TechWeekEurope published some interesting research in their “‘Dirty Disk’ Vulnerability Threatens The Cloud” post several weeks ago and I’ve been brewing on it since. The problem harkens back to the original “delete” function present in most OSs. Instead of really deleting a file, OSs simply remove the pointer to where the file was stored on disk. The same problem could occur in the cloud as demonstrated by Context Information Security’s research except the non-referenced data would find it’s way into part of a newly created VM. Besides being able to break out of the VM, this issue might just be the next worst problem in terms of data leakage.
As mentioned in the article, the solution is pretty simple … just zero-out the storage where the VM was after deletion. Most major cloud providers (i.e., Rackspace, VSP.NET, Amazon, and Gigenet) have either implemented this or similar solutions. Some VSP.NET “derived” services might still be vulnerable though. I also imagine this issue would still exist within private cloud implementations in use by a single organization or several partners.
Instead of the suggestion in the article to just zero-out the disk, the paranoid person in me would also recommend a pass of pseudo-random bits instead. And if you’re really paranoid and have to meet some yet-to-be-created regulations, maybe two or three passes are necessary.
Research by Context Information Security, conducted last year and published yesterday, has uncovered data security flaws in the cloud infrastructure services of several providers, including Rackspace and VPS.NET.
The problem lies in data separation between virtual machines using the same storage drives. The vulnerability could give attackers unauthorised access to deleted customer data that is still invisibly present on the drives. The simplest solution is to “zero” format the hard drives after files have been deleted, making the information unrecoverable.
While Rackspace gave Context access to their engineers, executives and processes to fix the vulnerability, VPS.NET says it has resolved the problem on its own own by rolling out a patch.
Context warns that OnApp Cloud solution, on which VPS.NET is based, is used by over 250 cloud providers worldwide, and there could be thousands of virtual machines at potential risk.
Besides this problem and VM escapes, what other problems do you think we face? Let us know in the comments below. Today’s post pic is from UAAFan.blogspot.com. See ya!