Information security professionals have had quite a challenge convincing their colleagues, and at times themselves, that the cloud is a safe destination for sensitive data. Although protections have drastically improved in recent years, cloud security continues to be a moving target. And as university researchers recently demonstrated in a proof-of-concept attack, even once-forgotten issues can return to pose new risks as cybercriminals evolve their tactics.
Cloud security best practices may still be in their infancy, but a number of assumptions have already been taken for granted by some. For example, according to Ars Technica, the ability of virtual machines to isolate separate computing tasks from one another has typically been considered a boon to data protection in the cloud. Similarly, encrypting data at rest and in motion has also been viewed as an essential protective measure. But according to research led by Yinqian Zhang and Michael Reiter from the University of North Carolina, isolation and encryption are still imperfect solutions for securing public cloud environments.
"This paper details the construction of an access-driven side-channel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer," the research abstract explained. "This attack is the first such attack demonstrated on a symmetric multiprocessing systems virtualized using a modern VMM (Xen)."
In the described attack method, a cybercriminal would upload his or her crimeware to a VM provisioned on a public cloud server. Once inside the hardware, the malicious VM owner would be able to monitor the activity of its co-residents. Most importantly, researchers engineered a way to extract a private decryption key held by an adjacent tenant on the cloud server.
"The upshot is that isolation in public clouds is imperfect and can potentially be breached," research collaborator Ari Juels told Dark Reading. "So highly sensitive workloads should not be placed in the a public cloud. Our attack is the first solid confirmation of a long hypothesized attack."
This conclusion does come with several caveats. Although the perpetrator can provision infested VMs at will, they have no real way of knowing the actual server stack it will be sitting in. As a result, it becomes much harder to target a specific cloud tenant. More likely, the side-channel attack would be launched to fish for cryptographic credentials that happen to be on the cloud server. According to Ars Technica, core scheduling – which would limit an attack VM's visibility into co-resident cache processes – and the development of side-channel resistant algorithms already appear to be promising countermeasures.
Nevertheless, the demonstration offers one more thing public cloud customers should consider in an era when attacks circulating in the wild can parallel and often eclipse the power of those highlighted in laboratory settings.
Cloud Security News from SimplySecurity.com by Trend Micro