Python
Aim:
To systematically analyze and identify security vulnerabilities in websites that allow users to upload files directly to cloud storage services, assess their real-world prevalence, and propose effective mitigation strategies to protect users, websites, and cloud infrastructure from potential abuse, data breaches, and operational disruptions.
Abstract:
With the growing reliance on cloud storage services for handling large volumes of user-generated data, a new paradigm has emerged where users directly upload files from their browsers to cloud platforms. While this approach improves efficiency and reduces server load, it introduces significant security challenges due to the complex interactions among web users, web servers, and cloud storage providers. This study presents the first systematic investigation into this scenario, uncovering six novel types of vulnerabilities, including issues related to upload credential misuse, file type/size restrictions, and callback spoofing. Analyzing 28 popular websites out of 182 that use cloud storage (among the top 500 Alexa-ranked sites), the study found that every one of them had at least one of the identified vulnerabilities, totaling 79 new issues. The findings highlight the critical need for better access control, credential management, and notification integrity. The paper concludes with practical mitigation techniques and responsible disclosures to affected websites, contributing valuable insights to future web security research and practices.
Proposed System:
In the proposed system, an enhancement is introduced to improve the security of direct user file uploads to cloud storage by integrating the VirusTotal API at the cloud server level. Unlike the existing system, where uploaded files are stored immediately after passing basic credential checks, the proposed approach adds an additional malware scanning step before finalizing the upload. When a user uploads a file using a temporary credential, the cloud server intercepts the file and sends it to VirusTotal for analysis. VirusTotal scans the file using multiple antivirus engines to detect potential threats such as malware, trojans, or viruses. Only if the file is verified as safe does the cloud server allow it to be stored or notify the web server of a successful upload. If the file is flagged as malicious, the upload is aborted, and the server is alerted. To improve performance and scalability, Spring Reactive WebFlux is used instead of the traditional MVC model, enabling non-blocking, asynchronous request handling and better real-time throughput under high-load conditions. This integration significantly enhances the security of cloud storage systems by preventing the storage and distribution of harmful content, while also improving responsiveness.
Advantages:
The proposed CloudVault system significantly improves security by introducing multiple layers of protection during direct file uploads to cloud storage. It incorporates VirusTotal API integration to scan files with multiple antivirus engines before allowing them to be stored, ensuring that only safe content is accepted. The use of OAuth 2.0 and JWT-based authentication enables secure, stateless user sessions, while scoped and time-limited credentials reduce the risk of misuse. The server performs strict validation of file types, sizes, and formats, preventing uploads that could exploit the system. Unlike the existing model, the server actively participates in the upload flow by intercepting files, enabling greater control, monitoring, and auditing. . By leveraging Spring WebFlux instead of MVC, the system handles concurrent users and file scans efficiently with non-blocking I/O, making it scalable and reactive. Additionally, users receive clear feedback on upload outcomes, enhancing transparency and trust.
Reviews
There are no reviews yet.