Skip the navigation

Targeted attacks possible in the cloud, researchers warn

Study shows how attackers can search, locate and attack specific targets in a cloud infrastructure

October 28, 2009 11:43 AM ET

Computerworld - The use of virtualization by cloud service providers to host virtual machines belonging to multiple customers on a shared physical infrastructure is opening up fresh data leak risks, a research report warns.

The report by four researchers at MIT and the University of California at San Diego shows how vulnerabilities in cloud infrastructures could allow attackers to locate and eavesdrop on targeted virtual machines (VMs) anywhere in the cloud.

The attack described in the report was conducted against Amazon's Elastic Computer Cloud (EC2) service. But the vulnerabilities that enable it are generic and would likely affect other cloud providers, said Eran Tromer, a post-doctoral researcher at MIT's Computer Science and Artificial Intelligence Laboratory and one of the authors of the report. The report is scheduled to be presented at the Association for Computing Machinery (ACM) Conference on Computer and Communications Security next month.

The research raises questions about a fundamental assumption about cloud computing which says that data hosted in a cloud is relatively safe from targeted attacks because it's hard to know where in the cloud the data is located. The reserach also comes at a time when concerns are high about security and privacy issues related to cloud computing.

According to Tromer, the research shows that it is possible for attackers to identify the physical server on which a targeted virtual machine is hosted in the cloud. The attackers can then establish a rogue virtual machine on the same machine to go after the victim. A virtual machine is an operating environment created within another larger environment. A VM acts as a self-contained computer within a larger server, with virtual boundaries separating each VM from the other. Multiple VMs can run within one physical server.

The multi-stage attack starts with mapping the internal cloud infrastructure to locate the physical server hosting a target VM. Much of the information needed to glean the location of a target VM hosted in a cloud is contained in the IP address and domain name for that particular machine, Tromer said.

In the case of Amazon's EC2 infrastructure, for instance, analyzing the IP address of a VM can reveal details such as geographic region, as well as the availability zones or specific infrastructure segment it is on, he said.

The IP address also specifies an instance type, indicating the amount of computational power, memory and persistent storage that is available to the virtual machine. In addition, VMs located on the same physical server also tend to have IP addresses that are close to each other and are assigned at the same time.



Our Commenting Policies