• ‘Cloud Cartography’ and Security

    • By: Rich Miller
      August 31st, 2009

    Can Internet attackers target a particular virtual machine on a large public cloud platform? Craig Balding at Cloud Security points to a paper from researchers at MIT and Cal-San Diego titled “Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds (PDF).” Here’s a summary:

    “Using the Amazon EC2 service as a case study, we show that it is possible to map the internal cloud infrastructure, identify where a particular target VM is likely to reside, and then instantiate new VMs until one is placed co-resident with the target. We explore how such placement can then be used to mount cross-VM side-channel attacks to extract information from a target VM on the same machine.”

    Craig says the paper is important in highlighting new avenues of attack for cloud security professionals to understand and defend. “There’s no EC2 ’0-day’, but that’s not the intent of the paper,” Balding writes. “Rather, we are reminded that cloud platforms and technologies do bring some novel attacks that thus far have not really figured in much of the security conversation to date. We need more of this type of research to better understand what we are getting ourselves into.”

    About

    Rich Miller is the founder and editor-in-chief of Data Center Knowledge, and has been reporting on the data center sector since 2000. He has tracked the growing impact of high-density computing on the power and cooling of data centers, and the resulting push for improved energy efficiency in these facilities.

    • Sign up for the Data Center Knowledge Newsletter

    Get daily email alerts direct to your inbox.

    akapoo

    Posted September 21st, 2009

    Cloud Security online summit-http://bit.ly/10zkvC

    Thought leaders from eBay,Capgemini & HP will discuss cloud threat landscape, Cloud identity & access mgmt & innovations

    What?
    Industry Thought Leaders will dive into the different security options available across multiple cloud architectures, and case studies and association presentations will further illustrate the security issues facing the cloud today.

    Who?

    Miranda Mowbray, Hewlett-Packard, Senior Technical Contributor
    Jim Reavis, Cloud Security Alliance
    Liam Lynch, Chief Security Strategist, eBay
    Jinesh Varia, Technology Evangelist, Amazon Web Services
    Lee Newcombe, Capgemini, Principal Consultant

    Enables vibrant exchange of ideas between Thought Leaders and viewers
    Provides Thought Leadership, Best Practices and Case Studies

    Can Internet attackers target a particular virtual machine on a large public cloud platform? « NewServers: Bare Metal Cloud

    Posted October 16th, 2009

    [...] http://www.datacenterknowledge.com/archives/2009/08/31/cloud-cartography-and-security/ [...]

    Guy Hammer

    Posted March 23rd, 2010

    Conclusion: users with sensitive data should insist on using physical machines populated only with their own VMs…as this is the only foolproof solution to this problem.

    Add Your Comments

      RESOURCE LINKS:

Sign up for the Data Center Knowledge Newsletter

Get daily email alerts direct to your inbox.

ARCHIVED ARTICLES