The blog of content protection

There is not a lot of doubt that cloud computing is the next frontier. Unfortunately, like for Far West, Cloud Computing will be in its early days a territory where the security may be weak (euphemism ).

Already, a lot of effort is placed on analyzing the threats and finding solutions. In this trend, there is an interesting approach proposed by Thomas RISTENPART, Eran TROMER, Hovav SHACHAM and Stefan SAVAGE in their paper “Hey, You, Get off of My Cloud“. They discovered that a same server may run Virtual Machines (VM) for different customers. The goal of their attack was to plant a malicious VM on the same server than the target. Then, by measuring several parameters such as cache usage, or estimated traffic rates, they should be able to infer some information. In other words, a side channel attack.

Obviously the most questionable point is the first one. It has two assumptions:

• - Being able to co-reside on a server with the target. A complete section (number 7) proposes different strategies to succeed on Amazon’s EC2.
• - being able to implement a malicious VM for instance through existing vulnerability. This one seems even more questionable.

I am not sure that the disclosed attack is more than a nice theoretical play. Nevertheless, it has the advantage to rise many interesting questions. I’m sure that side channel attacks on cloud computing will become a very thrilling domain of exploration.

The paper was presented at CCS’09. Thomson was sponsor of one the hosted workshop (ACM DRM workshop 09)

Nicholas CARR was the author of Does IT Matter? In this first book, he questioned the future role of IT. He was forecasting the end of IT. In this new book, he continues his prediction with the advent of cloud computing.

He forecasts that computing power will become an utility as power supply. He makes the parallel with the transition to electricity power. Big companies such as Amazon (Elastic Compute Cloud EC2) or Google are offering grid computers to external companies. The interesting part of the book is the analysis of the impact it will have in conjunction with the advent of Web2.0 It has already allowed small companies to succeed without having huge IT infrastructure.

The book also highlights the current trends of Web2.0. Chapter 7: From the Many to the Few is extremely interesting. It describes how companies such as YouTube, or PlentyOfFish are using, for quite nothing, mobs of good willing “content creators”. Chapter 8: The Great Unbundling is about the transformation of content consumption. He predicts that the future of Internet will not be as bright as expected.
“But it's clear that two of the hopes most dear to the Internet optimists-that the Web will create a more bountiful culture and that it will promote greater harmony and understanding-should be treated with skepticism. Cultural impoverishment and social fragmentation seem equally likely outcomes.”(extract)

The security threats highlighted in the book are the typical malware and privacy issues.

A book to read because it sheds a provocative light on the future of Internet.