Targeted attacks possible in the cloud, researchers warn
Study shows how attackers can search, locate and attack specific targets in a cloud infrastructure
Computerworld - The use of virtualization by cloud service providers to host virtual machines belonging to multiple customers on a shared physical infrastructure is opening up fresh data leak risks, a research report warns.
The report by four researchers at MIT and the University of California at San Diego shows how vulnerabilities in cloud infrastructures could allow attackers to locate and eavesdrop on targeted virtual machines (VMs) anywhere in the cloud.
The attack described in the report was conducted against Amazon's Elastic Computer Cloud (EC2) service. But the vulnerabilities that enable it are generic and would likely affect other cloud providers, said Eran Tromer, a post-doctoral researcher at MIT's Computer Science and Artificial Intelligence Laboratory and one of the authors of the report. The report is scheduled to be presented at the Association for Computing Machinery (ACM) Conference on Computer and Communications Security next month.
The research raises questions about a fundamental assumption about cloud computing which says that data hosted in a cloud is relatively safe from targeted attacks because it's hard to know where in the cloud the data is located. The reserach also comes at a time when concerns are high about security and privacy issues related to cloud computing.
According to Tromer, the research shows that it is possible for attackers to identify the physical server on which a targeted virtual machine is hosted in the cloud. The attackers can then establish a rogue virtual machine on the same machine to go after the victim. A virtual machine is an operating environment created within another larger environment. A VM acts as a self-contained computer within a larger server, with virtual boundaries separating each VM from the other. Multiple VMs can run within one physical server.
The multi-stage attack starts with mapping the internal cloud infrastructure to locate the physical server hosting a target VM. Much of the information needed to glean the location of a target VM hosted in a cloud is contained in the IP address and domain name for that particular machine, Tromer said.
In the case of Amazon's EC2 infrastructure, for instance, analyzing the IP address of a VM can reveal details such as geographic region, as well as the availability zones or specific infrastructure segment it is on, he said.
The IP address also specifies an instance type, indicating the amount of computational power, memory and persistent storage that is available to the virtual machine. In addition, VMs located on the same physical server also tend to have IP addresses that are close to each other and are assigned at the same time.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Gartner Report: A Guide to Gartner's Enterprise Mobile Security Self-Assessment Gartner introduces a model and a Toolkit intended to help mobility and security IT leaders assess their enterprise mobility programs from a security...
- Gartner Report: Containing Mobile Security Risks With the 80/20 Rule IT planners can deliver better mobile protection with higher user satisfaction by segmenting users into risk groups before committing to specific management or...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts