Page 176 - How Cloud Computing Is Transforming Business and Why You Cant Afford to Be Left Behind
P. 176
MANA GEMENT STRATEGIES F O R THE CL OUD R EV OL UTION
the level of activity on the server, then in some cases the tim-
ing of the keystrokes would reveal the password, he said. That
is, certain letters are habitually struck closer together or far-
ther apart than others, a perhaps tenuous detection method.
But the security researchers say that it can be made to work.
Other “side-channel information” inferred from listening
techniques could reveal a great deal about a target. Tromer’s
team probed EC2 to reach its conclusions, and he was quoted
by the Review as saying, “We firmly believe these vulnerabilities
are generic to current virtualization technology and will affect
other [cloud] providers as well.” The technique where some-
one seeks to map a cloud to find a target of choice is called
“cartography.”
Amazon’s spokeswoman Kay Kinton responded to these
claims. “The side channel techniques presented are based on
testing results from a carefully controlled lab environment
with configurations that do not match the actual Amazon EC2
environment. As the researchers point out, there are a num-
ber of factors that would make such an attack significantly
more difficult in practice.” She also said that Amazon has put
safeguards in place that prevent attackers from using such car-
tography techniques.
Other writers, such as Nitesh Dhanjani, writing on the
O’Reilly open source blog, OnLamp.com, say that there’s an
implicit threat in any given cloud where thousands of virtual
machines are being reproduced based on one model. He calls
it the “threat of mono-culture.” In a virtual machine mono-
culture, such as look-alike AMIs, a vulnerability contained in
one “will apply to all other instances of the same image. If an
156
