Nerval's Lobster writes: The cybercrime market has taken to the conveniences of cloud computing just as devotedly as the rest of the technology-using world, to the point that most of the skills relevant to the black-market economy of hacking, cracking, malware and extortion can be rented as cloud-based SaaS, just like Salesforce or Gmail. The same layers of virtualization that have made networked business computing so much more convenient and useful have also given bad guys much easier access to both physical and virtual servers within previously-secure datacenters. A group of engineering researchers from MIT has demonstrated one approach to making secure servers harder to access using a physical system that prevents attackers from reading a server’s memory-access patterns to figure out where and how data are stored. Ascend, which the group demonstrated at a meeting of the International Symposium on Computer Architecture in Tel Aviv in June (PDF), is designed to obscure both memory-access patterns and the length of time specific computations take to keep attackers from learning enough to compromise the server. The approach goes beyond simply encrypting everything on the whole server to try to shut off one of the most direct ways attackers can address the server directly—whether the server is an air-gaped high-security machine sitting in an alarmed and guarded room at the NSA or a departmental server whose security settings are a little too loose. Other ways to try to obscure memory-access patterns were built as applications to run on the server. Ascend is the first time a hardware-only approach has been proposed, and the first to approach an acceptable level of performance, according to Srini Devadas, the Edwin Sibley Webster Professor of Electrical Engineering and Computer Science, the MIT researcher who oversaw the team developing the hardware.
Never tell people how to do things. Tell them WHAT to do and they will
surprise you with their ingenuity.
-- Gen. George S. Patton, Jr.