US academics develop cloud attack methodology

The methodology does not, they concede, work all the time, but it does indicate that a side channel attack is an attack vector that the cloud service providers have not yet considered or protected against.

So far the researchers have tried out their attack methodology on the Amazon EC2 cloud service, although they claim it could also be adapted for use with other cloud services.

One solution to this structural weakness is to insist to the service provider that their virtual machines are placed on physical machines that only they can access - or that they and trusted third parties can access.

This solution, say the researchers, is likely to raise the price of the service and may not be available from all cloud service providers.

In their analysis of the side channel attack methodology, the researchers note that their approach does not mean that all cloud services are insecure and should not be used.

Steve Mansfield-Devine, an IT security professional with Webviviant told Infosecurity that the modus operandi used by the researchers is viable and harks back to the early days of online data storage services in the late 1980s.

"Back then, when hard disks were still quite expensive, users of X.25 data services used to rent space on central servers - often available on university computers connected to the Arpanet - and there were similar security issues with multiple users sharing space on a single server environment," he said.

"It's worth noting that, if cloud hackers were to use a pre-paid debit card and a mobile broadband dongle, or access the internet via an internet cafe, their data sessions in the cloud would be all but intraceable," he added.

What’s Hot on Infosecurity Magazine?