Amazon as well as Microsoft has been approaching cloud-computing services as a inexpensive method to outsource rare computing power, but the products can launch fresh security troubles that have so far to be completely explored, according to researchers at the University of California, San Diego, as well as the Massachusetts Institute of Technology.

Cloud services can save companies money by allowing them to run new applications without having to buy new hardware. Services like Amazon's Elastic Computer Cloud (EC2) host several different operating environments in virtual machines that run on a single computer. This lets Amazon squeeze more computing power out of each server on its network, but it may come at a cost, the researchers say.

Amazon EC2 with their experiments show that they can pull off what is known as a side-channel attacks on some very basic version. Side-channel attacks to focus on indirect information related to the computer - the electromagnetic waves from the screen or keyboard, a variety of institutional entities, such as - to determine what will be on the machine.

Researchers were able to exact physical server to run programs using the EC2 cloud, and then extract those items from a small amount of data, by its own software to carry out a side-channel attack. Security experts say the attack is that the researchers developed a slight, but they believe the side-channel techniques may result in cloud computing even more serious problem.

Many users have been reluctant to use regulatory issues, as cloud services - they need to have a better deal with the physical location of their data - but the side-channel research has brought a new set of problems, according to Kono loyalty, and the University of Washington, Assistant Professor of Computer Science Department. "It is these types of problems - the threat of the unknown - this will make many people hesitant to use the EC2 cloud service."

In the past, some side-channel attacks have been very successful. In 2001, researchers at the University of California, Berkeley, showed how they were able to extract password information from an encrypted SSH (Secure Shell) data stream by performing a statistical analysis of the way keyboard strokes generated traffic on the network.

University of California, and Massachusetts Institute of Technology researchers can not do, and complex, but they think their work in this field may open the door for future research. "A virtual machine is not all of the parties through various channels of the attacks prove that we have heard about for many years, said:" Stephen Savage, an associate professor with the University of California, San Diego, one of the authors of the paper.

Through the computer's memory cache of view, researchers were able to collect some of the time, in the same machine is using the keyboard to other users, for example, access to the computer using SSH terminal basic information. In their view, by measuring the keystrokes between them and eventually find out is on the use of Berkeley researchers in the same technology and equipment input time.

Savage and his co-author Thomas Ristenpart, Ellen, and Hovav Shacham Tromer can also measure the cache activities, such as the computer to perform a simple task of loading a specific page. In their view, this approach can be used to do, for instance, if the number of Internet users to access the server, and even their web pages to browse.

In order to make their work simple attacks, the researchers must not only figure out what EC2 on the machine running the program is that they attempted to attack, they must find a way to get it that particular program. This is not an easy task, as cloud computing, by definition, should make such information is not visible to the user as a.

However, the so-called do in-depth analysis of the DNS (Domain Name System), traffic and use of network monitoring tools, traceroute, researchers were able to develop a technology that allows them to exploit code to them the same opportunity to 40% server as its victims. EC2 on the attack on the cost of just a few dollars, Savage said.

The virtual machine can do a good job of operating systems and programs isolated from each other well, but there is always the opening of these side effects, system-on-channel attacks, sharing resources, says Alex Stamos, a security consulting firm iSEC Partners partners. "This will be a new a new class of errors, people will have to fixed in the next five years."

His company has the number of customers interested in cloud computing, but only if they can rest assured that no one else to share the same computer. "I guess the cloud computing providers will be pushed by the client to provide the physical machine."

Amazon was not ready to talk about side-channel attack on Thursday. "All of our safety requirements very seriously and are aware of the research," a spokesman said. "We are investigating and will release update our Security Center."