Signed URL for an Isolated Web Server in a Virtual Laboratory
December 2017
Pages 218 - 222
Abstract
A Virtual laboratory system with high requirements learning units, is struggling in serving a large number of users, because the available hardware resources are limited. One way to increase the scalability is by involving the user on-premise machine as a part of a virtual laboratory. The user on-premise machine replaces a machine in a virtual laboratory. This cannot be done in every learning unit scenario, because the virtual laboratory is isolated and must be kept isolated and secured. In a virtual laboratory for Internet Security e-Learning, a machine that can be replaced by the user on-premise machine is an attacking machine. In this research, we focus on a web based application attack that uses an Internet browser as a tool to do the attack. We propose an approach that can provide a secured access to the web server inside an isolated virtual laboratory, using a signed uniform resource locator (URL) and a reverse proxy. We develop a reverse proxy that able to verify a signed URL, run a shell script and forward the web request to the designated isolated web server.
References
[1]
C. Willems and C. Meinel. Practical Network Security Teaching in an Online Virtual Laboratory. In Proceedings of the 2011 International Conference on Security and Management (SAM 2011), p. 65--71, Las Vegas, USA, 2011.
[2]
D. Moritz, C. Willems, M. Goderbauer, P. Moeller, & C. Meinel. (2013, August). Enhancing a virtual security lab with a private cloud framework. In Teaching, Assessment and Learning for Engineering (TALE), 2013 IEEE International Conference on (pp. 314--320). IEEE.
[3]
K. Amorin, L. AlAufi. CloudWhip: A Tool for Provisioning Cyber Security Labs in the Amazon Cloud. Security and Management (SAM), 2014. - world-comp.org.
[4]
J. Sianipar, C. Willems, C. Meinel. (2016). "A Containerbased Virtual Laboratory for Internet Security e-Learning". International Journal of Learning and Teaching. IJLT. Vol. 2, No. 2, December 2016.
[5]
J. Hu, M. Schmitt, C. Willems, and C. Meinel. "A tutoring system for IT-Security", in Proceedings of the 3rd World Conference in Information Security Education, p. 51--60, Monterey, USA, 2003.
[6]
J. Hu and C. Meinel. "Tele-Lab IT-Security on CD: Portable, reliable and safe IT security training", Computers & Security, 23:282--289,2004.
[7]
J. Hu, D. Cordel, and C. Meinel. "A Virtual Machine Architecture for Creating IT-Security Laboratories", Technical report, Hasso-Plattner-Insitut, 2006.
[8]
C. Willems and C. Meinel. "Tele-Lab IT-Security: an Architecture for an online virtual IT Security Lab", International Journal of Online Engineering (iJOE), X, 2008.
[9]
C. Willems, T. Klingbeil, L. Radvilavicius, A. Cenys, and C. Meinel. 2011. A distributed virtual laboratory architecture for cybersecurity training, In Proc. of the 6th International Conference on Internet Technology and Secured Transactions, 2011, pp. 408--415.
[10]
J. Sianipar, C. Willems, C. Meinel. (2016). "Crowdsourcing Virtual Laboratory Architecture on Hybrid Cloud". INTED2016 Proceedings, pp. 2940--2949.
[11]
Temporary URL, https://docs.openstack.org/juno/configreference/content/object-storage-tempurl.html, 15 September 2017.
[12]
Signed URL, https://cloud.google.com/storage/docs/accesscontrol/create-signed-urls-program, 15 September 2017.
[13]
Pre-Signed URL, http://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html, 15 September 2017.
[14]
SAS, https://docs.microsoft.com/enus/ azure/storage/common/storage-dotnet-shared-accesssignature-part-1, 15 September 2017
[15]
Graupner, H., Torkura, K., Berger, P., Schnjakin, M. & Meinel, C. (2015 ). Secure Access Control for Multi-Cloud Resources. Proceedings of the 40th IEEE Conference on Local Computer Networks (LCN), IEEE.
[16]
E. Saleh, Ibrahim Takouna, and Christoph Meinel: SignedQuery: Protecting Users Data in Multi-tenant SaaS Environments. IEEE ICACCI, Mysore, India, 2013.
[17]
Reverse Proxy, http://httpd.apache.org/docs/2.0/mod/mod proxy.html#forwardreverse, 15 September 2017.
[18]
P. Wurzinger, C. Platzer, C. Ludl, E. Krida, and C. Kruegel, SWAP: Mitigating XSS Attacks using a Reverse Proxy, Proc. of the SESS, Vancouver, May 2009, pp. 33--39
[19]
C. H. Lin, J. C. Liu, & C. C. Lien, Detection method based on reverse proxy against web flooding attacks. In Intelligent Systems Design and Applications, 2008. ISDA-08. Eighth International Conference on (Vol. 3, pp. 281--284). IEEE.
[20]
F. Valeur, G. Vigna, C. Kruegel and E. Kirda, An anomalydriven reverse proxy for web applications, in: Proceedings of the ACM Symposium on Applied Computing (SAC), Dijon, France, April 2006.
Index Terms
- Signed URL for an Isolated Web Server in a Virtual Laboratory
Recommendations
Team Placement in Crowd-Resourcing Virtual Laboratory for IT Security e-Learning
ICCBDC '17: Proceedings of the 2017 International Conference on Cloud and Big Data ComputingA crowd-resourcing virtual laboratory is a virtual laboratory in which some of the resources are obtained from the crowd. The virtual laboratory is for IT Security e-Learning, where a trainee needs an isolated laboratory environment to do the practical ...
Virtual Machine Integration & Fault Recovery in Crowd-Resourcing Virtual Laboratory
ICCCM '19: Proceedings of the 7th International Conference on Computer and Communications ManagementCrowd-Resourcing virtual laboratory (CRVL) uses some resources which were shared by the crowd as the contributors to run virtual laboratory exercises. The shared resource is in the form of a virtual machine (VM) that must be automatically integrated ...
Enabling Instantaneous Relocation of Virtual Machines with a Lightweight VMM Extension
CCGRID '10: Proceedings of the 2010 10th IEEE/ACM International Conference on Cluster, Cloud and Grid ComputingWe are developing an efficient resource management system with aggressive virtual machine (VM) relocation among physical nodes in a data center. Existing live migration technology, however, requires a long time to change the execution host of a VM, it ...
Comments
Information & Contributors
Information
Published In
December 2017
270 pages
ISBN:9781450354356
DOI:10.1145/3175536
Copyright © 2017 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 20 December 2017
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ICETC 2017
ICETC 2017: 2017 9th International Conference on Education Technology and Computers
December 20 - 22, 2017
Barcelona, Spain
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 60Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Other Metrics
Citations
Cited By
View allView Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in