IBM and NC State Develop Cloud Security Layer

News
By Wolfgang Gruener
published

As passionate we are about cloud computing and its opportunities for the future, security remains a primary concern when pooled computing resources can expose potentially thousands of cloud users in a single attack.

Researchers at North Carolina State University and IBM said they may have found a way to effectively protect certain information in cloud and services environments. A new technique called Strongly Isolated Computing Environment” (SICE) aims to isolate sensitive information and workload from the rest of the functions performed by a hypervisor, which serves as gateway to a virtual, cross-platform workspace shared by users in a cloud system.

Peng Ning, a professor of computer science at NC State and co-author of a paper describing the research, explained that the basic idea of the approach is to reduce the "surface" for a potential attack. The foundation of SICE Trusted Computing Base (TCB), which has just about 300 lines of code. In the case of an attack, only those 300 lines have to be protected.

"Previous techniques have exposed thousands of lines of code to potential attacks," Ning said. "We have a smaller attack surface to protect.”

SICE can be configured to allocate specific CPU cores to the sensitive workload. During tests, SICE consumed about 3 percent of the entire system performance, according to Ning. “That is a fairly modest price to pay for the enhanced security,” he noted. “However, more research is needed to further speed up the workloads that require interactions with the network.”

The research paper detailing SICE will be presented at the 18th ACM Conference on Computer and Communications Security, which will be held from October 17 to 21 in Chicago.

Wolfgang Gruener
4 Comments Comment from the forums
  • Wow, some more feel-good fluff to bolster public opinion of "teh cloud".

    How on earth is this different than what they were already doing? How on earth is this different from 10,000+ other methods of isolating cloud VMs from each other? This is more frivolous than an iPad patent.

    In fact, most people's first foray into Virtualization involves them asking the question "how the f*** do I make the VMs talk to each other"? By default, they're completely isolated unless you configure the hypervisor and the VMs to talk to each other, and if that's not the case, you should file a code red bug report immediately so that your hypervisor's developers can cancel their weekend plans to fix it.
    Reply
  • larkforsure
    Complaint with Human Rights Violations by IBM China on Centennial

    How Much IBM Can Get Away with is the Responsibility of the Media
    http://wp.me/p1hDC3-aL

    Tragedy of Labor Rights Repression in IBM China
    http://wp.me/p1hDC3-92

    Scandal stricken IBM detained mother of ex-employee on the day of centennial
    http://wp.me/p1hDC3-8I
    Reply
  • shin0bi272
    my company is bidding for a job with NC state currently and I can tell you that they are using an old system for records management that essentially no longer exists. The company was bought out 3 or 4 times and the current company is discontinuing support for it. OUR company has to be able to communicate with it though... of course. Our system can export images or data bases or to several other types of records management software ... just not this one. That's how old it is. So I really dont think NC State should be looked as as some brilliant tech savvy college.
    Reply
  • amk-aka-Phantom
    "Experts": blah blah blah cloud blah blah cloud

    Consumers: "Huh, we've heard about this 'cloud' so many times recently, it has to be something useful."

    Power users who know where this 'cloud' will make everyone end up: *facepalm*
    Reply