Cloud computing offers advantages but also security risks. Researchers are developing solutions to address these risks. One approach is to automate security management for groups of virtual machines using sensors to detect suspicious behavior and take mitigating actions. Another approach called virtual machine introspection places a protected security virtual machine on the same physical machine as guest virtual machines to monitor them without their knowledge. Both aim to improve security while maintaining the efficiencies of cloud computing.

1. news
Technology | DOI:10.1145/1839676.1839683 Gary Anthes
security in the cloud
Cloud computing offers many advantages, but also involves security
risks. Fortunately, researchers are devising some ingenious solutions.
C
o M Pu T I Ng May So Me day be
organized as a public util-
ity, just as the telephone
system is a public utility,”
Massachusetts Institute of
Technology (MIT) computer science
pioneer John McCarthy noted in 1961.
We aren’t quite there yet, but cloud
computing brings us close. Clouds
are all the rage today, promising con-
venience, elasticity, transparency,
and economy. But with the many ben-
efits come thorny issues of security
and privacy.
The history of computing since the
1960s can be viewed as a continuous
move toward ever greater specializa-
tion and distribution of computing
resources. First we had mainframes,
and security was fairly simple. Then
we added minicomputers and desktop
and laptop computers and client-server
models, and it got more complicated. cloud computing simplifies security issues for users by outsourcing them to companies such
These computing paradigms gave way as microsoft, which recently opened a $550 million data center in chicago.
in turn to n-tier and grid computing
and to various types of virtualization. rity management in the cloud. A cell, take action accordingly. They might,
As hardware infrastructures grew managed as a single administrative for instance, throttle back the CPU,
more complicated and fragmented, domain using common security poli- stop all I/O to a virtual machine (VM),
so did the distribution of software and cies, contains a bundle of virtual ma- or take a clone of the VM and move it
data. There seemed no end to the ways chines, storage volumes, and networks elsewhere for evaluation. Agents could
that users could split up their comput- running across multiple physical ma- be deployed by cloud users, cloud ser-
ing resources, and no end to the securi- chines. Around the cells HP inserts vice providers, or third parties such as a
ty problems that arose as a result. Part various sensors, detectors, and mitiga- virus protection company, Sadler says.
of the problem has been one of moving tors that look for viruses, intrusions, But these agents introduce their
targets—just as one computing para- and other suspicious behavior. Virtual- own management challenges. There
digm seemed solid, a new, more attrac- ization enables these agents to be very might be as many as 30 agents, inter-
tive one beckoned. close to the action without being part acting in various ways and with varying
In a sense, cloud computing sim- of it or observed by it, according to HP. drains on system resources. HP Labs
plifies security issues for users by out- “People often think of virtualization is developing analytic tools that can
sourcing them to another party, one as adding to security problems, but it generate playbooks that script system
pHotogra pH useD WIt H p erm IssIon f rom m Icrosoft
that is presumed to be highly skilled is fundamentally the answer to a lot of behavior. These templates, tailorable
at dealing with them. Cloud users those problems,” says Martin Sadler, by users, employ cost/benefit analyses
may think they don’t have to worry director of HP’s Systems Security Lab. and reflect what is most important to
about the security of their software “You can do all sorts of things you can’t users and what cost they are willing to
and data anymore, because they’re in do when these things are physical ma- bear for various types of protection.
expert hands. chines.” For example, the sensors can
But such complacency is a mistake, watch CPU activity, I/O patterns, and Virtual machine introspection
say researchers at Hewlett-Packard memory usage and, based on models IBM Research is pursuing a similar
(HP) Laboratories in Bristol, U.K. They of past behavior, recognize suspicious approach called “virtual machine in-
are prototyping Cells as a Service, by activity. They can also assess the prob- trospection.” It puts security inside
which they hope to automate secu- ability of certain events happening and a protected VM running on the same
16 communications of th e ac m | n ov e m b e r 2 0 1 0 | vo l . 5 3 | n o. 1 1

2. news
physical machine as the guest VMs Society
Pew
running in the cloud. The security VM
employs a number of protective meth- “People often think
ods, including the whitelisting and of virtualization as
blacklisting of guest kernel functions.
It can determine the operating system adding to security Report on
and version of the guest VM and can
start monitoring a VM without any
problems, but
it is fundamentally
Mobile
beginning assumption of its running
state or integrity.
Instead of running 50 virus scan-
the answer to a lot Apps
ners on a machine with 50 guest VMs, of those problems,” although a greater number of
virtual machine introspection uses just says martin sadler, adults are turning to mobile
phones to text and access
one, which is much more efficient, says
Matthias Schunter, a researcher at IBM director of the Internet, age and gender
differences exist, according to a
Research’s Zurich lab. “Another big hP’s systems report by Pew research Center’s
advantage is the VM can’t do anything Internet & american Life Project
against the virus scan since it’s not security Lab. and The Nielsen Company.
The report, titled The Rise
aware it’s being scanned,” he says. of Apps Culture, found that 35%
Another variation, called “lie de- of u.S. adults have software
tection,” puts a tiny piece of software applications or apps on their
phones, yet only 24% of adults
inside the VM to look at the list of run-
use those apps. overall, today’s
ning processes as seen by the user. In- apps culture—essentially born
trospection software outside the VM adversary could launch a side-channel a couple of years ago with
can reliably determine all the process- attack based on the VM’s sharing of the introduction of apple’s
iPhone—is predominantly
es actually running on the VM; if there physical resources such as CPU data male, younger, and more
is any difference between the two lists, caches. The researchers also outlined affluent.
some malware, such as a rootkit, is sus- a number of mitigation steps, but con- eighteen to 29-year-olds
pected of running on the VM. cluded the only practical and foolproof comprise only 23% of the u.S.
adult population but constitute
Looking from both within the VM protection is for cloud users to require 44% of the apps-using
and without, the lie detector can also that their VMs run on dedicated ma- population. By contrast, 41% of
compare the lists of files on disk, the chines, which is potentially a costly so- the adult population is age 50
and older but this group makes
views of open sockets, the lists of load- lution. up just 14% of apps users.
ed kernel modules, and so on. “Each younger adopters also use apps,
of these lie tests improves the chanc- Difficulties With encryption including games and social
es of detecting potential malware, Encryption is sometimes seen as the media, more frequently.
gender differences were
but none of them can prove that no ultimate security measure, but it also also apparent. Women are
malware exists,” says IBM researcher presents difficulties in the cloud. At more likely to rely on social
Klaus Julisch. present, processing encrypted data networking apps such as
Facebook and Twitter while
In a third application, a virtual in- means downloading it and decrypting
men are inclined to use
trusion detection system runs inside it for local use and then possibly up- productivity and financial apps.
the physical machine to monitor traf- loading the results, which is a cumber- Nevertheless, adoption is
fic among the guest VMs. The virtual some and costly process. growing rapidly. The Nielsen
Company found that the
networks hidden inside a physical The ability to process encrypted average number of apps on
machine are not visible to conven- data in place has been a dream of a smartphone has swelled
tional detectors because the detec- cryptographers for years, but it is now from 22 in December 2009
tors usually reside in a separate ma- demonstrating some progress. Last to 27 today. Not surprisingly,
iPhone owners top the list with
chine, Schunter says. year, Craig Gentry, first at Stanford an average of 40 apps, while
Indeed, snooping between VMs in- University and then at IBM Research, android users claim 25 and
side a machine was shown to be a real proved it is possible to perform cer- BlackBerry owners 14.
The next few years will
possibility by researchers last year. tain operations on data without first likely usher in dramatic
Computer scientists Thomas Risten- decrypting it. The technique, called changes. “every metric we
part, Hovav Shacham, and Stefan Sav- “fully homomorphic encryption,” was capture shows a widening
age at the University of California, San hailed as a conceptual breakthrough, embrace of all kinds of apps
by a widening population,
Diego and Eran Tromer at MIT proved but is so computationally demanding states roger entner, coauthor
it was possible for an adversary to get that practical applications are years of the report and senior vice
his or her VM co-located with a target’s away, experts say. president at Nielsen. “It’s … not
too early to say that this is
VM on a cloud’s physical machine 40% Meanwhile, the more limited abil-
an important new part of the
of the time. In a paper, “Hey, You, Get ity to search encrypted data is closer to technology world.”
Off of My Cloud,” they showed how the reality. In “Cryptographic Cloud Stor- —Samuel Greengard
n ov e m b e r 2 0 1 0 | vo l . 5 3 | n o. 1 1 | c o m m u n i c at i o n s o f t he acm 17

3. news
age,” a paper published earlier this nies like Google and Amazon and Mi-
year, researchers Seny Kamara and crosoft have hundreds of people de-
Kristin Lauter of Microsoft Research in “cryptographic voted to security,” he says. “How many
described a virtual private storage ser- cloud storage,” do you have?”
vice that aims to provide the security
of a private cloud and the cost savings microsoft
of a public cloud. Data in the cloud researchers seny Further Reading
Christodorescu, M., Sailer, R., Schales, D.,
remains encrypted, and hence pro-
tected from the cloud provider, court Kamara and Kristin Sgandurra, D., and Zamboni, D.
Cloud security is not (just) virtualization
subpoenas, and the like. Users index Lauter describe security, Proceedings of the 2009 ACM
their data, then upload the data and
the index, which are both encrypted, to a virtual private Workshop on Cloud Computing Security,
Chicago, IL, nov. 13, 2009.
the cloud. As needed, users can gener- storage service that Gentry, C.
ate tokens and credentials that control Fully homomorphic encryption using ideal
who has access to what data. provides the security lattices, Proceedings of the 41st Annual
Given a token for a keyword, an of a private cloud ACM Symposium on Theory of Computing,
Bethesda, MD, May 31–June 2, 2009.
authorized user can retrieve point-
ers to the encrypted files that contain and the cost savings Kamara, S. and Lauter, K.
Cryptographic cloud storage, Proceedings
the keyword, and then search for and of a public cloud. of Financial Cryptography: Workshop on
download the desired data in encrypt- Real-Life Cryptographic Protocols and
ed form. Unauthorized observers can’t Standardization, Tenerife, Canary Islands,
know anything useful about the files or Spain, January 25–28, 2010.
the keywords. Ristanpart, T., Tromer, E., Sacham, H.,
The experimental Microsoft service and Savage, S.
also offers users “proof of storage,” a when your data is on a server in China hey, you, get off of my cloud: exploring
information leakage in third-party
protocol by which a server can prove to but you outsourced to a cloud service compute clouds, Proceedings of the
a client that it did not tamper with its in New York?” asks Sion. “Or what if 16th ACM Conference on Computer and
encrypted data. The client encodes the you have the legal resources to fight a Communications Security, Chicago, IL,
data before uploading it and can verify subpoena for your data, but they sub- nov. 9–13, 2009.
the data’s integrity at will. poena your cloud provider instead? Shi, E., Bethencourt, J., Chan, T-H., Song, D.,
Not all cloud security risks arise You will be under scrutiny for moving and Perrig, A.
from technology, says Radu Sion, a to the cloud by your shareholders and Multi-dimensional range query over
encrypted data, Computer Science
computer science professor at Stony everyone else.” Technical Report CMU-CS-06-135R,
Brook University. There is scant le- Nevertheless, Sion says all but the Carnegie Mellon University, March 2007.
gal or regulatory framework, and few most sophisticated enterprises will
precedents, to deal with issues of li- be safer putting their computing re- Gary Anthes is a technology writer and editor based in
arlington, Va.
ability among the parties in cloud ar- sources in the expert hands of one of
rangements, he notes. “What happens the major cloud providers. “Compa- © 2010 acm 0001-0782/10/1100 $10.00
Distributed Computing
Math at Web Speed
“Many hands make light work,” The researchers estimate that possible combinations of the “We believe that our hadoop
goes the old adage. Now there’s a typical computer would have cube in just a few weeks, a task clusters are already more
data to prove it. taken at least 500 years to carry the researchers estimate would powerful than many other
In recent weeks, both yahoo! out the same operation. have taken a single computer supercomputers,” says Sze, who
and google have announced the another group of researchers 35 years. conceived of the project as part
results of separate mathematical recently took advantage of google has yet to release the of an internal yahoo! contest to
experiments that demonstrate google’s distributed computing details of its technical solution, demonstrate the capabilities of
the computational power of large infrastructure to tackle another but it probably bears some hadoop.
clusters of networked PCs. famously thorny computational resemblance to the approach In both cases, the
at yahoo!, a team led by challenge: rubik’s Cube. The used at yahoo!, where the team mathematical problems proved
researcher Tsz-Wo Sze broke team developed an algorithm used apache hadoop, open- particularly well-suited to
the world record for calculating capable of solving any rubik’s source software originally distributed computing because
the digits of pi, crunching the Cube configuration in 20 developed at google (and later the calculations can be parceled
famously irrational number moves or less, resolving a developed extensively by yahoo!) out over the network into much
to the two-quadrillionth bit by conundrum that has puzzled that allows developers to stitch smaller operations, capable of
stitching together more than mathematicians for three together thousands of computers running on a standard-issue PC.
1,000 computers to complete the decades. The computers over the network into a powerful Making light work indeed.
calculation over a 23-day period. simulated all 43 quintillion cloud computer. —Alex Wright
18 communications of th e ac m | n ov e m b e r 2 0 1 0 | vo l . 5 3 | n o. 1 1