New research explores cross-VM attacks in cloud computing

Soft spots in cloud computing could leave data vulnerable to attack, claims a new research paper by several computer scientists. Melodramatically titled "Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds," the paper explored various attack methods on cloud-hosted computing resources such as Microsoft's Azure and Amazon's EC2.

The highly technical paper explored many plausible attacks, which range from what it calls cross-VM information leakage--in which perpetrators attempt to estimate traffic rates coming from competitors--to stealing cryptographic keys from a target.

And while the paper focused on an environment involving the Linux operating system, it explicitly noted that the same issues should apply to other guest operating systems as well.

More chillingly, a significant chunk of the paper was devoted to various automated ways to perform network probing in order to determine actual internal location of a target site, and various ways to force the placement of an attack cloud instance near to the target. While no tool kit or actual working attacks were detailed, it would appear that security based on obscurity in the clouds will likely afford no protection before long.

For more on this story:
- check out this article at DarkReading
- download the research paper (pdf)

Related Articles:
Forrester: Greated scrutiny needed for cloud security versus traditional IT outsourcing
Cisco: Cloud computing a security nightmare
Survey: Most businesses not attending to cloud security