All fine and dandy but why are cloud providers even allowing this low level access to customers?
Amazon blocks lab-only key-stealing neighbour attack
Amazon has patched a vulnerability that could have let users to steal the RSA keys of other co-located customers. The complex attack - getting to CPU code cache isn't trivial - would, if successful, give an attacker a whole 2048-bit key used in other Elastic Compute Cloud instances. Worcester Polytechnic Institute researchers …
COMMENTS
-
-
Friday 2nd October 2015 06:27 GMT Anonymous Coward
EC2 is IaaS so assembly language is an option and with that little bit, you can do side-channel attacks. The level of sophistication required has been increasing but so long as you have shared anything, which is what makes Public Cloud much cheaper (scale), side channel attacks are a continuing possibility. Note, even having shared power buses have proved sometimes adequate to attack cryptographic implementations. It's a cost of doing business and the reason you leave it up to engineers who really know this field to make the decisions. I'm only conversant on some of this 'cause I was doing the fixin'. I left it to the people that design this stuff to set out the procedures and validations.
[Any energy leakage, now matter how small, can compromise a cryptographic implementation.]
-
Friday 2nd October 2015 06:32 GMT Ken Moorhouse
Why?
The presence of the word cache suggests performance reasons.
Caching can be a menace in traditional computing, particularly database design where one session making a change to a database needs to make sure it is committed before another session relies upon it.
Similarly with multiple access points in the cloud my belief would be that caching wouldn't be feasible if you made a change to a cloud database accessing from say London and expect that change to be readable in New York. To me this is one of the problems with using the cloud for database work where transaction integrity is important. As I say, that is my belief: but please do correct me on this point if I am wrong.
-
-
Friday 2nd October 2015 07:09 GMT Mage
Co-location
Forget the word Cloud, even Co-location.
This is shared hosting. Real Co-location is your own physical server in a provider's data centre.
Any shared hosting, no matter what you are allowed to run (even if only PHP + SQL) has security risks compared with real co-location of your own server.