On Man-In-The-Cloud (MITC) attacks: The analytical case of Linux

Abstract

Device synchronization is a new technology integrated into the cloud which has seen widespread implementation from major cloud vendors but has not been spared of attacks by MITC attacks directed towards cloud synchronization achieved via a myriad of attack vectors. These target the synchronization token which lacks authenticity validation of the token bearer. We explore MITC in Linux systems by partitioning the cloud into abstract layers and employing a conceptual finite state machine for system security modeling and attack trees for analysis. We further deduce MITC attack properties and contrast them against conventional attacks and thus recommend mitigation techniques.