1. news
Technology | DOI:10.1145/1839676.1839683 Gary Anthes
security in the cloud
Cloud computing offers many advantages, but also involves security
risks. Fortunately, researchers are devising some ingenious solutions.
C
o M Pu T I Ng May So Me day be
organized as a public util-
ity, just as the telephone
system is a public utility,”
Massachusetts Institute of
Technology (MIT) computer science
pioneer John McCarthy noted in 1961.
We aren’t quite there yet, but cloud
computing brings us close. Clouds
are all the rage today, promising con-
venience, elasticity, transparency,
and economy. But with the many ben-
efits come thorny issues of security
and privacy.
The history of computing since the
1960s can be viewed as a continuous
move toward ever greater specializa-
tion and distribution of computing
resources. First we had mainframes,
and security was fairly simple. Then
we added minicomputers and desktop
and laptop computers and client-server
models, and it got more complicated. cloud computing simplifies security issues for users by outsourcing them to companies such
These computing paradigms gave way as microsoft, which recently opened a $550 million data center in chicago.
in turn to n-tier and grid computing
and to various types of virtualization. rity management in the cloud. A cell, take action accordingly. They might,
As hardware infrastructures grew managed as a single administrative for instance, throttle back the CPU,
more complicated and fragmented, domain using common security poli- stop all I/O to a virtual machine (VM),
so did the distribution of software and cies, contains a bundle of virtual ma- or take a clone of the VM and move it
data. There seemed no end to the ways chines, storage volumes, and networks elsewhere for evaluation. Agents could
that users could split up their comput- running across multiple physical ma- be deployed by cloud users, cloud ser-
ing resources, and no end to the securi- chines. Around the cells HP inserts vice providers, or third parties such as a
ty problems that arose as a result. Part various sensors, detectors, and mitiga- virus protection company, Sadler says.
of the problem has been one of moving tors that look for viruses, intrusions, But these agents introduce their
targets—just as one computing para- and other suspicious behavior. Virtual- own management challenges. There
digm seemed solid, a new, more attrac- ization enables these agents to be very might be as many as 30 agents, inter-
tive one beckoned. close to the action without being part acting in various ways and with varying
In a sense, cloud computing sim- of it or observed by it, according to HP. drains on system resources. HP Labs
plifies security issues for users by out- “People often think of virtualization is developing analytic tools that can
sourcing them to another party, one as adding to security problems, but it generate playbooks that script system
pHotogra pH useD WIt H p erm IssIon f rom m Icrosoft
that is presumed to be highly skilled is fundamentally the answer to a lot of behavior. These templates, tailorable
at dealing with them. Cloud users those problems,” says Martin Sadler, by users, employ cost/benefit analyses
may think they don’t have to worry director of HP’s Systems Security Lab. and reflect what is most important to
about the security of their software “You can do all sorts of things you can’t users and what cost they are willing to
and data anymore, because they’re in do when these things are physical ma- bear for various types of protection.
expert hands. chines.” For example, the sensors can
But such complacency is a mistake, watch CPU activity, I/O patterns, and Virtual machine introspection
say researchers at Hewlett-Packard memory usage and, based on models IBM Research is pursuing a similar
(HP) Laboratories in Bristol, U.K. They of past behavior, recognize suspicious approach called “virtual machine in-
are prototyping Cells as a Service, by activity. They can also assess the prob- trospection.” It puts security inside
which they hope to automate secu- ability of certain events happening and a protected VM running on the same
16 communications of th e ac m | n ov e m b e r 2 0 1 0 | vo l . 5 3 | n o. 1 1
2. news
physical machine as the guest VMs Society
Pew
running in the cloud. The security VM
employs a number of protective meth- “People often think
ods, including the whitelisting and of virtualization as
blacklisting of guest kernel functions.
It can determine the operating system adding to security Report on
and version of the guest VM and can
start monitoring a VM without any
problems, but
it is fundamentally
Mobile
beginning assumption of its running
state or integrity.
Instead of running 50 virus scan-
the answer to a lot Apps
ners on a machine with 50 guest VMs, of those problems,” although a greater number of
virtual machine introspection uses just says martin sadler, adults are turning to mobile
phones to text and access
one, which is much more efficient, says
Matthias Schunter, a researcher at IBM director of the Internet, age and gender
differences exist, according to a
Research’s Zurich lab. “Another big hP’s systems report by Pew research Center’s
advantage is the VM can’t do anything Internet & american Life Project
against the virus scan since it’s not security Lab. and The Nielsen Company.
The report, titled The Rise
aware it’s being scanned,” he says. of Apps Culture, found that 35%
Another variation, called “lie de- of u.S. adults have software
tection,” puts a tiny piece of software applications or apps on their
phones, yet only 24% of adults
inside the VM to look at the list of run-
use those apps. overall, today’s
ning processes as seen by the user. In- apps culture—essentially born
trospection software outside the VM adversary could launch a side-channel a couple of years ago with
can reliably determine all the process- attack based on the VM’s sharing of the introduction of apple’s
iPhone—is predominantly
es actually running on the VM; if there physical resources such as CPU data male, younger, and more
is any difference between the two lists, caches. The researchers also outlined affluent.
some malware, such as a rootkit, is sus- a number of mitigation steps, but con- eighteen to 29-year-olds
pected of running on the VM. cluded the only practical and foolproof comprise only 23% of the u.S.
adult population but constitute
Looking from both within the VM protection is for cloud users to require 44% of the apps-using
and without, the lie detector can also that their VMs run on dedicated ma- population. By contrast, 41% of
compare the lists of files on disk, the chines, which is potentially a costly so- the adult population is age 50
and older but this group makes
views of open sockets, the lists of load- lution. up just 14% of apps users.
ed kernel modules, and so on. “Each younger adopters also use apps,
of these lie tests improves the chanc- Difficulties With encryption including games and social
es of detecting potential malware, Encryption is sometimes seen as the media, more frequently.
gender differences were
but none of them can prove that no ultimate security measure, but it also also apparent. Women are
malware exists,” says IBM researcher presents difficulties in the cloud. At more likely to rely on social
Klaus Julisch. present, processing encrypted data networking apps such as
Facebook and Twitter while
In a third application, a virtual in- means downloading it and decrypting
men are inclined to use
trusion detection system runs inside it for local use and then possibly up- productivity and financial apps.
the physical machine to monitor traf- loading the results, which is a cumber- Nevertheless, adoption is
fic among the guest VMs. The virtual some and costly process. growing rapidly. The Nielsen
Company found that the
networks hidden inside a physical The ability to process encrypted average number of apps on
machine are not visible to conven- data in place has been a dream of a smartphone has swelled
tional detectors because the detec- cryptographers for years, but it is now from 22 in December 2009
tors usually reside in a separate ma- demonstrating some progress. Last to 27 today. Not surprisingly,
iPhone owners top the list with
chine, Schunter says. year, Craig Gentry, first at Stanford an average of 40 apps, while
Indeed, snooping between VMs in- University and then at IBM Research, android users claim 25 and
side a machine was shown to be a real proved it is possible to perform cer- BlackBerry owners 14.
The next few years will
possibility by researchers last year. tain operations on data without first likely usher in dramatic
Computer scientists Thomas Risten- decrypting it. The technique, called changes. “every metric we
part, Hovav Shacham, and Stefan Sav- “fully homomorphic encryption,” was capture shows a widening
age at the University of California, San hailed as a conceptual breakthrough, embrace of all kinds of apps
by a widening population,
Diego and Eran Tromer at MIT proved but is so computationally demanding states roger entner, coauthor
it was possible for an adversary to get that practical applications are years of the report and senior vice
his or her VM co-located with a target’s away, experts say. president at Nielsen. “It’s … not
too early to say that this is
VM on a cloud’s physical machine 40% Meanwhile, the more limited abil-
an important new part of the
of the time. In a paper, “Hey, You, Get ity to search encrypted data is closer to technology world.”
Off of My Cloud,” they showed how the reality. In “Cryptographic Cloud Stor- —Samuel Greengard
n ov e m b e r 2 0 1 0 | vo l . 5 3 | n o. 1 1 | c o m m u n i c at i o n s o f t he acm 17