| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by davidpelaez 3656 days ago
	It's very hard with posts like this to understand the true reach of the problem: is this like having ssh with "password" as the password or is it something much less dangeroues. Is this something that could be exploited without Amazon team messing with the hypervisor providing your VM or something a third party can exploit? If this is a problem with Amazon then I think it's not a real problem for many people: it's inevitable to have a trust contract with them, it's pretty much essential to the notion of the cloud. They could be effectively violating their physical security rules for employees and installing modified code on the hypervisor but they still give us hints and certifications as to why that's not the reason and we need to choose to pick that or not. I just wanted to ask because I'm not an expert on this at all and I always find myself asking, how bad is this indeed and under what assumptions is it a security problem? Any hints to understand this are much appreciated! :)

2 comments

ashitlerferad 3656 days ago

The abstract answers this: any other tenants (aka third party) running on the same physical machine as your VM can steal the 2048-bit RSA keys stored in your VM. Not specific to Amazon, works with any cloud provider, there was a paper a number of years ago about this.

sprin 3656 days ago

> it's inevitable to have a trust contract with them, it's pretty much essential to the notion of the cloud.

I disagree. It's possible to make good use of public infrastructure without handling any important secrets on public machines. Under certain threat models, you have to assume public infrastructure is vulnerable to coercion of the providers and side-channel attacks from co-tenants. As we are beginning to see, providers have the tools and processes to comply with coercive demands (RAM/disk dumps) and co-tenants can feasibly succeed in obtaining secrets via side-channel attacks.

Under models like this, public infrastructure is still useful for storing and routing encrypted information, enabling NAT traversal, and distributing signed material which can be authenticated at the client.