A research team at North Carolina State University has developed a prototype system to increase data security in cloud-based systems while avoiding significant performance issues.
The researchers will present a paper discussing the technique titled "SICE: A Hardware-Level Strongly Isolated Computing Environment for x86 Multi-core Platforms" at the ACM Conference on Computer and Communications Security which runs October 17-21.
A major concern in cloud computing security is focused on vulnerabilities with hypervisors which allow for separate virtual work-spaces to operate independently while all drawing on the same cloud server network.
"We have significantly reduced the surface' that can be attacked by malicious software," said NC State professor Dr. Peng Ning
The new methodology developed by the NC State team, called "Strongly Isolated Computing Environment" (SICE), enable sensitive information to be isolated from other functions of the hypervisor, thus reducing the likelihood that exploitation of hypervisor vulnerabilities will result in sensitive data loss or corruption.
"For example, our approach relies on a software foundation called the Trusted Computing Base, or TCB, that has approximately 300 lines of code, meaning that only these 300 lines of code need to be trusted in order to ensure the isolation offered by our approach. Previous techniques have exposed thousands of lines of code to potential attacks. We have a smaller attack surface to protect" Ning said.
SICE also allows for sensitive information to be isolated in designated processor cores, separate from other functions,further protecting sensitive data while allowing for more optimum processors functionality.
Currently, the SICE method consumes about 3% of a systems processing capacity, and the researchers are looking to improve performance further.
"That is a fairly modest price to pay for the enhanced security. However, more research is needed to further speed up the workloads that require interactions with the network," Ning explained.
The research was funded in part by IBM, the National Science Foundation, and the U.S. Army Research Office.