2012
04.27

Every now and then I hear someone complaining about how long it takes to create a fixed VHD/VHDX.  There’s a very good reason, as this story on NetworkWorld shows:

A forensic IT study by a U.K. security consultancy found that some multi-tenant public cloud providers have "dirty disks" that are not fully wiped clean after each use by a customer, leaving potentially sensitive data exposed to other users.

FYI, AFAIK most of the mentioned companies are using some variant of Xen or vSphere.  The issue here is that Customer A buys a VM and uses it to store data in a virtual disk.  That virtual disk is a file that is stored on physical disk.  Customer A eventually decommissions the VM or their storage is relocated.  Now think about what a delete really is; it’s not a secure delete.  Deleting a file simply removes the entries from the file system table.  The 1’s and 0’s are still there, waiting to be read.

Now along comes Hacker B who buys a VM and deploys it.  Their VHD is placed over the same location of physical disk as Customer A’s old VM.  Without any security measures, Hacker B can simply run a disk scan tool, from within their VM, and find those 1’s and 0’s, pretty much doing some disk forensics to restore the “deleted” data that Customer A previously stored in their VM.  And that’s exactly what that study found was possible with a number of public cloud providers:

… Rackspace and VSP.net had the vulnerability.

The Microsoft developers VHD/VHDX were aware of this and took measures to prevent it.  When you create a VHD/VHDX it securely wipes the contents of the file as it is created.  This prevents access to data that was previously on the underlying physical disk.  Disk forensics will get you nowhere.

A number of 3rd party tools are out there to instantly create fixed VHDs but they fail to implement this secure wipe so the process can be speeded up, thus putting the hosting company at risk of this threat.  In this case, it is a matter of balancing a genuine security risk (especially in a public cloud) versus performance (of deploying new virtual machine storage while the customer watches a progress bar on a web portal).

The story continues to report that the mentioned affected hosting companies resolved the issue after they were informed.

1 comment so far

Add Your Comment
  1. Creating a secure .vhdx disk makes sense in many cases, but no sense in others. If I’m creating a .vhdx on a new server, I shouldn’t have to sit and wait for hours while the disk is created. There should be an option (the same way you have the option to quick format a disk) to create a .vhdx quickly. Just my two cents.

Get Adobe Flash player