NCI WEBSITE
NORMA eResearch @NCI Library

Data Exposure Analysis of Misconfigured S3 Buckets: A Quantitative Approach

Tools

Onyia, Franklin Ebuka (2023) Data Exposure Analysis of Misconfigured S3 Buckets: A Quantitative Approach. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
 PDF (Master of Science)
Download (1MB) | Preview
[thumbnail of Configuration Manual]
Preview
 PDF (Configuration Manual)
Download (549kB) | Preview

Abstract

This research paper evaluates the risk of exposure of AWS S3 bucket as regards to poor configuration of its security setting. Collection of datasets (exposed AWS S3 Buckets) were done using Grayhat Warfare API, with focus on AWS S3 Bucket. This was followed by data cleaning and transformation using Python Pandas library. Visualization tools were utilized for data interpretation, while statistical methods were used to analyse the content type and exposure duration. Correlation, regression analysis, as well as heatmaps generation were done using Scikit-learn. Study, made sure it followed ethical standards by ensuring data accuracy and confidentiality. The study also focused on the general trends rather than datapoints. Our findings showed that insecure buckets are numerous and remain a serious problem if close attention is not paid towards it. It also showed that many of the S3 Buckets held sensitive files of which greater quantity are “PDF” files that were left unsecured due to negligence. It further showed that many data were exposed for many days, while some of the files remained unchanged for thousands of days with regards to the data from the “last modified” date analysis. In addition, files size analysis with respect to time of exposure, showed that large files are not necessarily at risky when exposed over a long period of time, taken from the low negative correlation result between the file size and the exposure time analysis. However, this study reveals the need for improvement in cloud storage security. Development of automatic tools or software for the identification and resolution of misconfigurations in cloud-based storage and the exploration of machine learning for predicting risk analysis is recommended for future work of this research work. Also, Businesses would thrive in this era of cloud technology growth if advanced cloud security solutions are built.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Haque, Rejwanul
UNSPECIFIED
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Cloud computing
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions: School of Computing > Master of Science in Cloud Computing
Depositing User: Ciara O'Brien
Date Deposited: 09 Apr 2025 14:12
Last Modified: 09 Apr 2025 14:12
URI: https://norma.ncirl.ie/id/eprint/7398

Actions (login required)

View Item View Item