Page 175 - How Cloud Computing Is Transforming Business and Why You Cant Afford to Be Left Behind
P. 175
D ANGERS ABOUND: SECURITY IN THE C L O UD
“visible to anyone in the cloud.” Address numbers that are
close together are often sharing the same hardware in EC2,
the Review said, so through trial and error, a snooper could try
to place one of its virtual machines on the same servers.
“It is possible to carefully monitor how access to resources
fluctuates and thereby potentially glean sensitive information
about the victim,” said the report. It didn’t make it clear what
information might be gleaned from resource use, but many
security researchers have worried that it would be possible for
one virtual machine to spy on another if it could watch the ac-
tivity of the hypervisor. All virtual machines on the same phys-
ical server share one hypervisor, and each virtual machine’s
calls for hardware services must pass through the hypervisor.
In the same report, Eran Tromer, a postdoctoral researcher
in MIT’s Computer Science and Artificial Intelligence Labo-
ratory, and three colleagues from the University of California
at San Diego said that such a snooping attack was more likely
to succeed if the listener generated his virtual machines at the
same time as the target did. If a potential target company is
running its Web site in the cloud, the snooper could flood the
site with activity, prompting it to start up more virtual ma-
chines. The attacker would then create virtual machines at the
same time and have a good prospect of landing on the same
physical server, Tromer said.
One possible use for such a position would be to “listen to”
an idle virtual machine nearby in order to sense activity on the
server when it starts up. A small spike in activity might indicate
that a user was typing a password into the virtual machine’s ap-
plication. If keystrokes within the spike could be detected by
155
