111110110011001101001011101100110010100000000 Base_sixty_four_point_five

  27. RANDOM TECHNIQUES

  28. The SSP leak • Stack Smashing Protector is a well-known mitigation against stack-based memory corruption (e.g. buffer overflow) – first introduced in gcc 2.7 as StackGuard – later known as ProPolice – finally reimplemented by RedHat, adding the – fstack-protector and – fstack-protector-all flags.

  29. SSP basics • Restructures the stack layout to place buffers at top of the stack. • Places a secret stack canary in function prologue. – checks canary consistency with a value saved in TLS at function exit.

  30. SSP basics – canary verification

  31. SSP basics – canary verification wait… what are those?

  32. __stack_chk_fail *** stack smashing detected ***: ./test_32 terminated ======= Backtrace: ========= /lib32/libc.so.6(__fortify_fail+0x50)[0xf75c8b70] /lib32/libc.so.6(+0xe2b1a)[0xf75c8b1a] ./test_32[0x8048550] /lib32/libc.so.6(__libc_start_main+0xe6)[0xf74fcca6] ./test_32[0x8048471] ======= Memory map: ======== 08048000-08049000 r-xp 00000000 08:01 23334379 /home/j00ru/ssp_test/test_32 08049000-0804a000 rw-p 00000000 08:01 23334379 /home/j00ru/ssp_test/test_32 09f20000-09f41000 rw-p 00000000 00:00 0 [heap] f74e5000-f74e6000 rw-p 00000000 00:00 0 […] f7760000-f7767000 rw-p 00000000 00:00 0 f7772000-f7774000 rw-p 00000000 00:00 0 f7774000-f7775000 r-xp 00000000 00:00 0 [vdso] f7775000-f7791000 r-xp 00000000 08:01 27131910 /lib32/ld-2.11.3.so f7791000-f7792000 r--p 0001b000 08:01 27131910 /lib32/ld-2.11.3.so f7792000-f7793000 rw-p 0001c000 08:01 27131910 /lib32/ld-2.11.3.so ff9bc000-ff9d1000 rw-p 00000000 00:00 0 [stack] Aborted

  33. __stack_chk_fail *** stack smashing detected ***: ./test_32 terminated ======= Backtrace: ========= /lib32/libc.so.6(__fortify_fail+0x50)[0xf75c8b70] /lib32/libc.so.6(+0xe2b1a)[0xf75c8b1a] ./test_32[0x8048550] /lib32/libc.so.6(__libc_start_main+0xe6)[0xf74fcca6] ./test_32[0x8048471] ======= Memory map: ======== 08048000-08049000 r-xp 00000000 08:01 23334379 /home/j00ru/ssp_test/test_32 08049000-0804a000 rw-p 00000000 08:01 23334379 /home/j00ru/ssp_test/test_32 09f20000-09f41000 rw-p 00000000 00:00 0 [heap] f74e5000-f74e6000 rw-p 00000000 00:00 0 […] f7760000-f7767000 rw-p 00000000 00:00 0 f7772000-f7774000 rw-p 00000000 00:00 0 f7774000-f7775000 r-xp 00000000 00:00 0 [vdso] f7775000-f7791000 r-xp 00000000 08:01 27131910 /lib32/ld-2.11.3.so f7791000-f7792000 r--p 0001b000 08:01 27131910 /lib32/ld-2.11.3.so f7792000-f7793000 rw-p 0001c000 08:01 27131910 /lib32/ld-2.11.3.so ff9bc000-ff9d1000 rw-p 00000000 00:00 0 [stack] Aborted

  34. __stack_chk_fail void __attribute__ ((noreturn)) __stack_chk_fail ( void ) { __fortify_fail ("stack smashing detected"); }

  35. fortify_fail void __attribute__ ((noreturn)) __fortify_fail (msg) const char *msg; { /* The loop is added only to keep gcc happy. */ while (1) __libc_message (2, "*** %s ***: %s terminated\n", msg, __libc_argv[0] ?: "<unknown>") } libc_hidden_def (__fortify_fail)

  36. The argv array is at the top of the stack!

  37. The argv array is at the top of the stack!

  38. We can overwrite it, too! $ ./test_32 `perl -e 'print "A"x199'` *** stack smashing detected ***: ./test_32 terminated $ ./test_32 `perl -e 'print "A"x200'` *** stack smashing detected ***: terminated $ ./test_32 `perl -e 'print "A"x201'` *** stack smashing detected ***: terminated $ ./test_32 `perl -e 'print "A"x202'` Segmentation fault

  39. Requirements • In case of remote exploitation, have stderr redirected to socket. – libc writes the debug information to STDERR_FILENO . – pretty common configuration in CTF. • Have a long stack buffer overflow in a SSP-protected function. – in order to reach argv[0] at the top of the stack. • Unlimited charset is a very nice bonus.

Recommend

CHINA FINE WINES &amp; DRAGONS HOLLOW A NEW WORLD WINE Dragons Hollow Vineyards

CHINA FINE WINES &amp; DRAGONS HOLLOW A NEW WORLD WINE Dragons Hollow Vineyards

CHINA FINE WINES &amp; DRAGONS HOLLOW A NEW WORLD WINE Dragons Hollow Vineyards . 3824 Cedar Springs Road #390 Dallas, Texas 075219-4136USA 7 Phone:

723 views • 45 slides
Music and Words by Stephen Eisenhauer At JDPS were dragons from now until the end. And this

Music and Words by Stephen Eisenhauer At JDPS were dragons from now until the end. And this

Music and Words by Stephen Eisenhauer At JDPS were dragons from now until the end. And this is how well welcome you to the dragons den: On Monday youll hear us roar. At JDPS were dragons from now until the end. And this is how

253 views • 9 slides
Soccer Club Coach Information Session July 2020 Agenda Introductions Why coach at the

Soccer Club Coach Information Session July 2020 Agenda Introductions Why coach at the

Gloucester Dragons Recreational Soccer Club Coach Information Session July 2020 Agenda Introductions Why coach at the Dragons? What does it take to become a Dragons coach? Advantages of being a Dragons coach Forms to complete

247 views • 23 slides
Dragons Apprentice Challenge BRINGING EDUCATION, BUSINESS AND NOT FOR PROFIT TOGETHER TO

Dragons Apprentice Challenge BRINGING EDUCATION, BUSINESS AND NOT FOR PROFIT TOGETHER TO

Dragons Apprentice Challenge BRINGING EDUCATION, BUSINESS AND NOT FOR PROFIT TOGETHER TO DEVELOP YOUNG MINDS The story so far... The Dragons Apprentice Challenge predominantly aimed at 16 &amp; 17 year olds has been in operation for 7

322 views • 9 slides
Train ined to Kil ill: Battlefield Part rticipation in in Kurdish Fig ighters Matthew

Train ined to Kil ill: Battlefield Part rticipation in in Kurdish Fig ighters Matthew

Train ined to Kil ill: Battlefield Part rticipation in in Kurdish Fig ighters Matthew Cancia ian Can US training improve the battlefield participation of our partners? Combat motivation: the reasons why soldiers under fire believe that

742 views • 71 slides
At least not in your neighbourhood So you wind up campaigning Against the occasional lizard.

At least not in your neighbourhood So you wind up campaigning Against the occasional lizard.

You leave school to go out and slay a dragon And save the world, But, alas, there are no dragons, At least not in your neighbourhood So you wind up campaigning Against the occasional lizard. Bring on the dragons! Dragon poem (page 56 Peak

489 views • 6 slides
WebAssembly WebAssembly Here Be Dragons JF Bastien Dan Gohman Google Mozilla @jfbastien

WebAssembly WebAssembly Here Be Dragons JF Bastien Dan Gohman Google Mozilla @jfbastien

WebAssembly WebAssembly Here Be Dragons JF Bastien Dan Gohman Google Mozilla @jfbastien @sunfishcode Presentation given at the 2015 LLVM Developers Meeting on October 29th in San Jose, California. JF narrates: WebAssembly is a tale

654 views • 17 slides
MEDICAL SUPPORT TO THE WARFIGHTER: FROM BATTLEFIELD TO TERTIARY CARE &amp; BEYOND Lt Gen (ret)

MEDICAL SUPPORT TO THE WARFIGHTER: FROM BATTLEFIELD TO TERTIARY CARE &amp; BEYOND Lt Gen (ret)

MEDICAL SUPPORT TO THE WARFIGHTER: FROM BATTLEFIELD TO TERTIARY CARE &amp; BEYOND Lt Gen (ret) Douglas J. Robb, DO, MPH Chicago College of Osteopathic Medicine 84 1 The why AGENDA 2 the Why Not 3 and always keeping

1.01k views • 69 slides
The Arts of Foresight, T echnology and Dragons: an inquiry into new narratives Dr David Haley

The Arts of Foresight, T echnology and Dragons: an inquiry into new narratives Dr David Haley

The Arts of Foresight, T echnology and Dragons: an inquiry into new narratives Dr David Haley HonFCIWEM FRSA Ecological Artist, Visiting Professor, Zhongyuan University of T echnology Dr Vincent Walsh Researcher, Architecture Department

353 views • 33 slides
soul Possibly non-existent constructs. See also: presence, identity, trust. dragons of eden

soul Possibly non-existent constructs. See also: presence, identity, trust. dragons of eden

soul Possibly non-existent constructs. See also: presence, identity, trust. dragons of eden Carl Sagan and Anne Druyan. Speculations on the Evolution of Human Intelligence. 5:30pm, April 10th, 1901: Duncan Macdougall. .75 ounces: 21 grams

676 views • 30 slides
Dancing with dragons: Chinese import penetration and the performances of manufacturing firms in

Dancing with dragons: Chinese import penetration and the performances of manufacturing firms in

Dancing with dragons: Chinese import penetration and the performances of manufacturing firms in South Africa Sofia Torreggiani a Antonio Andreoni a , b a SOAS University of London, Department of Economics b University of Johannesburg, SARChID

450 views • 27 slides
Dragons Big Data &amp; Intelligent Transportation Systems Valerie Shuman Principal Shuman

Dragons Big Data &amp; Intelligent Transportation Systems Valerie Shuman Principal Shuman

Here Be Dragons Big Data &amp; Intelligent Transportation Systems Valerie Shuman Principal Shuman Consulting Group, LLC http://blog.oak-tree.us/wp-content/uploads/2010/08/SerpentsandDragons.jpg Cars produce 25 GB/Hour 1.67 Pb/Year BIG

328 views • 10 slides
National Park Service American Battlefield Protection Program Programmatic Agreement Fiscal Year

National Park Service American Battlefield Protection Program Programmatic Agreement Fiscal Year

National Park Service American Battlefield Protection Program Programmatic Agreement Fiscal Year 2019 Annual Meeting The National Park Service U.S. Department of the Interior American Battlefield Protection Program June 2, 2020 Nat

545 views • 33 slides
DUNGEONS &amp; DRAGONS As a Drupal project Hacking and slashing our way through real-world

DUNGEONS &amp; DRAGONS As a Drupal project Hacking and slashing our way through real-world

DUNGEONS &amp; DRAGONS As a Drupal project Hacking and slashing our way through real-world content management problems Exploring New Technology With Familiar Problems C/C++ JavaScript and jQuery Perl Drupal 6, 7, 8, Field

500 views • 37 slides
Topic 13 Recursive Backtracking &quot;In ancient times, before computers were invented,

Topic 13 Recursive Backtracking &quot;In ancient times, before computers were invented,

Topic 13 Recursive Backtracking &quot;In ancient times, before computers were invented, alchemists studied the mystical properties of numbers. Lacking computers, they had to rely on dragons to do their work for them. The dragons were clever

556 views • 55 slides
Ra Ray-Trace Traced d Re Refl flect ctio ions ns in in Battlefield V Johannes

Ra Ray-Trace Traced d Re Refl flect ctio ions ns in in Battlefield V Johannes

It Just Works: Ra Ray-Trace Traced d Re Refl flect ctio ions ns in in Battlefield V Johannes Deligiannis Jan Schmid EA DICE *PL ACEHOL DER* * PLAY GAMESCOM TRAILER OR SIMILAR * TODAY we present Raytracing Project

1.1k views • 87 slides
Welcome to Saab Sensor seminar Using sensors to locate threats an advantage on the battlefield

Welcome to Saab Sensor seminar Using sensors to locate threats an advantage on the battlefield

Welcome to Saab Sensor seminar Using sensors to locate threats an advantage on the battlefield COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED Your Name | Document Identification | Issue 1 Anders Carp Head of Business Area

679 views • 47 slides
Here be dragons Things we didnt cover in depth... int triangle(int a, int b, int c) { if (a

Here be dragons Things we didnt cover in depth... int triangle(int a, int b, int c) { if (a

Here be dragons Things we didnt cover in depth... int triangle(int a, int b, int c) { if (a &lt;= 0 || b &lt;= 0 || c &lt;= 0) { return 4; // invalid } if (! (a + b &gt; c &amp;&amp; a + c &gt; b &amp;&amp; b + c &gt; a)) { a &gt; c - b a

721 views • 33 slides
hic sunt dracones . here be dragons! Genetic and phenotypic architecture of complex traits

hic sunt dracones . here be dragons! Genetic and phenotypic architecture of complex traits

hic sunt dracones . here be dragons! Genetic and phenotypic architecture of complex traits Number of genes Dominance effects Genetic (mutational) load g Expressivity, pleiotropy, plasticity Interactions gene/gene, gene/environment

757 views • 48 slides
The Role of Medical Care in the Civil War: The Hospital and the Battlefield An Online

The Role of Medical Care in the Civil War: The Hospital and the Battlefield An Online

The Role of Medical Care in the Civil War: The Hospital and the Battlefield An Online Professional Development Seminar We will begin promptly on the hour. The silence you hear is normal. If you do not hear anything when the images change,

419 views • 27 slides
MURI: Training Knowledge and Skills for the Networked Battlefield ARO Award No. W911NF-05-1-0153

MURI: Training Knowledge and Skills for the Networked Battlefield ARO Award No. W911NF-05-1-0153

MURI: Training Knowledge and Skills for the Networked Battlefield ARO Award No. W911NF-05-1-0153 Annual Report, 9/12/08-8/14/09 Alice Healy and Lyle Bourne, Principal Investigators Benjamin Clegg, Bengt Fornberg, Cleotilde Gonzalez, Eric

743 views • 51 slides
Customer Experience as the next decade competitive battlefield Kaspar Roos Director of

Customer Experience as the next decade competitive battlefield Kaspar Roos Director of

Customer Experience as the next decade competitive battlefield Kaspar Roos Director of InfoTrends Customer Engagement Technology Advisory Service June, 2015 1 Agenda 1. Introduction 2. Customer Communications State of the Market 3.

437 views • 33 slides
System: Battlefield Acupuncture and Beyond Chester Trip Buckenmaier III, MD COL (ret), MC,

System: Battlefield Acupuncture and Beyond Chester Trip Buckenmaier III, MD COL (ret), MC,

Introduction of Acupuncture to the Military Health System: Battlefield Acupuncture and Beyond Chester Trip Buckenmaier III, MD COL (ret), MC, USA Director, DVCIPM Oct 2019 COL (ret) Chester Buckenmaier III, MD (301)400-4228)

766 views • 31 slides
Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz

Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz

Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz 1 Toni Masteli 2 Sebastian Pape 3 Wolter Pieters 4 Trajce Dimkov 5 1 IBM Research - Zurich 2 Vienna University of Technology 3 TU Dortmund 4 TU

683 views • 46 slides

More recommend