Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Information Leakage in Cloud Computing

Published: 2009-09-13
Last Updated: 2009-09-13 00:58:33 UTC
by Toby Kohlenberg (Version: 1)
1 comment(s)

An interesting paper was published this last week discussing ways of determining the physical system your VM is residing on and influencing that placement. This creates interesting potential for data leakage and discovery of information about the systems that are co-resident on the same hardware.

Yes, I know this is a small step and I'm not arguing that this alone shows that you should never use cloud computing again. However, I would argue that this is exactly the kind of attack that you need to be concerned about as more and more systems are virtualized and put into a cloud. In addition, since most people are used to not thinking about these sorts of attacks, there is a high likelihood that this will be a blind spot in the development of virtualization technology and cloud infrastructure.

The actual paper: http://cseweb.ucsd.edu/~hovav/dist/cloudsec.pdf

A nice summary article about it: http://www.computerworld.com/s/article/9137507/Researchers_find_a_new_way_to_attack_the_cloud

Keywords:
1 comment(s)
Diary Archives