a central point for collection of information as it relates to cloud computing in the government
Cloud Security Vulnerability White Paper
October 29, 2009 at 9:00 am #84065
Title:Hey, You, Get Off of My Cloud:
Exploring Information Leakage in Third-Party Compute Clouds
Author(s)Thomas Ristenpart; Eran Tromer; Hovav Shacham; Stefan Savage
Third-party cloud computing represents the promise of out-sourcing as applied to computation. Services, such as Microsoft’s Azure and Amazon’s EC2, allow users to instantiate virtual machines (VMs) on demand and thus purchase precisely the capacity they require when they require it. In turn, the use of virtualization allows third-party cloud providers to maximize the utilization of their sunk capital costs by multiplexing many customer VMs across a shared physical infrastructure. However, in this paper, we show that this approach can also introduce new vulnerabilities. Using the Amazon EC2 service as a case study, we show that it is possible to map the internal cloud infrastructure, identify where a particular target VM is likely to reside, and then instantiate new VMs until one is placed co-resident with the target. We explore how such placement can then be used to mount cross-VM side-channel attacks to extract information from a target VM on the same machine.
October 29, 2009 at 9:18 am #84070
A newstory from Computerworld.com
Targeted attacks possible in the cloud, researchers warn
Study shows how attackers can search, locate and attack specific targets in a cloud infrastructure
October 28, 2009 (Computerworld) The use of virtualization by cloud service providers to host virtual machines belonging to multiple customers on a shared physical infrastructure is opening up fresh data leak risks, a research report warns.
The report by four researchers at MIT and the University of California at San Diego shows how vulnerabilities in cloud infrastructures could allow attackers to locate and eavesdrop on targeted virtual machines (VMs) anywhere in the cloud.
The attack described in the report was conducted against Amazon’s Elastic Computer Cloud (EC2) service. But the vulnerabilities that enable it are generic and would likely affect other cloud providers, said Eran Tromer, a post-doctoral researcher at MIT’s Computer Science and Artificial Intelligence Laboratory and one of the authors of the report. The report is scheduled to be presented at the Association for Computing Machinery (ACM) Conference on Computer and Communications Security next month.
The research raises questions about a fundamental assumption about cloud computing which says that data hosted in a cloud is relatively safe from targeted attacks because it’s hard to know where in the cloud the data is located. The reserach also comes at a time when concerns are high about security and privacy issues related to cloud computing.
According to Tromer, the research shows that it is possible for attackers to identify the physical server on which a targeted virtual machine is hosted in the cloud. The attackers can then establish a rogue virtual machine on the same machine to go after the victim. A virtual machine is an operating environment created within another larger environment. A VM acts as a self-contained computer within a larger server, with virtual boundaries separating each VM from the other. Multiple VMs can run within one physical server.
The multi-stage attack starts with mapping the internal cloud infrastructure to locate the physical server hosting a target VM. Much of the information needed to glean the location of a target VM hosted in a cloud is contained in the IP address and domain name for that particular machine, Tromer said.
In the case of Amazon’s EC2 infrastructure, for instance, analyzing the IP address of a VM can reveal details such as geographic region, as well as the availability zones or specific infrastructure segment it is on, he said.
The IP address also specifies an instance type, indicating the amount of computational power, memory and persistent storage that is available to the virtual machine. In addition, VMs located on the same physical server also tend to have IP addresses that are close to each other and are assigned at the same time.
The data gives attackers an idea of the parameters needed to establish a rogue VM on the same physical server as the target VM. They can then proceed to do this by instantiating new VMs until one is placed “co-resident with the target server,” Tromer said.
Attackers can significantly boost their chances of achieving “co-residency” by launching a denial-of service-attack against the target server and forcing it to expand capacity by adding new VMs. If the hackers simultaneously request new VMs of their own, their chances of getting one on the same physical machine as the target, is significantly increased.
According to Tromer, once an attacker gains access to the same physical server as the target VM, the attacker can monitor shared resources on the server to make highly educated inferences about the target VM.
For instance, by monitoring CPU and memory cache utilization on the shared server, an attacker could determine periods of high activity on the target servers, estimate high-traffic rates and even launch keystroke timing attacks to gather passwords and other data from the target server, Tromer said. These “side-channel attacks” have proved highly successful in non-cloud contexts so there’s no reason why they shouldn’t work in a cloud environment, he said.
“The basic vulnerabilities, such as architectural side-channels, are inherent to virtualization technology used by all infrastructure-as-a-service cloud providers,” Tromer said.
What the research shows is that until cloud providers can guarantee impermeable partitions between virtual machines on a single server, customers should try as much as possible to avoid sharing physical servers with others in the cloud, he added.
Amazon did not respond to requests for comment. But in comments made to the MIT Technology Review, a spokesman said that Amazon has already rolled out safeguards to protect against the mapping techniques described in the research paper.
The company also refuted the notion that side-channel methods could be used to steal information from a VM on a shared physical server. In comments to the MIT Review, the Amazon spokesman said the researchers had tested such attacks in a “carefully controlled lab configuration that do not match the Amazon EC2 environment.”
Copyright © 1994 – 2009 Computerworld Inc.
October 29, 2009 at 9:22 am #84068
Amazon’s response according to an article in Computerworld.com
Amazon downplays report highlighting vulnerabilities in its cloud service
Hypothetical example described in report much harder to pull off in reality, company says
October 28, 2009 (Computerworld) Amazon said today that it has taken steps to mitigate a security issue in its cloud computing infrastructure that was identified recently by researchers from MIT and the University of California at San Diego.
The report described how attackers could search for, locate and attack specific targets in Amazon’s Elastic Computer Cloud (EC2) because of certain underlying vulnerabilities in the infrastructure.
Though the attack described in the report was conducted against Amazons infrastructure, the researchers concluded that similar targeted attacks could be carried out in other cloud services as well because the vulnerabilities were generic.
In response, Amazon spokeswoman Kay Kinton said today that the report describes cloud cartography methods that could increase an attacker’s probability of launching a rogue virtual machine (VM) on the same physical server as another specific target VM.
What remains unclear, however, is how exactly attackers would be able to use that presence on the same physical server to then attack the target VM, Kinton told Computerworld via e-mail.
The research paper itself described how potential attackers could use so-called “side-channel” attacks to try and try and steal information from a target VM. The researchers had argued that a VM sitting on the same physical server as a target VM, could monitor shared resources on the server to make highly educated inferences about the target VM.
By monitoring CPU and memory cache utilization on the shared server, an attacker could determine periods of high-activity on the target servers, estimate high-traffic rates and even launch keystroke timing attacks to gather passwords and other data from the target server, the researchers had noted.
Such side-channel attacks have proved highly successful in non-cloud contexts, so there’s no reason why they shouldn’t work in a cloud environment, the researchers postulated.
However, Kinton characterized the attack described in the report as “hypothetical,” and one that would be “significantly more difficult in practice.”
“The side channel techniques presented are based on testing results from a carefully controlled lab environment with configurations that do not match the actual Amazon EC2 environment,” Kinton said.
“As the researchers point out, there are a number of factors that would make such an attack significantly more difficult in practice,” she said.
At the same time, Amazon takes all reports of vulnerabilities in its cloud infrastructure very seriously, she said. The company will continue to investigate potential exploits thoroughly and continue to develop features bolster security for users of its cloud service, she said.
Amazon Web Services has already rolled out safeguards that prevent potential attackers from using the cartography techniques described in the paper, Kinton said without offering any details.
She also pointed to the recently launched Amazon Web Service Multi-Factor Authentication (AWS MFA) as another example of the company’s continuing effort to bolster cloud security. AWS MFA is designed to provide an extra layer access control to a customer’s Web services account, Kinton said.
The research report that highlighted the security issues in cloud computing infrastructures is scheduled to be presented at the ACM Conference on Computer and Communications Security next month.
Copyright © 1994 – 2009 Computerworld Inc
You must be logged in to reply to this topic.