(Page 2 of 2)
In other words, one of the key benefits of cloud computing--the ability to instantly expand or contract computational capacity as required--in this case provides a crucial vulnerability.
Once the researchers achieved such co-residence on Amazon's infrastructure, they were able, by monitoring ebbs and flows of the servers' processing speed and other factors, to indirectly learn what kinds of computing resources a would-be victim uses and when he uses them--often crucial clues that can reveal sensitive information about the victim's activities.
"I might find out all kind of business intelligence with things that these 'side-channels' might leak," says Radu Sion, a computer scientist at Stony Brook University who is chairing a cloud security workshop at an upcoming conference at which the paper will be presented. A flurry of heavy computational activity by a company running financial trading models, for example, could provide clues to a pending market movement. Concurrent high levels of activity between two brokers could suggest a pending transaction.
While the researchers said that actual theft of data is possible, they did not go ahead to demonstrate it. "Stealing encryption keys isn't something we have demonstrated in this context yet, but we have demonstrated that the underlying side-channels are capable of that," says Tromer.
It may even be possible to detect the victim's passwords through a so-called keystroke attack, Tromer says. Earlier research has demonstrated that analyzing the timing of keystrokes can reveal which letters have been struck on a keypad. The current paper adapted that insight to suggest that small spikes in activity from a victim's previously idle virtual machine can reveal the activity of a person typing a password. Measuring subtle load-changes provides a way of detecting the timing of the keystrokes and thus, potentially, the password.
The approach could also be used to perform much cruder attacks. If an attacker sits on the same servers as his victim, a conventional denial-of-service attack becomes possible simply by amping up his resource usage all at once.
In a statement, Amazon spokesman Kay Kinton says Amazon has "rolled out safeguards that prevent potential attackers from using the cartography techniques described in the paper." She added that for security reasons, Amazon could not disclose the details. However, Tromer says that the only full solution available today would be to give customers the option to avoid sharing physical servers with other customers. Creating unbreachable virtual walls between virtual machines that sit on the same server remains "an open research problem that we, and others, are working on," he says.
Amazon's statement also calls the side-channel method implausible. "The side channel techniques presented are based on testing results from a carefully controlled lab environment with configurations that do not match the actual Amazon EC2 environment. As the researchers point out, there are a number of factors that would make such an attack significantly more difficult in practice."
Amazon also said it had tightened access credential procedures, though this is not of direct relevance to the new paper. Rackspace did not return requests for comment made yesterday afternoon.
Cryptography solutions are far-off, but much can be done in the near term, says Whitfield Diffie.
Amazon hopes its latest payment technology will steal its competitors' thunder.
In many ways this story is overstating the actual risks of the cloud. The vulnerabilities discussed in the research require that the attacker achieve server co-location with the victim. This research depends on having known and public addresses for the victim machines in the cloud and either decoding the addresses or attempting to correlate activity to determine if the attacker is co-resident on the same physical hardware.
One of the big assumptions being made is that the cloud is used primarily as a public (web) service. While this is certainly a good use for cloud computing, it's only one of the uses and as enterprises move into the cloud, they are looking at putting a lot more than just web servers out there. Further, if the cloud is used for “running trading models,” it is unlikely to be configured for public access, so there will be no known public addresses, and no way to generate a load to decipher location. Without this information, a potential attacker is just out there wandering around in a lot of virtual machines. A recent estimate shows that up to 50,000 virtual machines are started every day in Amazon’s EC2 – many short-lived, but still a lot of machines to sort through, and a lot of work to obtain data of questionable value. Significant work and processing have to be added to even begin using this data for a cryptographic breach. Now imagine having to run this for hundreds of thousands to millions of servers. Remember, the research quoted in this article only shows that utilization data can be gathered, not that victim’s servers have been breached.
If you are really concerned about these kinds of attacks, there are both techniques and products out there that can mitigate these risks. As shown in the research, there are several instance types that are unassailable using this technique because they consume full machines, and based on our experience at CloudSwitch, protecting the networking from public access will make these techniques impractical even for a patient attacker.
John Considine
CTO & Founder of CloudSwitch, Inc.
www.cloudswitch.com
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
This document is part of the “How-To Guide for Most Common Measurements” centralized resource portal. This tutorial provides a detailed guide for measurement and device considerations to take temperature measurements using thermocouples. Get an introduction to thermocouples, which are inexpensive sensing devices widely used with PC-based data acquisition systems. Also review some specific thermocouple examples and learn how thermocouples work and ways to integrate them into a data acquisition measurement system.
View full PDF >
Listen to story > 
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
zaharia1010
1 Comment
EC2 vs Microsoft Azure
Hello,
My position regarding this is:
1. bad news - for Cloud Computing: a cloud technology – pretty well validated until now – is vulnerable on attacks; this will affect generally all cloud tendencies
2. (partially) good news - for Microsoft: MS has Azure as fabric (the VM is not directly accessible, at least not at this moment); that means that an isolation tier separates the physical machine and the virtual ones from the application tier. The result is much less vulnerability on such type of attacks.
I think MS should rapidly respond on this, by emphasizing its technology specificity. It may the moment for them to take advantage of the situation.
Reply