A study of Oracle Cloud Infrastructure : Demonstration of the vulnerability or reliability of certain services through penetration attacks

Abstract: This thesis aims to assess the security of Oracle Cloud Infrastructure (OCI) through penetration testing of some of its services. Targeted at cloud, cybersecurity, governance, and compliance professionals as well as administrators or cyber enthusiasts in general, this research uncovers specific best practices to OCI. We employ a methodology in three steps published by Astra aimed at cloud services auditing, combining penetration testing techniques and thorough documentation review to evaluate the security posture of OCI services. The scope encompasses IAM and MySQL Managed Databases. We found that unproperly supervised ABAC policies could lead to privilege escalation through the tagging of computing resources and that the MySQL service does not present the major issues that occurred in the managed services of OCI’s main competitors. This research contributes to the growing body of knowledge on cloud security and offers practical recommendations to strengthen OCI deployments, ultimately fostering greater confidence in adopting OCI services.