Researchers Show How to Steal Secrets from the Cloud

Grazed from MIT Technology Review. Author: Tom Simonite.

Cloud computing teaches people not to worry about physical equipment for hosting data and running software. But a study by researchers at computer security company RSA suggests that this could be a costly mistake.

The researchers have shown it is possible for software hosted by a cloud-computing provider to steal secrets from software hosted on the same cloud. In their experiment, they ran malicious software on hardware designed to mimic the equipment used by cloud companies such as Amazon. They were able to steal an encryption key used to secure e-mails from the software belonging to another user…

The attack demonstrated is so complex that it is unlikely to be a danger to customers of any cloud platform today, but the experiment answers a longstanding question about whether such attacks are even possible. The proof suggests that some very valuable data should not be entrusted to the cloud at all, says Ari Juels, chief scientist at RSA and director of the company’s research labs. “The basic lesson is that if you’ve got a highly sensitive workload, you shouldn’t run it alongside some unknown and potentially untrustworthy neighbor,” says Juels…

Read more from the source @ http://www.technologyreview.com/news/506976/researchers-show-how-to-steal-secrets-from-the-cloud/