Skip to navigation
Latest News

Researchers claim cloud security breakthrough

cloud
 
Gallery

By Stewart Mitchell

Posted on 6 Oct 2011 at 09:33

Researchers at North Carolina State University claim to have invented a technique for more securely storing and processing information in the cloud.

Cloud computing is a burgeoning sector, but according to the researchers, potential weaknesses in the hypervisor software that creates virtual machines could make sensitive data visible to others using the same cloud.

The scientists have developed a software-driven framework that exploits hardware and firmware tools to better isolate different functions running on cloud servers, separating workflows as soon as they arrive for processing.

The technique works like a hotel receptionist, farming guest data into its own private areas on arrival.

We have significantly reduced the ‘surface’ that can be attacked by malicious software

“A long-standing concern in cloud computing is that attackers could take advantage of vulnerabilities in a hypervisor to steal or corrupt confidential data from other users in the cloud,” the researchers said, adding that their approach isolated sensitive information and workload from the rest of the functions performed by a hypervisor.

The technique, dubbed “Strongly Isolated Computing Environment” (SICE), uses a different layer of protection that the researchers claim has minimal impact on performance and uses stripped down code to make it simpler to secure.

“We have significantly reduced the ‘surface’ that can be attacked by malicious software,” said Peng Ning, a professor of computer science at NC State.

“For example, our approach relies on a software foundation called the Trusted Computing Base, or TCB, that has approximately 300 lines of code, meaning that only these 300 lines of code need to be trusted in order to ensure the isolation offered by our approach. Previous techniques have exposed thousands of lines of code to potential attacks. We have a smaller attack surface to protect.”

The technique confines the sensitive workload to one or a few cores with strong isolation, while allowing other functions to operate separately on other cores.

For further coverage of cloud computing visit our sister site Cloud Pro.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here

From around the web

Be the first to comment this article

You need to Login or Register to comment.

(optional)

Office 365: A complete Guide

advertisement

More From PC Pro
Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
SIGN UP

Your email:

Your password:

remember me

Create an account

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.