‘Cloud’ Gets More Secure

Thursday, December 2, 2010 @ 08:12 AM gHale


There is now a way to update computer systems packaged in virtual machines in a computer “cloud,” even when those programs are offline.
Nuwa, the new cloud computing patch tool developed by North Carolina State University and IBM, protects virtual machines (VMs) from cyber-attacks by ensuring they always receive important security upgrades. In addition, researchers determined offline application of security patches is more than four times faster than online patch application. They named the tool after a Chinese goddess who patched a hole in the sky.
“We’ve designed a way to patch these virtual machines while they are offline, so that they are kept up to date in terms of security protection,” said Dr. Peng Ning, professor of computer science at NC State and co-author of a paper describing the research. “Current patching systems are designed for computers that are online and they don’t work for dormant computers or virtual machines. The tool we developed automatically analyzes the ‘script’ that dictates how a security patch is installed, and then automatically re-writes the script to make it compatible with an offline system.”
Nuwa leverages a collection of techniques developed by IBM called Mirage. They see use to perform efficient offline introspection and manipulation of a large collection of VM images, to allow cloud administrators to patch multiple VMs simultaneously. A program already exists that allows cloud computing systems to operate more efficiently by saving one version of a computer file used by multiple VMs – rather than saving the same file repeatedly for each individual VM. Nuwa takes advantage of this technology and, by patching one file, can ultimately protect all of the VMs that use that file.
NC State and IBM have successfully tested and evaluated Nuwa on the IBM Research Compute Cloud, used by IBM researchers worldwide.
Cloud computing enables users to create VMs on one large computing platform, with each VM being able to perform various computer functions. It is so easy to create these VMs that businesses and individuals will often create them to perform very specific tasks on a periodic basis. Because these VMs see infrequent use, they often stay dormant for extended periods of time, so they are not consuming energy and computer resources when not in use.
These dormant periods pose a significant security problem, because offline VMs do not receive security upgrades, known as patches. This leaves the VMs vulnerable to cyber-attacks when they come back online. The VMs are vulnerable if left dormant for months, and they missed significant patches.



Leave a Reply

You must be logged in to post a comment.