Handing sensitive data over to a cloud computing provider makes many companies skittish. But new software, called HomeAlone, could help them come to terms with using such services.
Cloud computing can save companies money by providing inexpensive, flexible storage and processing resources that are managed for them. All the same, many companies remain hesitant to turn their data over to a third party.
Cloud computing platforms provide a single point of entry for large amounts of company data, and providers often host customers’ data in virtual environments that span many different machines. Researchers say this architecture could be exploited to gain access to private data.
Some organizations, such as NASA, demand that cloud providers store their data on machines that no one else uses. But even that is not enough of a guarantee for some. Until now, it’s been almost impossible to verify that sensitive data is indeed isolated.
HomeAlone, which will be presented in May at the IEEE Symposium on Security and Privacy, takes a first step toward assuring companies that their data is secure. The software lets companies that ask for their data to be stored in physical isolation to verify that it is, in fact, alone on a server.
Michael Reiter, a professor of computer science at the University of North Carolina who was involved with the work, says he and his collaborators chose to support the most extreme case—where data and processing are so sensitive they must be separated from everyone else’s.
Cloud computing companies use virtual machines so that software can run on any piece of hardware. Multiple virtual machines can run on the same server, but it’s hard for a customer to know when this is occurring. So cloud customers have been unable to tell whether their data is at risk or may have been compromised.
“People now trust the cloud provider to configure the computing environment correctly based on the service-level agreement, but there’s no way to verify that,” says Alina Oprea, a research scientist at RSA Laboratories who was involved with the work. HomeAlone can confirm that data is alone on a server without requiring cooperation from the cloud provider. It detects the presence of any unexpected virtual machines on the server, whether those are attackers trying to steal data or simply virtual machines that have ended up there by mistake.
HomeAlone borrows techniques that are more commonly used by attackers, detecting the presence of other virtual machines on a server via what are known as “side channels.” Side channels are the byproducts of running software: power usage data or the pattern in which software accesses temporary storage.
HomeAlone watches for unexpected use of a part of the memory called the cache—a sign that an unauthorized virtual machine is present. The software coordinates the activity of legitimate virtual machines so that a randomly selected part of the cache goes quiet; if there’s another virtual machine present, it gives itself away by continuing to use that portion of the cache.
HomeAlone can detect unexpected virtual machines at a rate of 80 percent or better, with about 1 percent false positives. But aggressively malicious virtual machines are even more likely to be detected because they will be more actively using the cache.
Bryan Ford, an assistant professor at Yale University who studies decentralized and distributed computer systems, has previously shown that attackers can use side channels to get useful information about the virtual machines running on a shared server—potentially even passwords.
Ford says the amount of information that can be gained from side channels illustrates why companies are right to be nervous about cloud computing. Cloud providers often don’t know what the virtual machines they host are doing, he says, and they don’t want to assume responsibility. Using side channels as a defensive measure is a promising approach, he says, but it could lead to an “arms race that can’t be won.” In other words, attackers might get better at hiding or find new ways to use the side channels against the defenders.
HomeAlone can help only those cloud computing customers who require that their data be physically isolated. “This is not a solution to cloud security en masse,” Reiter says. A lot of work remains to be done to provide similar assurances to other customers.
The researchers are developing a prototype, Oprea says, and the next step is to make the system run on a commercial cloud computing platform to show that it works in practice.