0

So some cloud service providers like Amazon use custom hardware to improve different characteristics of their servers. This also means they can control the security better, because there is nothing hidden inside their silicon since they made it. But as a consumer, you don't know if AWS itself could have hardware or firmware on these custom servers for doing stuff with your application/processes.

What I'm wondering is what you can do purely from the motherboard or server / hardware level. The types of things that can be injected directly into the circuit design or the design of some other random hardware component that you would never be able to tell from an application-layer perspective. Wondering what can be done from here.

For clarification on the types of things I am looking for, here is an example. I don't know too much about the electronics of how networking and wifi work, but maybe there is a way to add some chunk of invisible hardware that sends every instruction and 1 and 0 out to a specific local ip address or something, and then from there you could simply build applications around that to log all traffic to every server. Basically, you could know how every program is run. Wondering if this type of stuff is possible at the hardware level, or if you need more operating-system level stuff to accomplish this.

Lance
  • 588
  • 5
  • 16
  • 1
    They didn't make 100% of it. It's not like they own their own fab. – forest Dec 18 '18 at 11:23
  • Also, computers process billions of instructions per second. There's no way it could all be exported real-time. But hardware (or firmware) could absolutely spy on the underlying operating system. – forest Dec 18 '18 at 11:28
  • Cloud service providers do not need to build custom hardware or be "invisible". They can just simply copy traffic that is running across their network. This is standard functionality of networking hardware. – schroeder Dec 18 '18 at 11:53

1 Answers1

2

Amazon can do absolutely anything they want with custom hardware. Make copies of your passwords before you get a chance to hash them? Sure. Send every credit-card number they see to the Russian Mafia? Sure. Corrupt the results of your scientific-computing effort, then publish a paper with the real results before you get a chance? Sure. It's all a question of how much effort they're willing to put into it.

From the 10 Immutable Laws of Security:

Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore

With cloud computing, it was never your computer to begin with.

Mark
  • 34,390
  • 9
  • 85
  • 134