New technology intended to improve the security of cloud computing may still be vulnerable to attacks, according to a new study co-authored by a University of Central Florida researcher.
Some of the vulnerabilities were detailed in a research presentation at the USENIX Security Symposium on Aug. 15, in Santa Clara, California.
The study examined processor manufacturer AMD 麻豆精品 S檚 Secure Encrypted Virtualization technology, a new advancement, which aims to provide privacy of computation and data in public clouds without needing to trust the cloud service providers and their software so users can experience confidential cloud computing.
麻豆精品 S淭he goal is to essentially say, 麻豆精品 S楬ey you don 麻豆精品 S檛 have to trust the cloud computing companies, you can just trust the processor, 麻豆精品 S 麻豆精品 S said Yan Solihin, a professor in UCF 麻豆精品 S檚 Department of Computer Science who helped co-author the study. 麻豆精品 S淭hat 麻豆精品 S檚 the promise. What we show in the paper is it 麻豆精品 S檚 not easy to get to that promise. 麻豆精品 S
The lead author of the research paper was Mengyuan Li, a doctoral student in The Ohio State University 麻豆精品 S檚 Department of Computer Science and Engineering. Co-authors also included Zhiqiang Lin and Yinqian Zhang, associate professors in the university 麻豆精品 S檚 Department of Computer Science and Engineering.
The team worked together to discover the vulnerability and demonstrate the proof-of-concept attacks successfully in a lab setting.
麻豆精品 S淢y student, Mengyuan, put quite a lot of effort in this work, 麻豆精品 S Zhang said.
Other computer processor companies, such as Intel, also offer similar environments that are walled off from the cloud computing service. AMD 麻豆精品 S檚 processor is unique, however, because it encrypts the entire memory, unlike other processors, where only portions of the memory are encrypted at a time.
This is an added security feature, but also means that the processor is reliant on input and output messages with the cloud computer software, rather than dedicating a portion of encrypted memory for that. It 麻豆精品 S檚 in these incoming and outgoing communications where the vulnerabilities lay, the researchers said.
Other researchers have reported the memory-integrity problems in the processor in the past, but this study was the first to report the vulnerabilities in the input and output operations, along with resulting other problems.
Despite evolving research to improve the security of cloud computing, using those services can be economically beneficial for users and businesses and may even be more secure for businesses that do not have the resources to hire information technology specialists to manage and safeguard their systems, Solihin said.
麻豆精品 S淭here are risks with putting your information in the cloud, but there are benefits as well, 麻豆精品 S Solihin said. 麻豆精品 S淵ou have to consider that. There are a lot of efforts to make your data secure. 麻豆精品 S
The technology from AMD analyzed in the research is still new and not widely deployed, Zhang said. The results of the research have also been relayed to AMD to help them implement fixes in future versions of their processor.
麻豆精品 S淚 think we are still in the process for this technology to become mature, 麻豆精品 S Zhang said. 麻豆精品 S淭he purpose of this study is to inform the vendors to build trusted execution environments to support this secure cloud operation you at least have to consider these types of attacks. 麻豆精品 S 麻豆精品 S
Jason Thomas, head of product security at AMD, said this type of research is part of the computing ecosystem that helps improve products.
麻豆精品 S淎t AMD we are committed to developing technology with high security standards and collaborating with the entire computing ecosystem to help ensure the safety of user information, 麻豆精品 S Thomas said.
麻豆精品 S淎MD SEV is a differentiated technology designed to provide advanced protection of memory from inadvertent vulnerabilities in a typical multi-tenant operating environment, 麻豆精品 S he said. 麻豆精品 S淲ith the recent introduction of our 2nd Gen EPYC server processors, more virtual machines than ever before can leverage SEV technology 麻豆精品 S in combination with solutions designed to guard against malicious attack vectors 麻豆精品 S as a foundational tool in their overall virtualization security suite. 麻豆精品 S
Solihin is the director of UCF 麻豆精品 S檚 Cybersecurity and Privacy Cluster, and the Charles Millican chair of computer science at UCF. He joined UCF in 2018.
The research was supported by National Science Foundation grants, research gifts from Intel and DFINITY as well as from funding from UCF.
