Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

Handing sensitive data over to a cloud computing provider makes many companies skittish. But new software, called HomeAlone, could help them come to terms with using such services.

Cloud computing can save companies money by providing inexpensive, flexible storage and processing resources that are managed for them. All the same, many companies remain hesitant to turn their data over to a third party.

Cloud computing platforms provide a single point of entry for large amounts of company data, and providers often host customers’ data in virtual environments that span many different machines. Researchers say this architecture could be exploited to gain access to private data.

Some organizations, such as NASA, demand that cloud providers store their data on machines that no one else uses. But even that is not enough of a guarantee for some. Until now, it’s been almost impossible to verify that sensitive data is indeed isolated.

HomeAlone, which will be presented in May at the IEEE Symposium on Security and Privacy, takes a first step toward assuring companies that their data is secure. The software lets companies that ask for their data to be stored in physical isolation to verify that it is, in fact, alone on a server.

Michael Reiter, a professor of computer science at the University of North Carolina who was involved with the work, says he and his collaborators chose to support the most extreme case—where data and processing are so sensitive they must be separated from everyone else’s.

Cloud computing companies use virtual machines so that software can run on any piece of hardware. Multiple virtual machines can run on the same server, but it’s hard for a customer to know when this is occurring. So cloud customers have been unable to tell whether their data is at risk or may have been compromised.

“People now trust the cloud provider to configure the computing environment correctly based on the service-level agreement, but there’s no way to verify that,” says Alina Oprea, a research scientist at RSA Laboratories who was involved with the work. HomeAlone can confirm that data is alone on a server without requiring cooperation from the cloud provider. It detects the presence of any unexpected virtual machines on the server, whether those are attackers trying to steal data or simply virtual machines that have ended up there by mistake.

0 comments about this story. Start the discussion »

Credit: Technology Review
Video by David Talbot, edited by JR Rost

Tagged: Computing, security, cloud computing, IEEE Symposium on Security and Privacy, virtual machines

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me
×

A Place of Inspiration

Understand the technologies that are changing business and driving the new global economy.

September 23-25, 2014
Register »