Royal Holloway 2012: Risks of multi-tenancy cloud computing

Feature

Royal Holloway 2012: Risks of multi-tenancy cloud computing

Royal Holloway University of LondonInfrastructure as a Service (IaaS) cloud environments use multi-tenancy to take advantage of virtualisation technologies that increase resource utilisation, load balancing, scalability and reliability. This approach allows cloud service providers to maximise use of their infrastructure by multiplexing their physical machines with virtualisation and then assigning the virtual machines (VMs) to different clients when required.

But there is also a downside. With multi-tenancy cloud computing, traditional network security controls become almost useless in protecting one set of users from another. This means an attacker could rent one of these VMs and instantly be shoulder-to-shoulder with several potential targets.

For his MSc thesis at Royal Holloway University of London, Jacobo Ros, under the supervision of lecturer Chez Ciechanowicz, explored the ways in which an attacker might locate a target VM in the cloud, and create a neighbouring VM from which to launch an attack from behind the network firewall.

In an article published on SearchSecurity.co.UK, Ros details the steps an attacker could take to narrow down the search for a target system, and then install a malicious VM on the same hardware as the target. He also proposes some simple steps that cloud service providers could take to prevent this scenario from happening.

Read the article

Download the article by Jacobo on multi-tenancy cloud computing (.pdf).

Read the full thesis (.pdf).

This is essential reading for any company moving to the cloud. It not only explains some of the potential information security dangers, but will also help IT teams ask the right questions about the security offered by prospective cloud service providers.

This feature is one of six SearchSecurity.co.uk is publishing this year in collaboration with RHUL.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in June 2012

 

COMMENTS powered by Disqus  //  Commenting policy