Late last week, Technology Review carried a news article about a research paper by a group of scientists in MIT’s Computer Science and Artificial Intelligence Laboratory and their collaborators from the University of California at San Diego. These researchers conducted their studies on the Amazon EC2 ecosystem and concluded that it is vulnerable to eavesdropping and malicious VM attacks. Even though the research was conducted on Amazon’s infrastructure, it could also apply to other providers including Rackspace. The study based on a mapping process known as cartography is not a kind of threat which the naysayers of cloud computing fantasize in their dreams but it is definitely something that can be categorized as a “low level threat”.
Well, to be specific, this is not an attack that is unique to Cloud Computing per se but it applies to any ecosystem of virtual machines. This becomes interesting in the case of public clouds for the following reason(s). In the traditional in-house datacenter approach to computing, the security team had a fairly good idea of what is happening in their virtual machines and it was also “completely secured” from the outside world in the sense of a traditional enterprise security. At least from the point of view of the enterprise security beliefs, an outside attacker cannot (well, would not) use the technique described in the paper to carry out the malicious attacks. Plus, the enterprise security team had a (false) sense of confidence that they will be able to keep tab on the integrity of all the virtual machines running inside their datacenter.
When the enterprises move their computing needs from the confines of their own datacenters to public clouds,
- unlike their experience in the traditional datacenters, they lose control over their virtual machines and they, themselves, have no idea, at least theoretically, about where their virtual machines are located.
- they have no idea about the neighboring virtual machines in the server and neighboring servers in the network.
- the fact that their virtual machines are outside of the network topology means they cannot do much to improve the security and, rather, rely on the expertise of the provider.
This is clearly not something which the enterprise security team wants to tackle. Under such a scenario, if a study says that there is a 40% chance to identify the exact location of a particular virtual machine by just spending few dollars (essentially, taking advantage of the economics of public clouds) and there is a theoretical possibility to insert a rogue virtual machine to either keep a tab on what is happening on the victim VM (eaves dropping) or launch a malicious attack, it will clearly cause concern among the people who are planning to use public clouds for their computing needs. Especially, at a time when the enterprise customers are slowly warming up to the idea of losing control over their computing and trusting the public clouds, this is bound to stir up fear and confusion.
I am pretty surprised by the hand waving reaction of Amazon to this study. According to both Technology Review and Computer World, Amazon seems to have dismissed about the realistic chances of these hypothetical examples. Even though they seem to admit to the possibilities of identifying the target VM using the cartography methods, they de-emphasize the impact by saying that the paper doesn’t explain how the attackers will use the presence to attack the target VM. Come on guys, this is plain naive argument. It is equivalent to saying we do agree that thieves will enter the house but there is no clear explanation about how they will break the cupboard and pick up the teacups. If Amazon is really serious about luring the enterprise customers, it is important that they take even the “low level” threats seriously and explain to the customers and potential customers how they will mitigate the risks associated with such threats. Unless they are transparent about the security issues inside their ecosystem, we won’t be seeing large scale enterprise adoption.
If you ask the CTO of Enstratus, Mr. George Reese, they are moving in the right direction. I also hope that they are learning fast and taking steps to be more transparent. It is not just the case of Amazon, every cloud infrastructure provider should be transparent about the steps they take to protect their computing resources.