Machine image sniping is a difficult-to-detect security vulnerability in cloud computing code. When programmatically initializing a machine, a developer must specify which machine image (operating system and file system) to use as the basis for the new machine. The developer should restrict the search to only those machine images which their organization controls: otherwise, an attacker can insert a similar but malicious image into the public database, where it might be selected instead of the image intended by the developer when initializing a new machine. We present a lightweight type and effect system that detects requests to a cloud provider that are vulnerable to an image sniping attack, or proves that no vulnerable request exists in a codebase. We prototyped our type system for Java programs that request Amazon Web Services machines, and evaluated it on more than 500 codebases, detecting 12 vulnerable requests with only 3 false positives.

I’m a Ph.D. student at the University of Washington Paul G. Allen School of Computer Science & Engineering. I work in the PLSE group on lightweight software verification. My advisor is Mike Ernst.

My current work is focused on building type systems on top of the Checker Framework to solve practical problems in software engineering.