Amazon said today that it has taken action to mitigate a security weaknesses in its cloud computing infrastructure highlighted by researchers.The report from researchers at MIT and the University of California,described how attackers could search for, locate and attack specific targets in Amazon's Elastic Computer Cloud (EC2) because of underlying vulnerabilities in the infrastructure.
Though the attack described in the report was conducted against Amazon's infrastructure, the researchers concluded that similar targeted attacks could be carried out in other cloud services as well because the vulnerabilities were generic.
In response, Amazon spokeswoman Kay Kinton said that the report describes cloud cartography methods that could increase at attacker's probability of launching a rogue virtual machine (VM) on the same physical server as another specific target VM.
What remains unclear, however, is how exactly attackers would be able to use that presence on the same physical server to then attack the target VM.
The research paper itself described how potential attackers could use so-called "side-channel" attacks to try and try and steal information from a target VM. The researchers had argued that a VM sitting on the same physical server as a target VM, could monitor shared resources on the server to make highly educated inferences about the target VM.
By monitoring CPU and memory cache utilization on the shared server, an attacker could determine periods of high-activity on the target servers, estimate high-traffic rates and even launch keystroke timing attacks to gather passwords and other data from the target server, the researchers had noted.
Such side-channel attacks have proved highly successful in non-cloud contexts, so there's no reason why they shouldn't work in a cloud environment, the researchers postulated.
However, Kinton characterised the attack described in the report as "hypothetical," and one that would be "significantly more difficult in practice."
"The side channel techniques presented are based on testing results from a carefully controlled lab environment with configurations that do not match the actual Amazon EC2 environment," Kinton said.
"As the researchers point out, there are a number of factors that would make such an attack significantly more difficult in practice," she said.
Return to hosting news headlines
View Hosting News Archive