At one point in the distant past—before VMware popularized the idea of getting more work out of a server by lying to it about how many operating systems were running on it—everything in the datacenter stayed where it was, most of the time. All datacenter managers had to do to protect their assets was keep the data where it was and keep away people who shouldn’t have access to it.
For most of the past decade—during which IT administrators complained about the slow spread of virtualization—IT vendors furiously slashed the connections between hardware and software, in order to build a more efficient, more egalitarian information infrastructure.
That infrastructure, filled with dozens of remote-access methods to keep BYOD-toting end users connected to their data, makes it far easier for users and admins to access servers or data without worrying about where either is physically located. But that infrastructure can also facilitate hackers, who can use remote access to compromise physical servers so completely that they can charge others for access. For example, security vendor AlienVault discovered one service that had about 400 customers lining up to buy access to hacked-and-rooted servers for around $5 per hour.
The cybercrime market has taken to the conveniences of cloud computing just as devotedly as the rest of the technology-using world, to the point that most of the skills relevant to the black-market economy of hacking, cracking, malware and extortion can be rented as cloud-based SaaS, just like Salesforce or Gmail, according to a McAfee report titled “Cybercrime Exposed.”
McAfee was even able to divide the cybercrime-cloud market into subcategories such as Research-as-a-Service, which hackers can use to find new targets and learn the best ways to not get caught.
Crimeware-as-a-Service supplies malware, spyware, bots, malware control systems and other hands-on cracking tools to all comers. Hacking-as-a-Service lets those with a yen for information but not for hacking just buy stolen data directly—credit-card and PayPal access information, Western Union accounts, and so on.
The upshot is that the same layers of virtualization that have made networked business computing so much more convenient and useful have also given bad guys much easier access to both physical and virtual servers within the previously-secure datacenters.
A group of engineering researchers from MIT has demonstrated one approach to making secure servers harder to access using a physical system that prevents attackers from reading a server’s memory-access patterns to figure out where and how data are stored.
Ascend, which the group demonstrated at a meeting of the International Symposium on Computer Architecture in Tel Aviv in June, is designed to obscure both memory-access patterns and the length of time specific computations take to keep attackers from learning enough to compromise the server. The approach goes beyond simply encrypting everything on the whole server to try to shut off one of the most direct ways attackers can address the server directly—whether the server is an air-gaped high-security machine sitting in an alarmed and guarded room at the NSA or a departmental server whose security settings are a little too loose.
Other ways to try to obscure memory-access patterns were built as applications to run on the server. Ascend is the first time a hardware-only approach has been proposed, and the first to approach an acceptable level of performance, according to Srini Devadas, the Edwin Sibley Webster Professor of Electrical Engineering and Computer Science, the MIT researcher who oversaw the team developing the hardware.
At its most basic, Ascend works not by encrypting streams of data, but by keeping both applications and the server’s CPU from full access to the memory addresses within the server’s DRAM—and by keeping malware or other software designed to eavesdrop on the communication between CPU and RAM while they’re actually running.
The protocol in question is a security specification being developed as a possible standard; it’s known as path-oblivious RAM (PDF), or Oblivious RAM (ORAM).
Ascend rebuilds memory addresses into a tree, attaching each user, application or other resource to the tree and routing every request for a memory access through the whole tree until it finds the one it’s looking for. That process “only [adds] about a factor of three or four overhead in performance,” Devadas said in a statement from the MIT Press Office. “People would have thought it would be a factor of 100.”
There’s just one small problem: Ascend doesn’t exist as a product yet: while there’s a paper describing the platform’s design and operation (PDF), Devadas and his team haven’t announced any plans to build a commercial version.