Previous Page

Mulligan Security - 21 / 01 / 2025

How safe am I from my cloud provider?

Since the 2010's VPS have become cheaper and widely available. From your local mom and pop datacenter where you can rent a baremetal Pi equivalent to highly secured Amazon datacenters and on-demand cpu/bandwidth allocation you can now find a broad range of options for your operational and security needs.

If clandestinity is a requirement, there also are cryptocurrency-based options in jurisdictions without LEO cooperation treatises with your own.

But, what if the adversary is already inside?
in this post we are going to do a threat modelling exercise:

1. Context and assumptions: what are the capabilities of our adversary? what about our own OPSEC requirments?
2. Threats: what the adversary might want to acomplish (their goal)
3. Attack Scenarii: a quick list of possible attacks
4. Mitigation measures: what we can do to make those attack uneconomical, harder

Let's start with an image to visualize exactly what the trust and security boundaries are in such a setup

Context and assumptions

Setting up the scene

Alice wishes to start hosting a coordination platform for her activist group, but she doesn't want to host the platform herself for the following reasons:

• Shes does not want to have incriminating data in her house
• She is unable to provide the required level if high availability for her group's safety and operational standards
• She has limited bandwidth/electricity to devote to her cause

She gets in touch with Bob, owner and operator of Bob's friendly datacenter, and orders from him a VPS (Virtual Private Server). Bob's pretty open-minded so Alice is free to use whatever OS she wants, gets a public IP.

Enters Leo

One day Bob's phone rings, it's Leo calling! Leo asks Bob to confirm that he indeed has Alice as a customer. Without further ado, Leo pays Bob a visit! After entering the premises and showing a government agency badge, Leo asks for complete access to Bob's infrastructure and binds him with a gag order to make sure no one hears about his investigation. Even if Bob is sympathetic to Alice or wishes to protect his customers he would now run afoul of his country's laws if he were to warn them. Leo might have been nice to him but he is not to be trifled with...

Leo sets up shop

Commandeering an office in Bob's datacenter, Leo gets to work. He has plenty of options:

1. Network sniffing: Leo can capture and log ALL trafic related to Alice's activity inside Bob's datacenter, so he will know the IP of everyone interacting with her platform
2. Firmware/hardware attacks: during maintenance windows, Leo could tamper with the BIOS/UEFI of Alice's server (if she had chosen a bare-metal option), or with her server's storage devices in order to deactivate encryption or exfiltrate data unnoticed
3. Memory attacks: Leo is able to take snapshots of Alice's VPS RAM to gather information about her activities. If she had chosen a bare-metal server he could cut the power, extract and refrigerate the RAM sticks in order to retrieve the data, but such an attack would be very conspicuous

Alice's threat model

Alice is very happy with her new deployment. The platform runs great and her team has started using it in earnest. Still, the bond of implicit trust that now exists between her and Bob bothers here. She decides to do a quick threat modelling exercise to calm her mind: instead of wondering about whatifs, she is going to identify the risks associated with her current setup and find ways to mitigate them.

Threats to Confidentiality

If Bob was dishonest (or compelled into acting dishonestly), he would be able to harvest information directly from her server's memory! (She doesn't know Leo is already hard at work)

Impacted assets

• decryption keys (eg: her https private key, allowing for complete decryption of her team's traffic)
• sensitive data (ephemeral private messages on her forum that arer only kepy in RAM in an unencrypted form)
• software state (session cookies, metadata)

Bob could also use side-channel attacks by monitoring the underlying server's power usage or run cache timing attack to find the value of her cryptographic secret keys even if Bob's hardware allows her to store them in a dedicated secure chip!

Threats to integrity

Someone with Bob's level of access (he is the administrator of the hypervisor - the software that runs Alice's virtual server) could also:

• Run an evil maid attack: inject thir own code in the bootloader, in Alice's OS image or inside the hypervisor which Alice can't monitor
• Through the hypervisor, tamper with Alice's virtual machine to compromise it

Threats to availability

Having access to the physical layer of the network as well as the power grid feeding the servers, Bob could disrupt Alice's operations in the following way:

• Disconnect Alice's VM from the network
• Throttle Alice's network traffic
• Cut the power off to Alice's host server to perform a cold boot attack

VPS Attack scenarios

Live RAM extraction

Attack

Bob makes a RAM snapshot of the virtual machine. on a VPS it is very easy and can be done without notice.

Countermeasures

This one is very tricky and can't be addressed without renting a bare-metal server instead. Alice would need hardware that supports RAM encryption (such as AMD SEV and SME).

Malicious Libvirt or Xen Interception

Attack

Bob modifies the hypervisor's behavior to manipulate network, disk, or console input/output in real time. Can inject fake SSH authentication prompts or steal plaintext database queries before they reach encrypted storage.

Countermeasures

None, this would be undetectable from within the VPS.

Covert Persistent Backdoor via VMState Injection

Attack

Bob can embed custom logic in the hypervisor to modify the VPS state after every reboot, reinfecting it persistently. Similar to NSA’s DEITYBOUNCE attack, where malware implants are injected into firmware or hypervisor layers to reinfect systems post-wipe.

Countermeasures

Hardly any, if the modification has been done directly in the kernel and in such a way that disables rootkit-detection or other security systems then it can't be detected or mitigated

Conclusion

A VPS provides no privacy from a malicious cloud provider. If used, only encrypted data should transit/be stored in it and the decryption keys should never be present anywhere accessible by it.

Bare Metal Attack scenarios

Live RAM extraction

Attack

Bob powers down the serve hosting the vps and extracts its RAM, refrigerate it to analyze its contents

Countermeasures

Alice would need hardware that supports RAM encryption (such as AMD SEV and SME).

This attack is both costly and obvious as it requires the server to go offline. Alice's decides to accept the risk for now and reevaluate based on the evolving sensitivity of the data stored on her server.

BMC Exploitation

Attack

A malicious firmware update is deployed to the Baseboard Management Controller (BMC), providing stealthy persistent access and enabling future compromise of the OS or hypervisor.

Countermeasures

This attack has the same issue as the previous one and could be deployed during a schedule maintenance at Bob's datacenter. Ensuring a TPM is present on the motheboard and only signed firmware updates are accepted is a first step. This wouldn't protect her from a malicious update signed with a legitimate key as some government agency could deploy. Another, better option is to opt for a physical enclosure only she can access in the datacenter and be present during maintenance. Such enclosure would need to be monitored and trigger a server poweroff in case of breach.

Evil Maid Attack

Attack

With physical access to the server, a rogue technician could inject a rootkit into the UEFI to mainain persistance, running their code before the OS loads.

Countermeasures

A physically locked enclosure such as ones used by payment processors in their datacenters would greatly reduce the likelihood of this attack.

Conclusion

Following her analysis, Alice understands that having a VPS gives her no privacy from her cloud provider. That all of her traffic and data can easily be seen, copied or moved. She updates her risk analysis and changes her organization's SOPS so her team can have an appropriate behavior when using the services she hosts on this platform.

Organizational mitigations

• Use of codewords when discussing operations and people
• Use of onion services to protect the anonymity of her teammates when accessing her services
• Use of a separate server with higher security requirements for critical data