Uni-Logo
Sections
You are here: Home About Us News User information on ZombieLoad, Spectre and Meltdown in the bwCloud SCOPE and de.NBI
Document Actions

User information on ZombieLoad, Spectre and Meltdown in the bwCloud SCOPE and de.NBI

May 20, 2019 01:48 PM

The issues and security breaches caused by ZombieLoad, Spectre and Meltdown are also troubling the bwCloud SCOPE team. However, we are observing the developments first and waiting to see which security measures make sense, in order to continue to offer a high-performance operation-

ZombieLoad, Spectre and Meltdown don´t only affect the bwCloud SCOPE processors, but also the de.NBI Cloud compute nodes. The hardware equipment contains Intel as well as AMD nodes. The security breaches affect all processors, thus not only Intel, but also AMD nodes.

Ideas regarding the handling of potential secuirity issues in the bwCloud SCOPE at the Freiburg location:

The bwCloud SCOPE is a semi-private cloud – with definied user group – the main focus of which is to compute. bwCloud administrators take care of bwCloud SCOPE and de.NBI cloud infrastructures. The latter currently does not have any user VMs, but everything is moderated thorugh the Galaxy framework. bwCloud SCOPE users are bound to the terms and conditions of the cloud and their respective IT Services user agreements (https://www.bw-cloud.org/de/bwcloud_scope/terms_conditions), to which every user had to agree when booking a virtual resource.

Users should, as always, check: What „secrets“, such as keys, certificates, password files etc. are even on the cloud. The objective is to save as little of this type of data on there as possible. This also applies to any personal data or data that need extra care. Although, in the bwCloud SCOPE and in the de.NBI, certain users and user groups were assigned different dedicated nodes.

As soon as the security breach ZombieLoad was made public, the bwCloud SCOPE administration initiated various steps to secure a safe, but still high-performance operation. Further information regarding ZombieLoad can be found here https://www.heise.de/newsticker/meldung/Neue-Sicherheitsluecken-in-Intel-Prozessoren-ZombieLoad-4421217.html or here, directly: https://zombieloadattack.com/ to Meltdown and Spectre https://www.heise.de/thema/Meltdown-und-Spectre
 

Personal tools