Running a virtual machine on any public cloud has an inherent security risk: The cloud service provider.
The cloud service provider may take a snapshot of the virtual machine at any time. Thus allowing him access onto any data available at the moment of the snapshot, even onto encrypted data. Or to suspend the virtual machine to maliciously inject a root kit into the virtual machines memory, no matter if it’s running Windows or Linux or any other Operating System.
Call me paranoid. But besides those sophisticated attack scenarios there are much simpler ones, like just peeking the virtual disk. Anyhow, this allows data privacy violation as well as industrial espionage by a cloud service provider, regardless if he acts on his own or is forced by court or an intelligence service.
And do not forget, that the Washington Post has shown that the U.S. intelligence runs a program called PRISM to secretly mine data from U.S. internet companies.
So it may be of some interest for the internet community to create a secure public cloud setup (SPC — let’s call it spice) with Interactive Cloud OS –or any other Linux– which is not vulnerable to unrestricted and unnoticed access to private data.
But how could a user protect his data or virtual machines in a public cloud? Some requirements come to mind:
- Any access on a virtual machine or its disks will be logged and shown to the user.
- Any user should be able to check at any time that the running OS hasn’t been altered.
- The running OS should be open source, thus allowing the community to check for back doors.
At a first glance it looks impossible to achieve the requirements.
But, on the other hand, Interactive Network already developed award winning system Intermediär with similar requirements which is used to ensure high grade data privacy for the German Haemophilia Register. Using a combination of digital signatures, cryptographic functions and organisational conditions Intermediär is protected against any unnoticed alteration or eavesdropping, including hardware based attacks, like key loggers.
After all it ought to be possible to achieve the requirements.
But even if there is a chance to fail, creating an open source process to SPiCe up the cloud would be worth the effort, wouldn’t it?
Feel free to join the discussion.