IBM and NC State Develop Cloud Security Layer
As passionate we are about cloud computing and its opportunities for the future, security remains a primary concern when pooled computing resources can expose potentially thousands of cloud users in a single attack.
Researchers at North Carolina State University and IBM said they may have found a way to effectively protect certain information in cloud and services environments. A new technique called Strongly Isolated Computing Environment” (SICE) aims to isolate sensitive information and workload from the rest of the functions performed by a hypervisor, which serves as gateway to a virtual, cross-platform workspace shared by users in a cloud system.
Peng Ning, a professor of computer science at NC State and co-author of a paper describing the research, explained that the basic idea of the approach is to reduce the "surface" for a potential attack. The foundation of SICE Trusted Computing Base (TCB), which has just about 300 lines of code. In the case of an attack, only those 300 lines have to be protected.
"Previous techniques have exposed thousands of lines of code to potential attacks," Ning said. "We have a smaller attack surface to protect.”
SICE can be configured to allocate specific CPU cores to the sensitive workload. During tests, SICE consumed about 3 percent of the entire system performance, according to Ning. “That is a fairly modest price to pay for the enhanced security,” he noted. “However, more research is needed to further speed up the workloads that require interactions with the network.”
The research paper detailing SICE will be presented at the 18th ACM Conference on Computer and Communications Security, which will be held from October 17 to 21 in Chicago.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
-
Wow, some more feel-good fluff to bolster public opinion of "teh cloud".Reply
How on earth is this different than what they were already doing? How on earth is this different from 10,000+ other methods of isolating cloud VMs from each other? This is more frivolous than an iPad patent.
In fact, most people's first foray into Virtualization involves them asking the question "how the f*** do I make the VMs talk to each other"? By default, they're completely isolated unless you configure the hypervisor and the VMs to talk to each other, and if that's not the case, you should file a code red bug report immediately so that your hypervisor's developers can cancel their weekend plans to fix it.
-
larkforsure Complaint with Human Rights Violations by IBM China on CentennialReply
How Much IBM Can Get Away with is the Responsibility of the Media
http://wp.me/p1hDC3-aL
Tragedy of Labor Rights Repression in IBM China
http://wp.me/p1hDC3-92
Scandal stricken IBM detained mother of ex-employee on the day of centennial
http://wp.me/p1hDC3-8I
-
shin0bi272 my company is bidding for a job with NC state currently and I can tell you that they are using an old system for records management that essentially no longer exists. The company was bought out 3 or 4 times and the current company is discontinuing support for it. OUR company has to be able to communicate with it though... of course. Our system can export images or data bases or to several other types of records management software ... just not this one. That's how old it is. So I really dont think NC State should be looked as as some brilliant tech savvy college.Reply -
amk-aka-Phantom "Experts": blah blah blah cloud blah blah cloudReply
Consumers: "Huh, we've heard about this 'cloud' so many times recently, it has to be something useful."
Power users who know where this 'cloud' will make everyone end up: *facepalm*