Secure Public Cloud Setup? An idea…

Running a virtual machine on any public cloud has an inherent security risk: The cloud service provider.

The cloud service provider may take a snapshot of the virtual machine at any time. Thus allowing him access onto any data available at the moment of the snapshot, even onto encrypted data. Or to suspend the virtual machine to maliciously inject a root kit into the virtual machines memory, no matter if it’s running Windows or Linux or any other Operating System.

Call me paranoid. But besides those sophisticated attack scenarios there are much simpler ones, like just peeking the virtual disk. Anyhow, this allows data privacy violation as well as industrial espionage by a cloud service provider, regardless if he acts on his own or is forced by court or an intelligence service.

And do not forget, that the Washington Post has shown that the U.S. intelligence runs a program called PRISM to secretly mine data from U.S. internet companies.

So it may be of some interest for the internet community to create a secure public cloud setup (SPC — let’s call it spice) with Interactive Cloud OS –or any other Linux– which is not vulnerable to unrestricted and unnoticed access to private data.

But how could a user protect his data or virtual machines in a public cloud? Some requirements come to mind:

  • Any access on a virtual machine or its disks will be logged and shown to the user.
  • Any user should be able to check at any time that the running OS hasn’t been altered.
  • The running OS should be open source, thus allowing the community to check for back doors.

At a first glance it looks impossible to achieve the requirements.

But, on the other hand, Interactive Network already developed award winning system Intermediär with similar requirements which is used to ensure high grade data privacy for the German Haemophilia Register. Using a combination of digital signatures, cryptographic functions and organisational conditions Intermediär is protected against any unnoticed alteration or eavesdropping, including hardware based attacks, like key loggers.

After all it ought to be possible to achieve the requirements.

But even if there is a chance to fail, creating an open source process to SPiCe up the cloud would be worth the effort, wouldn’t it?

Feel free to join the discussion.

Please recommended us:

6 thoughts on “Secure Public Cloud Setup? An idea…

  1. Elvin Eschrich

    Data backup online is not too hard. My computer documents are all encrypted at http://[….] Their cloud is fastand also free.

    1. Ralf Herrmann Post author

      You’re right about being safe if you encrypt your online backups. But we’re talking about running virtual machines here. Encrypting your data won’t help you if you’re running a blog, a forum or a CAD-system as you need to supply the encryption key for processing the data.

    2. John

      Hi Elvin,
      you might want to tell your provider that we gonna distribute a free and secure OS (hopefully so secure, NSA and other agencies cannot break!)
      He may want to save some bucks instead of paying for licence fees 😉

      1. Concepcion

        Thank you explaining cloud computing. I’ve used Outlook Exchange for awhile now, but I have recently started looking into applications based in the cloud, like Evernote. When it comes time for me to purchase one, I will definitely need to look hard at those that are cloud based.

  2. Angie

    Those are good ideas and resources. In my exeepirnce, everyone suffers from slow pc and internet speeds. The problem is, after using your computer long enough junk collects in the registry and your computer performance slows down (much like a car needing an oil change).

Comments are closed.