• October 2009
    M T W T F S S
    « Sep   Nov »
  • Advertisements

Vulnerability Seen in Amazon’s Cloud-Computing.

Technology Review (10/23/09) Talbot, David

A new study by researchers from the Massachusetts Institute of Technology (MIT) and the University of California, San Diego (UCSD) suggests that leading cloud-computing services may be vulnerable to eavesdropping and malicious attacks. The study found that it may be possible for attackers to accurately map where a target’s data is physically located within the cloud and use various strategies to collect data. MIT postdoctoral researcher Eran Tromer says the vulnerabilities uncovered in the study, which only tested Amazon.com’s Elastic Computer Cloud (EC2) service, are likely present in current virtualization technology and will affect other cloud providers. The attack used in the study involves first determining which physical servers a victim is using within a cloud, implanting a virus on those servers, and then attacking the victim. The researchers demonstrated that once the malicious virtual machine is on the target’s server, the malware can carefully monitor how access to resources fluctuates, potentially allowing the attacker to glimpse sensitive information about the victim. The attack capitalizes on the fact that virtual machines still have IP addresses visible to anyone within the cloud. The researchers found that nearby addresses often share the same physical hardware within the cloud, so an attack can set up numerous virtual machines, look at their IP addresses, and determine which ones share a server as the target. It may even be possible to detect the victim’s passwords using a keystroke attack, Tromer says. Amazon’s Kay Kinton says that Amazon has deployed safeguards that prevent attackers from using the techniques described in the study.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: