Data security is far from being a new concern — every system has its Achilles’ heel and predators who would use information gained by finding that heel for their own nefarious purposes. As in any struggle to secure the interests of decent folks against the scruple-free jerks who try to exploit them, the criminals seem to always be just a step or two ahead of the good guys. And while traditional networks have been enough of a struggle to keep safe, the increasing prevalence of cloud computing presents new challenges for security experts to tackle.
In a cloud computing system, data storage and processing power for multiple computers gets pooled for the use of multiple users. The virtual workspace that keeps these different computers isolated from one another is governed by programs called hypervisors, and critics of cloud computing point out that vulnerabilities in a hypervisor could be exploited to gain access to — or corrupt — sensitive data from other users in the cloud.
A team of researchers from North Carolina State University and IBM refuse to be deterred, and has decided to approach this unique security problem from a new angle. By using existing firmware and hardware, the team is able to instill what it calls a Strongly Isolated Computing Environment (SICE) into a cloud computing system to further isolate its data outside of a hypervisor. The hypervisor is then able to focus on its other tasks while even hackers successful in breaching its defenses will come away with nothing.
Says North Carolina State University professor of computer science and research team leader Dr. Peng Ning: “We have significantly reduced the ‘surface’ that can be attacked by malicious software. For example, our approach relies on a software foundation called the Trusted Computing Base, or TCB, that has approximately 300 lines of code, meaning that only these 300 lines of code need to be trusted in order to ensure the isolation offered by our approach. Previous techniques have exposed thousands of lines of code to potential attacks. We have a smaller attack surface to protect.”
The team’s findings are detailed in a paper, SICE: A Hardware-Level Strongly Isolated Computing Environment for x86 Multi-core Platforms, to be presented at the 18th ACM Conference on Computer and Communications Security, Oct. 17-21 in Chicago, Illinois.
Photo above shared by x-ray delta one via Flickr.