| Most standard security practices of computer systems are based on assumptions that, while true for physical machines, don't translate into the domain of virtualized machines. This work explores the security weaknesses of Cloud computing hosts in regard to services that require a good source of cryptographically strong random numbers. Because of Cloud computers reliance on virtualization, access to hardware RNG sources are restricted, and virtualization can have unforeseen effects on OS entropy sources.;In this thesis, two types of attacks on random number generation are studied and a Cloud Entropy Management System is proposed. One attack is based on depleting a shared entropy pool; the other is based on poisoning the entropy pool of a Cloud computer instance by exploiting OS entropy generation mechanisms. Through experimental study, it is verified that there are measurable problems with entropy in Cloud instances, and a management system is introduced that effectively solves them. |
