Published: Sep 22, 2021 The following paper has been accepted at the IEEE International Conference on Smart Data Services (SMDS 2021):
- Title: Assessing the Effectiveness of the Shared Responsibility Model for Cloud Databases: the Case of Google's Firebase
- Authors: Biniam Fisseha Demissie, Silvio Ranise
- Abstract: Migrating databases to the cloud requires the adoption of the shared responsibility model for protecting data. The database-as-a-service provider secures the database from different kinds of attacks while the developer defines the access control policy to prevent unauthorized access. Recent reports show that developers fail to properly secure their cloud databases leading to sensitive data leaks. In this paper, we investigate the prevalence of the access control misconfigurations in 50K+ top Android apps that use one of the most popular cloud database services, namely Firebase. Overall, we found 763 apps (1 billion downloads) with public databases and 536 apps (630 million downloads) with world-writable databases. Considering the popularity of these apps and the cross-platform nature of Firebase databases, our findings reveal a worrying state in the adoption of the shared responsibility model for the security of cloud databases. To assist developers, we make our prototype tool publicly available as an Android Studio plugin. The plugin performs static analysis to automatically extract Firebase database information from the app under development and checks its configuration status.
The presentation of the paper has been done by Biniam Fisseha Demissie on Thursday, September 9, 2021, at 20:00.
The pre-print version of the paper can be found here.
About the conference
- Name: IEEE International Conference on Smart Data Services (SMDS 2021)
- Date: from September 05, 2021 to September 11, 2021
- Location: Virtual Event
- Website: https://conferences.computer.org/smds/2021/
Biniam Fisseha Demissie