Information Leakage in Cloud Computing
Last Updated: 2009-09-13 00:58:33 UTC
by Toby Kohlenberg (Version: 1)
An interesting paper was published this last week discussing ways of determining the physical system your VM is residing on and influencing that placement. This creates interesting potential for data leakage and discovery of information about the systems that are co-resident on the same hardware.
Yes, I know this is a small step and I'm not arguing that this alone shows that you should never use cloud computing again. However, I would argue that this is exactly the kind of attack that you need to be concerned about as more and more systems are virtualized and put into a cloud. In addition, since most people are used to not thinking about these sorts of attacks, there is a high likelihood that this will be a blind spot in the development of virtualization technology and cloud infrastructure.
The actual paper: http://cseweb.ucsd.edu/~hovav/dist/cloudsec.pdf
A nice summary article about it: http://www.computerworld.com/s/article/9137507/Researchers_find_a_new_way_to_attack_the_cloud
One of my concerns (of many) about cloud computing is if your data is stored on a shared system and someone else who also uses that system has their data subpoenaed for forensic analysis and disclosure in a court case.
There is every chance that in submitting their evidence the forensic analyst may have to submit all of the data they originally sourced, which could be the entire storage system for the shared environment.
For any organisation considering using cloud computing facilities there are a myriad of risks that should be evaluated before handing over the golden-eggs.
I did my own write-up on issues with cloud computing on my blog: http://robson.ph/blog/index.php/bensblog/it-experts-with-their-heads-in-the-cloud
Sep 13th 2009
1 decade ago