Intelligent Machines

Spotting Virtual Intruders

Researchers propose using hacker tactics to secure cloud computing systems.

Handing sensitive data over to a cloud computing provider makes many companies skittish. But new software, called HomeAlone, could help them come to terms with using such services.

Cloud computing can save companies money by providing inexpensive, flexible storage and processing resources that are managed for them. All the same, many companies remain hesitant to turn their data over to a third party.

Cloud computing platforms provide a single point of entry for large amounts of company data, and providers often host customers’ data in virtual environments that span many different machines. Researchers say this architecture could be exploited to gain access to private data.

Some organizations, such as NASA, demand that cloud providers store their data on machines that no one else uses. But even that is not enough of a guarantee for some. Until now, it’s been almost impossible to verify that sensitive data is indeed isolated.

HomeAlone, which will be presented in May at the IEEE Symposium on Security and Privacy, takes a first step toward assuring companies that their data is secure. The software lets companies that ask for their data to be stored in physical isolation to verify that it is, in fact, alone on a server.

Michael Reiter, a professor of computer science at the University of North Carolina who was involved with the work, says he and his collaborators chose to support the most extreme case—where data and processing are so sensitive they must be separated from everyone else’s.

Cloud computing companies use virtual machines so that software can run on any piece of hardware. Multiple virtual machines can run on the same server, but it’s hard for a customer to know when this is occurring. So cloud customers have been unable to tell whether their data is at risk or may have been compromised.

“People now trust the cloud provider to configure the computing environment correctly based on the service-level agreement, but there’s no way to verify that,” says Alina Oprea, a research scientist at RSA Laboratories who was involved with the work. HomeAlone can confirm that data is alone on a server without requiring cooperation from the cloud provider. It detects the presence of any unexpected virtual machines on the server, whether those are attackers trying to steal data or simply virtual machines that have ended up there by mistake.

HomeAlone borrows techniques that are more commonly used by attackers, detecting the presence of other virtual machines on a server via what are known as “side channels.” Side channels are the byproducts of running software: power usage data or the pattern in which software accesses temporary storage.

HomeAlone watches for unexpected use of a part of the memory called the cache—a sign that an unauthorized virtual machine is present. The software coordinates the activity of legitimate virtual machines so that a randomly selected part of the cache goes quiet; if there’s another virtual machine present, it gives itself away by continuing to use that portion of the cache.

HomeAlone can detect unexpected virtual machines at a rate of 80 percent or better, with about 1 percent false positives. But aggressively malicious virtual machines are even more likely to be detected because they will be more actively using the cache.

Bryan Ford, an assistant professor at Yale University who studies decentralized and distributed computer systems, has previously shown that attackers can use side channels to get useful information about the virtual machines running on a shared server—potentially even passwords.

Ford says the amount of information that can be gained from side channels illustrates why companies are right to be nervous about cloud computing. Cloud providers often don’t know what the virtual machines they host are doing, he says, and they don’t want to assume responsibility. Using side channels as a defensive measure is a promising approach, he says, but it could lead to an “arms race that can’t be won.” In other words, attackers might get better at hiding or find new ways to use the side channels against the defenders.

HomeAlone can help only those cloud computing customers who require that their data be physically isolated. “This is not a solution to cloud security en masse,” Reiter says. A lot of work remains to be done to provide similar assurances to other customers.

The researchers are developing a prototype, Oprea says, and the next step is to make the system run on a commercial cloud computing platform to show that it works in practice.

Tech Obsessive?
Become an Insider to get the story behind the story — and before anyone else.

Subscribe today

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe and become an Insider.
  • Insider Premium {! insider.prices.premium !}*

    {! insider.display.menuOptionsLabel !}

    Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

    See details+

    What's Included

    Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

    First Look: exclusive early access to important stories, before they’re available to anyone else

    Insider Conversations: listen in on in-depth calls between our editors and today’s thought leaders

  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus ad-free web experience, select discounts to partner offerings and MIT Technology Review events

    See details+

    What's Included

    Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning magazine and daily delivery of The Download, our newsletter of what’s important in technology and innovation.

    See details+

    What's Included

    Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.