Flux Research Group / School of Computing

Potassium: Penetration Testing as a Service

Cai (Richard) Li, Dallin Abendroth, Xing Lin, Yuankai (Kyle) Guo, Hyun-wook Baek, Eric Eide, Robert Ricci, and Jacobus (Kobus) Van der Merwe

6th ACM Symposium on Cloud Computing (SoCC) 2015.

DOI: 10.1145/2806777.2806935

areas
Networking, Security, Virtualization, Software Testing, Cloud

abstract

Penetration testing—the process of probing a deployed system for security vulnerabilities—involves a fundamental tension. If one tests a production system, there is a real danger of collateral damage; this is particularly true for systems hosted in the cloud due to the presence of other tenants. If one tests against a separate system brought up to model the live one, the dynamic state of the production system is not captured, and the value of the test is reduced. This paper presents Potassium, which provides penetration testing as a service (PTaaS) and resolves this tension for system owners, penetration testers, and cloud providers. Potassium uses techniques originally developed for live migration of virtual machines to clone them instead, capturing their full disk, memory, and network state. Potassium isolates the cloned system from the rest of the cloud, providing confidence that side effects of the penetration test will not harm other tenants. The penetration tester effectively owns the cloned system, allowing testing to be more thorough, efficient, and automatable. Experiments with our Potassium prototype show that PTaaS can detect real-world vulnerabilities while having minimal impact on cloud-based production systems.