Amazon has been making efforts of late to improve the appearance of security in its Amazon Web Services (AWS) cloud computing offerings to attract enterprise customers, notably by introducing "Virtual Private Clouds" (VPC) and multi-factor authentication for users of their EC2 computing service. As I noted when the VPC was announced, however, the real security concern with cloud computing is associated not with the strength of controls on legitimate methods of accessing the resources, but rather with the potential of backdoors that comes with running your processes on the same physical hardware as other users. I posited in that post that perhaps Amazon had further assurances to offer against that scenario which it may only offer to interested enterprise customers, and that none of the rest of us might ever have much idea what the company was doing to prevent such side-channel attacks.

It turns out that someone else has been looking into the problem, though, and a joint effort between researchers at the University of California - San Diego and the Massachusetts Institute of Technology has demonstrated the practicality of selectively positioning an attacking instance of an EC2 machine on the same physical hardware as that of a target instance and shown a number of potentially effective attacks from that position. At least one of these attacks has the potential to compromise certain types of encryption and expose supposedly secure channels... including the sort most popularly used today to secure banking and e-commerce websites, AES. The existence of such an exploit could pose a significant roadblock to some of the heaviest potential users of cloud services (and the researchers take pains to point out that while their research was confined to Amazon's EC2, similar attacks could likely be made against many or most cloud service platforms).

There are some bright spots; for one, no actual exploits were discovered and the avenues along which the paper suggests they may be found are unlikely or inapplicable to the environment... "cross-VM keystroke monitoring" may be a problem for corporate server farms but isn't much of a factor in most applications for which cloud services are likely to be used. The attack patterns described also should be reasonably easy for cloud purveyors to identify and obstruct, although subtler variations no doubt exist.

Beyond the already quite interesting description of security vulnerabilities in the system, the researchers also provide a fascinating glimpse of the technical underpinnings of EC2 that have thus far been hidden from the general public (including, perhaps, most EC2 users themselves). While a technical appreciation of the service architecture is beyond the scope of this post, I highly recommend reading the paper itself if you are interested in such things.

The most important thing about this paper, though, is that it reveals some of the basic underpinnings of the shared-resource utility computing model which must be explored in this manner to ensure that it can be made secure and robust. It's not really news that there are weak points in the system; there are weak points in every system, particularly newly introduced ones. The real news is that Amazon and other purveyors have been less than forthcoming about these weak points, counting on security through obscurity to serve as their defense. As most CIOs realize, this is not a viable long-term strategy, and it could explain the relatively slow adoption rate among enterprise customers. Amazon, and others, are shooting themselves in the foot by avoiding exposure and discussion of these very real concerns about their systems, and are delaying the rate at which defenses might be erected and adoption increased for these powerful and efficient tools.