How to Steal Data from Your Neighbor in the Cloud
November 9th, 2012It’s not easy, but the description of the attack is pretty interesting.
Via: MIT Technology Review:
The new attack undermines one of the basic assumptions underpinning cloud computing: that a customer’s data is kept completely separate from data belonging to any other customer. This separation is supposedly provided by virtualization technology—software that mimics an instance of a physical computer system. A “virtual machine” offers a familiar system on which to install and run software, hiding the fact that, in reality, all customers are sharing the same complex warehouse-scale computer system.
Juels’s attack depends on finding ways to break that illusion. He found that, because virtual machines running on the same physical hardware share resources, the actions of one can impinge on the performance of the other. Because of this, an attacker in control of one virtual machine can snoop on data stored in memory attached to one of the processors running the cloud environment—memory that serves up recently used data to speed up future access to it—a trick known as a side-channel attack.
“Despite the fact that, in principle, it’s isolated from the victim, the attack virtual machine will catch glimpses of the behavior of the victim through a shared resource,” says Juels.
