Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

Cloud computing presents inherent privacy dangers, because the cloud provider can see a customer’s data and leased computational apparatus, known as “virtual machines.” New research suggests that as long as the cloud can see things, it might as well check that its customers aren’t running malicious code, new research suggests.

Researchers at IBM’s Watson Research Center in Yorktown, NY, and IBM’s Zurich Research lab have developed a system for cloud computing “introspection monitoring,” in which elements of the cloud would act as a kind of virtual bouncer. They’d frisk virtual machines to check what operating systems they’re using, whether they are running properly, and whether they contain malicious code, such as root-kits.

“It works by looking inside the virtual machine and trying to infer what it does. You don’t want malicious clients to give you all kinds of malware in their virtual machines that you will run in the cloud,” says Radu Sion, a computer scientist at Stony Brook University, who was not involved in the research. “Today the cloud does not offer privacy, so we might as well use the lack of privacy for introspection.”

The work by IBM was one of several papers presented last Friday at the ACM Cloud Computing Security Workshop, a first-of-its-kind event. The paper extends earlier research on introspection to make it more applicable to cloud settings such as Amazon’s EC2 service. “In clouds, the barrier to entry is lower, and the thing customers are most concerned about is their information. We want to make sure their information is handled in a manner consistent with their expectation of security and privacy,” says J.R. Rao, senior manager for secure software and services for IBM.

One specific way that clouds could present hazards is if hackers figure out how to place their malicious virtual machines on the same physical servers as those of their victims, as recent research has shown is possible. Cloud providers use multiple data centers and many thousands of servers, so finding the right one could be a crucial first step to a cloud computing attack. (Earlier research has shown that hackers using a given operating system can steal data from other users of the same operating system, and that similar vulnerabilities can exist when operating systems share the same servers.)

1 comment. Share your thoughts »

Credit: Technology Review

Tagged: Computing, Web, security, IBM, privacy, cloud computing, malware, cloud, malicious code

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me