I’ve posted several notes here about some of the privacy and security implications of the trend toward “cloud computing”, in which data storage and processing are carried out, not on the user’s machine, but on servers provided by an Internet-based computing utility. In a post back in September, I talked about a new class of security vulnerabilities that had the potential to compromise cloud services run on virtual machines, if the attackers could run a virtual machine on the same physical server as their target.
These vulnerabilities exist because existing virtual machine technology, for the most part, is not able to completely isolate virtual machines from one another; and, in any case, at some level the software that manages the virtual machines running on a server must know about them. It turns out that this knowledge can be used to improve security, too. A recent article in Technology Review discusses some recent research carried out by IBM’s Watson Research Center and Zürich Research Lab, in which the researchers developed a technique they call “introspection monitoring” to try to detect malicious behavior by one or more virtual machines.
“It works by looking inside the virtual machine and trying to infer what it does. You don’t want malicious clients to give you all kinds of malware in their virtual machines that you will run in the cloud,” says Radu Sion, a computer scientist at Stony Brook University, who was not involved in the research.
In effect, the technique takes advantage of the same lack of total isolation that creates the vulnerabilities to watch for behavior that might indicate malicious activity or intent.
The research was presented at the recent ACM Cloud Computing Security Workshop, sponsored by Microsoft Research and held in conjunction with the ACM Conference on Computer and Communications Security. At this point, the actual papers do not seem to be available on the Web, but there are two slide sets, here [PDF] and here [PDF] from the presentation.
The cloud computing environment does present some new security challenges and issues; but it also opens up some new possibilities in terms of detecting and preventing attacks. It’s good to see that possibility is not being neglected.