Cloud research isolates sensitive information
Researchers claim their new isolation technique is major cloud infosec breakthrough.
Researchers from North Carolina State University and IBM are claiming a major breakthrough in the way cloud computing architectures protect sensitive information.
They have developed a new, experimental technique to isolate sensitive information and workload from the rest of the functions performed by a hypervisor without, they claim, significantly affecting the system's overall performance.
The new technique, called "Strongly Isolated Computing Environment" (SICE) introduces a different layer of security protection at the software framework level. It is designed to tackle longstanding concerns that attackers could take exploit hypervisor vulnerabilities to steal or corrupt confidential data in a cloud.
Dr. Peng Ning, a professor of computer science at North Carolina State and co-author of a paper describing the research, said the SICE technique significantly reduces the "surface" that can be attacked by malicious software.
"... Our approach relies on a software foundation called the Trusted Computing Base, or TCB, that has approximately 300 lines of code, meaning that only these 300 lines of code need to be trusted in order to ensure the isolation offered by our approach," he said.
"Previous techniques have exposed thousands of lines of code to potential attacks. We have a smaller attack surface to protect."
The technique is also designed to let programmers dedicate specific cores on commodity multi-core processors to the sensitive workload. By confining the sensitive workload to one or a few cores with strong isolation, and allowing other functions to operate separately, researchers said SICE provides both high assurance for the sensitive workload and efficient resource sharing in a cloud.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
In testing, the researchers reported that the SICE framework generally took up approximately three per cent of the multi-core processors system's performance overhead for workloads that do not require direct network access.
"That is a fairly modest price to pay for the enhanced security," Ning said. However, he added that more research was needed to further speed up the workloads that require interactions with the network.
A 25-year veteran enterprise technology expert, Miya Knights applies her deep understanding of technology gained through her journalism career to both her role as a consultant and as director at Retail Technology Magazine, which she helped shape over the past 17 years. Miya was educated at Oxford University, earning a master’s degree in English.
Her role as a journalist has seen her write for many of the leading technology publishers in the UK such as ITPro, TechWeekEurope, CIO UK, Computer Weekly, and also a number of national newspapers including The Times, Independent, and Financial Times.