Security is a key element for cloud computing, it is also appointed by 30% of respondents as concern in a survey conducted by Forrester Research for Cloud Computing adoption. Data privacy issues are also accounted for by 25% where security is also directly related, and integrity threats of infrastructure can expose user’s data and availability of the whole environment. Security is not an option for cloud environment, it’s a requirement without it user’s will not have confidence in the cloud and like any other institution, it will fail.
Security strategies should be treated in depth, from bottom to top and during the design process, not as something that you add at the end. Inheriting most of the old school techniques such as SDLC for application development, authentication/authorization protocols and safe guard of credentials plus new and reviewed measurements focused on nature of cloud architecture.
New vectors attacking virtualized environment are rising such as:
- Hyperjacking: is a verb that describes the hypervisor stack jacking, involves installing a rogue hypervisor that can take complete control of a server. Regular security measures are ineffective because the OS will not even be aware that the machine has been compromised. This kind of attack still in its infancy, but some of proof of concepts such as Blue Pill and SubVirt are those that proves the stealth potential and damage – a counter measure against this kind of attack is adoption of Trusted Compute Pools;
- VM Jumping/Guest Hoping: this attack leverage vulnerabilities in hypervisor that allows malware to beat VM protections and gain access to lower levels (i.e. host). The driver for these attacks is that a hypervisor has to provide at least the “illusion” of a “ring 0” for a guest operating system to run in – a counter measure against this kind of attack is twofold:
- Harden the VMs, keeping OS and applications patches updated in order to avoid malwares exploit know vulnerabilities not patched;
- Segmentation can also be a strategy to reduce the damage for zero-day attack, where malware exploit unknown vulnerabilities, or those that no patch is available. Placing application with like security postures together and isolated from higher/lower level secured application and system can mitigate higher damage and can be accomplished by Trusted Compute Pools;
- VM and Networking: the live migration of VM between hosts, copy the respective memory area between hosts in order to allow a transparent movement between hosts with minimum interruption. The protocols used by most solution available in the market are not authenticated and susceptible for MITM attacks, giving full access to OS/kernel memory and application state.
You can read more on cloud computing and virtualization vulnerabilities through many papers on the web. The counter measure against this attack can be mutual authentication provided by Trusted Compute Pools, encryption or isolation of traffic in a secure network separated physically or virtually.
It’s not intended to be a full list. In a multi-tenancy environment, update and patch the full stack are subjects that should be also considered in design and day by day operations.