New Type of Cloud Computing Vulnerability?
The MIT Technology Review magazine recently reported that next month Eran Tromer, a postdoctoral reseacher at MIT’s Computer Science and Artificial Intelligence Lab, will present research suggesting that Amazon’s EC 2, an Infrastructure-as-a-Service cloud computing offering, may be vulnerable to a form of eavesdropping and other attacks. Tromer and his fellow researchers (who are from UCSD) believe the attack techniques could potentially work against other cloud services, as well. Amazon claims that the techniques described in the paper will not work in practice.
The research paper itself, colorfully titled “ Hey, You, Get Off of My Cloud:Exploring Information Leakage in Third-Party Compute Clouds ” is available from Tromer’s home page, and will be presented at CCSW 2009: The ACM Cloud Computing Security Workshop, happening 13-November-2009 in Chicago (logistics info below). Until then additional details may be hard to come by, but the MIT Technology Review article reports that the key concept is for hackers to gain a VM on the same physical machine used by a specific target (i.e., the “victim”) VM.
How could a hacker manage to get a VM on the same machine as a specific application they want to target? Apparently, the IP addresses for VMs on the same physical server tend to be next to each other, and also tend to be assigned at the same time. By launching a Denial of Service attack against a target site, a hacker might be able to force it to request more VMs… if the hacker also simultaneously request VMs, there’s some chance they might get one on the same physical machine as the target.
Using this technique, the researchers believe they can raise the odds of getting on the chosen physical machine up to 40%.
You might be wondering, even if a hacker gets a VM on the same physical machine as a target, what good would that do the hacker? Tromer and his colleagues claim that by monitoring resources available to the VM that they do control they can infer information about the operation of the target application VM that also sits on the same server. The researchers believe that knowing this resource utilization information for a targeted application could help a hacker make deductions about information that should be confidential or secret.
Is there a way to mitigate this risk? The authors discuss some options that would make it difficult to successfully use this exploit technique, but argue that the only certain way to protect against this kind of attack is to use all the VMs on a server so malicious parties have no opportunity to get a VM on the same physical machine.
I should note that the authors’ findings are based on analysis of Amazon’s EC2 cloud service, and also on experimental results from work with a private “EC2-like” Infrastructure-as-a-Service cloud that they set up and operated themselves (that is, experiments were not done on EC2 itself). It’s also not clear (to me, at least) if the exploit techniques described in the research could be used on a Platform-as-a-Service cloud, such as Windows Azure.
Even so, cloud computing will be with us for a long time… it’s worth watching and understanding these kinds of security vulnerability claims as they emerge, even if they ultimately prove not to be practicably exploitable (as Amazon claims is the case here).
If you’re interested in learning more about this research from the researchers themselves, check out CCSW 2009: The ACM Cloud Computing Security Workshop. This CCSW 2009 is a one day workshop that will run from about 8am-6pm at the Hyatt Regency Chicago. It’s a “post-conference” for the larger 16th ACM Conference on Computer and Communications Security (which itself runs 4 days, from 9-13 November), and also at the Hyatt Regency Chicago.
Technorati Tags: Cloud,Security
Comments
Anonymous
October 27, 2009
This cloud vulnerability seems very shady to me. I think they are grasping at straws a bit.Anonymous
October 27, 2009
Hi Craig, The approach struck me as impractical at first, as well... in most instances it probably wouldn't work in practice. I wonder, though, if there are some situations where it could work for a sophisticated and determined attacker? I've seen a lot of impractical things become practical over time. :) Definitely an interesting area to watch!