In Infrastructure as a Service (IaaS) cloud services such as Amazon’s EC2, the provider hosts virtual machines (VMs) on behalf of its customers, who can do arbitrary computations. In these systems, anyone with privileged access to the host can read or manipulate a customer’s data. Consequently, customers cannot protect their VMs on their own.I read two papers on this topic over the last few days and I invite you to take a look at them. If you are short of time at least try to read "Towards Trusted Cloud Computing". This paper gives a good overview of how cloud computing services "have no means of verifying the confidentiality and integrity of their data and computation". This paper helped me to understand some of the core security issues around cloud computing.
One of the references in this paper was to Terra - a trusted platform that enforces a closed box execution environment. While Terra is an academic study, out of Stanford, it does lay the ground work for a better architecture that could be used to secure and protect virtual machines. It's interesting follow-on reading if you're into a more academic discussion of the problem and their proposed solution. I love how they built "Trusted Quake" - yes, that Quake!
Ultimately, I don't know how many customer will care or won't care about security to this level of depth. My suspicion is customers will try to cover their bases via legal agreements versus computational security as discussed in the two papers above. Either way, it is a good idea to get educated on these topics. Also, it is interesting to me that we still have a long way to go yet around trusted computing hardware (and software).
Technorati Tags:
cloud computing
No comments:
Post a Comment