Computer scientists discover vulnerability in cloud server hardware used by AMD and Intel chips



Public cloud services employ special security technologies. Computer scientists at ETH Zurich have now discovered a gap in the latest security mechanisms used by AMD and Intel chips. This affects major cloud providers.

Over the past few years, hardware manufacturers have developed technologies that ought to make it possible for companies and governmental organizations to process sensitive data securely using shared cloud computing resources.

Known as confidential computing, this approach protects sensitive data while it is being processed by isolating it in an area that is impenetrable to other users and even to the cloud provider. But computer scientists at ETH Zurich have now proved that it is possible for hackers to gain access to these systems and to the data stored in them.

Eavesdrop-proof smartphone project helps find the gaps

Shinde's team uncovered the security gaps while examining the confidential computing technologies used in AMD and Intel processors. The researchers wanted to gain an in-depth understanding of how these processors function because they are working on an eavesdrop-proof smartphone based on confidential computing.

Instability factor number one: Hypervisors
In the public cloud, applications are isolated using a TEE, specifically from what's known as a hypervisor. Cloud providers use hypervisor software to manage resources ranging from hardware components to their customers' virtual servers. Hypervisors are an important part of cloud services because they create the required flexibility, efficiency and security.
Fully isolating the hypervisor is impossible

There are, however, fundamental limitations as to how well a user system can be isolated and protected from the hypervisor. After all, some communication must take place between the two, and as an administrative tool, the hypervisor still has to be able to perform its core tasks. These include allocating cloud resources and managing the virtual server running the secured system in the cloud.

One of the remaining interfaces between the hypervisor and the TEE concerns the management of interrupts. The ETH team launched what are known as Ahoi attacks to exploit the hypervisor as a means of sending coordinated interrupts to the secured system at any time.






Interrupt heckles knock security off its game
By sending coordinated interrupt heckles, the ETH scientists managed to confuse a TEE-secured system so effectively that they were able to gain root access—in other words, take full control. "Most affected by this problem was AMD's confidential computing, which proved vulnerable to attack from several different interrupts. In the case of Intel, only one interrupt door had been left open," Shinde says in summarizing the results of her "Heckler attack."

Byproduct on the path to user control of phones
As important as it is to find gaps in the security for sensitive data stored in the public cloud, for Shinde and her research group this was merely a byproduct on the path to ensuring that users of iPhones and Android smartphones retain full control over their data and applications.




#CloudServer
#ServerHardware
#CloudComputing
#DataCenter
#InfrastructureAsAService
#Virtualization
#CloudStorage
#HardwareInfrastructure
#ServerTechnology
#CloudSolutions
#DataCenterHardware
#CloudInfrastructure
#ServerRacks
#NetworkingHardware
#CloudSecurity

Comments

Post a Comment

Popular posts from this blog

Cancer treatment : Vitamin D diet holds key? Here's what latest research reveals

Image
Vitamin D could be the next surprise and effective weapon against cancer, according to a study by scientists in the health sector, says a Fox News report. According to the study, a study on mice which included feeding them vitamin D rich diet could help increase immunity against cancer symptoms. Vitamin D changes the gut microbiome in order enhance effective cancer immunity and increases levels of the bacterium Bacteroides fragilis that depicts an improvement in cancer immune response. Vitamin D-based research can yield some effective results Although cancer is a complex disease with different kinds of evasion, Vitamin D can help in improving the immune system and help in destroying cancer cells. Moreover, some more research on this may help in developing some effective and targeted treatment using this new findings at hand. Vitamin D rich diet not only helps in cancer immunity, but is also good for overall health, finds study The study of mice that received vitamin D showed improved r
Read more

Cybersecurity Stocks To Watch Amid Shift To AI, Cloud

Image
You may think the time is right to move into cybersecurity stocks amid high profile hacking incidents. Also, buzz surrounding artificial intelligence is driving investor interest in cybersecurity stocks. And, federal government spending on cybersecurity should provide a boost in 2024, analysts say. As of June 7, the Computer Software-Security group ranked No. 99 out of 197 industry groups that IBD tracks. Cybersecurity stocks turned in mixed results for March/April quarters.Meanwhile, shares in CrowdStrike (CRWD) have advanced 36% this year. First quarter earnings for CrowdStrike stock topped expectations. Some Wall Street analysts tout cybersecurity stocks with cloud-based platforms, such as CrowdStrike, as the most likely market share gainers. Many companies aim to consolidate purchasing by buying from fewer security vendors, analysts say.Further, cybersecurity firms with the highest Composite Ratings include CrowdStrike stock, Palo Alto Networks (PANW) and CyberArk (CYBR).
Read more

ChatGPT: the latest news and updates on the AI chatbot that changed everything

Image
In the ever-evolving landscape of artificial intelligence, ChatGPT stands out as a groundbreaking development that has captured global attention. From its impressive capabilities and recent advancements to the heated debates surrounding its ethical implications, ChatGPT continues to make headlines. Whether you’re a tech enthusiast or just curious about the future of AI, dive into this comprehensive guide to uncover everything you need to know about this revolutionary AI tool. What is ChatGPT? ChatGPT is a natural language AI chatbot. At its most basic level, that means you can ask it a question and it will generate an answer. As opposed to a simple voice assistant like Siri or Google Assistant, ChatGPT is built on what is called an LLM (Large Language Model). These neural networks are trained on huge quantities of information from the internet for deep learning — meaning they generate altogether new responses, rather than just regurgitating specific canned responses. They’re not built
Read more