• December 2012
    M T W T F S S
    « Nov   Jan »
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  

How to Steal Data From Your Neighbor in the Cloud

Technology Review (11/08/12) Tom Simonite

RSA researchers have shown that it is possible for software hosted by a cloud-computing provider to steal secrets from software hosted on the same cloud.  The researchers ran malware on hardware designed to mimic the equipment used by cloud companies such as Amazon, and they were able to steal an encryption key used to secure emails from the software belonging to another user.  “The basic lesson is that if you’ve got a highly sensitive workload, you shouldn’t run it alongside some unknown and potentially untrustworthy neighbor,” says RSA’s Ari Juels.  The researchers found that, since virtual machines running on the same physical hardware share resources, the actions of one can hinder the performance of another.  This phenomenon allows an attacker in control of one virtual machine to spy on the data stored in memory attached to one of the processors running in the cloud environment.  The RSA software abused a feature that allows software to get priority access to a physical processor when it needs it.  By regularly asking to use the processor, the attacker could probe the memory cache for evidence of the calculations the victim was performing with the email encryption key.  A worrisome application of this attack would be to use the method to steal the encryption keys used to secure Web sites offering services such as email, shopping, and banking.

MORE

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: