Targeted attacks possible in the cloud, researchers warn
Study shows how attackers can search, locate and attack specific targets in a cloud infrastructure
Computerworld - The use of virtualization by cloud service providers to host virtual machines belonging to multiple customers on a shared physical infrastructure is opening up fresh data leak risks, a research report warns.
The report by four researchers at MIT and the University of California at San Diego shows how vulnerabilities in cloud infrastructures could allow attackers to locate and eavesdrop on targeted virtual machines (VMs) anywhere in the cloud.
The attack described in the report was conducted against Amazon's Elastic Computer Cloud (EC2) service. But the vulnerabilities that enable it are generic and would likely affect other cloud providers, said Eran Tromer, a post-doctoral researcher at MIT's Computer Science and Artificial Intelligence Laboratory and one of the authors of the report. The report is scheduled to be presented at the Association for Computing Machinery (ACM) Conference on Computer and Communications Security next month.
The research raises questions about a fundamental assumption about cloud computing which says that data hosted in a cloud is relatively safe from targeted attacks because it's hard to know where in the cloud the data is located. The reserach also comes at a time when concerns are high about security and privacy issues related to cloud computing.
According to Tromer, the research shows that it is possible for attackers to identify the physical server on which a targeted virtual machine is hosted in the cloud. The attackers can then establish a rogue virtual machine on the same machine to go after the victim. A virtual machine is an operating environment created within another larger environment. A VM acts as a self-contained computer within a larger server, with virtual boundaries separating each VM from the other. Multiple VMs can run within one physical server.
The multi-stage attack starts with mapping the internal cloud infrastructure to locate the physical server hosting a target VM. Much of the information needed to glean the location of a target VM hosted in a cloud is contained in the IP address and domain name for that particular machine, Tromer said.
In the case of Amazon's EC2 infrastructure, for instance, analyzing the IP address of a VM can reveal details such as geographic region, as well as the availability zones or specific infrastructure segment it is on, he said.
The IP address also specifies an instance type, indicating the amount of computational power, memory and persistent storage that is available to the virtual machine. In addition, VMs located on the same physical server also tend to have IP addresses that are close to each other and are assigned at the same time.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts