Implications for Data Breaches

1321 Words3 Pages

Data Breaches

Not just that it affects the 3 service models only, and not just high numbers on security risk matrix between perceived risk and actual risk, it also moved from position 5 in 2010 to position 1 in 2013[1]. According to “Top Threats Working Group, The Notorious Nine Cloud Computing Top Threats in 2013” It’s every CIO’s worst nightmare that the organization’s sensitive internal data falls into the hands of their competitors.

Cloud computing introduces significant new ways of attacks. In November 2012, researchers from the University of North Carolina, the University of Wisconsin and RSA Corporation released a paper describing how a virtual machine could use side channel timing information to extract private cryptographic keys being used in other virtual machines on the same physical server [2]. However, according to CSA [1] in many cases an attacker wouldn’t even need to go to such lengths. If a multitenant cloud service database is not properly designed, a flaw in one client’s application could allow an attacker access not only to that client’s data, but every other client’s data as well.

The study [1] shows that there are some Implications for data breaches. While data loss and data leakage are both serious threats to cloud computing, the measures to mitigate one of these threats can trigger the other. Encrypting the data may reduce the impact of a data breach, but losing the encryption key, means losing the data as well. Also, keeping offline backups of the data to reduce the impact of a catastrophic data loss, will increases the exposure to data breaches.

A. Side channel attack:

Any attack based on information gained from the physical implementation of a cryptosystem, rather than brute force or ...

... middle of paper ...

... VCPU only when the latter has been running for a certain amount of time.

References:

[1]. Cloud Security Alliance CLOUD SECURITY ALLIANCE The Notorious Nine: Cloud Computing Top Threats in 2013, [online]. Available: https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf

[2]. Zhang, Y., Juels, A., Reiter, M. K., & Ristenpart, T. (2012, October). Cross-VM side channels and their use to extract private keys. In Proceedings of the 2012 ACM conference on Computer and communications security (pp. 305-316). ACM.

[3]. Kocher, P., Jaffe, J., & Jun, B. (1999, January). Differential power analysis. In Advances in Cryptology—CRYPTO’99 (pp. 388-397). Springer Berlin Heidelberg.

[4]. Xen 4.2: New scheduler parameters http://blog.xen.org/index.php/2012/04/10/xen-4-2-new-scheduler-parameters-2/

Open Document