This is the latest in a series of concerns over cloud security. In the cloud services offered by Amazon and other providers, computing is done by virtual machines generated in physical data centers, and virtual machines dedicated to different customers may be created on the same server. Other research has shown that it is potentially possible to deliberately place a malicious virtual machine on the same physical server as a victim’s machines, and use that virtual machine to launch various kinds of attacks.
While the ongoing research that exposed these problems strengthens cloud computing overall, the episode shows that the price of a single vulnerability can be potentially enormous as cloud services proliferate and the data they work with mushrooms in value.
“Scale makes things more vulnerable—you have more components interacting with each other,” says Radu Sion, a computer scientist at Stony Brook University in New York. That creates a larger and more attractive target. Sion, who did not participate in the new research, heads the Cloud Computing Security Workshop, which was held alongside the ACM Computer and Communications Security Conference in Chicago last week and was where the paper was released.
As the virtual computers hosted by cloud providers grow in number and complexity, new attack methods of that sort are likely to arise, Sion predicts. The German research showed “a pretty serious vulnerability,” he adds, “but it can be fixed and has been fixed.”
Still, he contends that clouds are inherently more secure—and their operators better able to stay on top of new vulnerabilities—than thousands of millions of distributed users can ever be. And he says ongoing research in consultation with industry players, like that accomplished by the German experts, will work to keep commercial offerings as safe as possible. He adds, “I strongly believe the cloud is the way to go.”