Cloud computing teaches people not to worry about physical equipment for hosting data and running software. But a new study suggests that this could be a costly mistake.

Researchers at University of Wisconsin, University of North Carolina at Chapel Hill, and the computer security company RSA have shown it is possible for software hosted by a cloud-computing provider to steal secrets from software hosted on the same cloud. In their experiment, they ran malicious software on hardware designed to mimic the equipment used by cloud companies such as Amazon. They were able to steal an encryption key used to secure e-mails from the software belonging to another user.

The attack demonstrated is so complex that it is unlikely to be a danger to customers of any cloud platform today, but the experiment answers a longstanding question about whether such attacks are even possible. The proof suggests that some very valuable data should not be entrusted to the cloud at all, says Ari Juels, chief scientist at RSA and director of the company’s research labs. “The basic lesson is that if you’ve got a highly sensitive workload, you shouldn’t run it alongside some unknown and potentially untrustworthy neighbor,” says Juels.

One reason cloud computing is growing fast is that businesses can save money thanks to the economies of scale that come from large warehouses of computers taking over work previously done by much smaller-scale in-house operations. RSA’s work might give pause to companies and government departments contemplating moving more of their systems to the cloud.

The new attack undermines one of the basic assumptions underpinning cloud computing: that a customer’s data is kept completely separate from data belonging to any other customer. This separation is supposedly provided by virtualization technology—software that mimics an instance of a physical computer system. A “virtual machine” offers a familiar system on which to install and run software, hiding the fact that, in reality, all customers are sharing the same complex warehouse-scale computer system.

Juels’s attack depends on finding ways to break that illusion. He found that, because virtual machines running on the same physical hardware share resources, the actions of one can impinge on the performance of the other. Because of this, an attacker in control of one virtual machine can snoop on data stored in memory attached to one of the processors running the cloud environment—memory that serves up recently used data to speed up future access to it—a trick known as a side-channel attack.

“Despite the fact that, in principle, it’s isolated from the victim, the attack virtual machine will catch glimpses of the behavior of the victim through a shared resource,” says Juels.

The software developed by Juels abused a feature that allows software to get priority access to a physical processor when it needs it. By regularly asking to use the processor, the attacker could probe the memory cache for evidence of the calculations the victim was performing with his or her e-mail encryption key.

The attacker could not directly read the victim’s data, but by noting how quickly it could write data to the cache, it could infer some hints about what had been left in there by its victim. “The attack VM will catch glimpses of the behavior of the victim,” says Juels. By collecting thousands of these glimpses, it was eventually possible to reveal the full encryption key.

Despite its complexity, the researchers say that cloud providers and customers should take the threat seriously. “Defenses are challenging,” says Juels, who has informed Amazon about his work.

Michael Bailey, a computer security researcher at the University of Michigan, notes that the software attacked—an e-mail encryption program called GNUPrivacy guard—is known to leak information, and that the experiment wasn’t carried out inside a real commercial cloud environment. However, he says, the result is significant and will inspire other researchers—and perhaps real attackers—to prove that such attacks can be practical.

“The reason I’m excited is that someone’s finally given an example of a side-channel attack,” says Bailey. “It’s a proof of concept that raises the possibility that this can be done—it will motivate people to look for more serious versions.”

A particularly concerning demonstration would be to use the method to steal the encryption keys used to secure websites offering services such as e-mail, shopping, and banking, says Bailey, although that would be much more challenging. Juels says he’s working on exploring how far he can push his new style of attack.