Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

On-demand cloud computing and data storage can save companies money, but many businesses—particularly in finance and health care—are wary of handing data to third parties, fearing hacking, accidental data loss, or theft by rogue employees of cloud providers.

New security solutions are appearing: One verifies cloud providers’ claims that your data is safely lodged on its own server. Another protects your cloud-based data by using a math function to divide it into 16 segments, any 10 of which can be used to re-create the entire original set.

The first of these solutions responds to recent demonstrations that hacking within clouds—using one set of rented computers or “virtual machines” to attack another—is theoretically possible. In 2009, computer scientists at the University of California, San Diego and MIT showed how an attacker using Amazon’s Elastic Compute Cloud could land on the same physical server as his intended victim. (In one method, they forced a hypothetical victim to hire more virtual machines by bombarding his website with traffic and then created attacking virtual machines at the same time. This put the two sets of machines on the same cloud server 40 percent of the time.)

The researchers also pointed out that attackers who sat on the same servers as victims could do things like monitor usage of shared physical resources, such as the server’s central processing unit (CPU), to infer information such as what kinds of programs the victim was running and how much Web traffic the victim was handling. These actions are known as “side-channel” attacks.

Amazon, in a move similar to ones made by other cloud providers, now offers a virtual private cloud service in which a customer is promised his own isolated server. Because customers are likely to want to confirm that they’re getting what they paid for, a group of researchers at RSA Laboratories, in Cambridge, Massachusetts, and the University of North Carolina at Chapel Hill has developed a verification method that involves monitoring a piece of shared server hardware called the CPU cache, which allows quick access to frequently tapped memory resources. The prototype technology lets a client monitor whether the CPU cache on its cloud server is doing anything beyond what would be expected by the client’s own computation. Such a discovery would suggest that someone else is sharing the server. “This allows you to check on your situation in the cloud,” says Thomas Ristenpart, a computer scientist at the University of Wisconsin, Madison, and a coauthor of the paper that described the Amazon weakness. “It’s a way of doing detection on when you actually have a physical server to yourself.”

1 comment. Share your thoughts »

Credit: Technology Review

Tagged: Business, Business Impact, Securing Data

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me