Thomas Ristenpart
Stefan Savage
ABSTRACT
Third-party cloud computing represents the promise of outsourcing as applied to computation. Services, such as Microsoft's Azure and Amazon's EC2, allow users to instantiate virtual machines (VMs) on demand and thus purchase precisely the capacity they require when they require it. In turn, the use of virtualization allows third-party cloud providers to maximize the utilization of their sunk capital costs by multiplexing many customer VMs across a shared physical infrastructure. However, in this paper, we show that this approach can also introduce new vulnerabilities. Using the Amazon EC2 service as a case study, we show that it is possible to map the internal cloud infrastructure, identify where a particular target VM is likely to reside, and then instantiate new VMs until one is placed co-resident with the target. We explore how such placement can then be used to mount cross-VM side-channel attacks to extract information from a target VM on the same machine.
- O. Ac1içmez, Ç. Kaya Koç, and J.P. Seifert. On the power of simple branch prediction analysis. IACR Cryptology ePrint Archive, report 2006/351, 2006.Google Scholar
- O. Ac1içmez, Ç. Kaya Koç, and J.P. Seifert. Predicting secret keys via branch prediction. RSA Conference Cryptographers Track - CT-RSA '07, LNCS vol. 4377, pp. 225--242, Springer, 2007. Google ScholarDigital Library
- O. Ac1içmez. Yet another microarchitectural attack: exploiting I-cache. IACR Cryptology ePrint Archive, report 2007/164, 2007.Google Scholar
- O. Ac1içmez, and J.P. Seifert. Cheap hardware parallelism implies cheap security. Workshop on Fault Diagnosis and Tolerance in Cryptography - FDTC '07, pp. 80--91, IEEE, 2007. Google ScholarDigital Library
- Amazon Elastic Compute Cloud (EC2). http://aws.amazon.com/ec2/Google Scholar
- Amazon Web Services. Auto-scaling Amazon EC2 with Amazon SQS. http://developer.amazonwebservices.com/connect/entry.jspa?externalID=1464.Google Scholar
- Amazon Web Services. Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services. White paper, http://awsmedia.s3.amazonaws.com/AWS_HIPAA_Whitepaper_Final.pdf, April 2009.Google Scholar
- Amazon Web Services. Customer Agreement. http://aws.amazon.com/agreement/Google Scholar
- P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. SOSP '03: Proceedings of the nineteenth ACM symposium on Operating systems principles, 2003. Google ScholarDigital Library
- D. Bernstein. Cache-timing attacks on AES. Preprint available at http://cr.yp.to/papers.html#cachetiming, 2005.Google Scholar
- DentiSoft. http://www.dentisoft.com/index.aspGoogle Scholar
- D. Grunwald and S. Ghiasi. Microarchitectural denial of service: Insuring microarchitectural fairness. International Symposium on Microarchitecture - MICRO '02, pp. 409--418, IEEE, 2002. Google ScholarDigital Library
- D. Hyuk Woo and H.H. Lee. Analyzing performance vulnerability due to resource denial of service attack on chip multiprocessors. Workshop on Chip Multiprocessor Memory Systems and Interconnects, 2007.Google Scholar
- W-H. Hu, Reducing timing channels with fuzzy time. IEEE Symposium on Security and Privacy, pp. 8--20, 1991.Google ScholarCross Ref
- W-H. Hu, Lattice scheduling and covert channels. IEEE Symposium on Security and Privacy, 1992 Google ScholarDigital Library
- P. Karger and J. Wray. Storage channels in disk arm optimization. IEEE Symposium on Security and Privacy, pp. 52--56, IEEE, 1991.Google ScholarCross Ref
- O. Kerr. Cybercrime's scope: Interpreting 'access' and 'authorization' in computer misuse statutes. NYU Law Review, Vol. 78, No. 5, pp. 1596--1668, November 2003.Google Scholar
- M. Krohn, A. Yip, M. Brodsky, N. Cliffer, M. F. Kaashoek, E. Kohler, and R. Morris. Information flow control for standard OS abstractions. ACM Symposium on Operating Systems Principles (SOSP), 2007. Google ScholarDigital Library
- M. Krohn, and E. Tromer. Non-Interference for a Practical DIFC-Based Operating System. IEEE Symposium on Security and Privacy, 2009. Google ScholarDigital Library
- Microsoft Azure Services Platform. http://www.microsoft.com/azure/default.mspxGoogle Scholar
- T. Moscibroda and O. Mutlu. Memory Performance Attacks: Denial of Memory Service in Multi-Core Systems. USENIX Security Symposium, pp. 257--274, 2007. Google ScholarDigital Library
- D. A. Osvik, A. Shamir, and E. Tromer. Cache attacks and countermeasures: the case of AES. RSA Conference Cryptographers Track (CT-RSA) 2006, 2006. Google ScholarDigital Library
- D. Page. Theoretical use of cache memory as a cryptanalytic side-channel. Technical report CSTR-02-003, Department of Computer Science, University of Bristol, 2002. Available at http://www.cs.bris.ac.uk/Publications/pub_info.jsp?id=1000625.Google Scholar
- D. Page. Defending against cache-based side-channel attacks. Information Security Technial Report, vol. 8 issue. 8, 2003Google ScholarCross Ref
- D. Page. Partitioned cache architecture as a side-channel defence mechanism. IACR Cryptology ePrint Archive, report 2005/280, 2005.Google Scholar
- C. Percival. Cache missing for fun and profit BSDCan 2005, Ottawa, 2005.Google Scholar
- Rackspace Mosso. http://www.mosso.com/Google Scholar
- RightScale. http://rightscale.com/Google Scholar
- rPath. http://www.rpath.comGoogle Scholar
- scalr. http://code.google.com/p/scalr/Google Scholar
- D. Song, D. Wagner, and X. Tian. Timing analysis of keystrokes and SSH timing attacks. 10th USENIX Security Symposium, 2001. Google ScholarDigital Library
- E. Tromer, D. A. Osvik, and A. Shamir. Efficient cache attacks on AES, and countermeasures. Journal of Cryptology, available online, July 2009. Google ScholarDigital Library
- Xen 3.0 Interface Manual. Available at http://wiki.xensource.com/xenwiki/XenDocs.Google Scholar
- N. B. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Maziàres. Making information flow explicit in HiStar. Symposium on Operating Systems Design and Implementation (OSDI), 2006 Google ScholarDigital Library
Index Terms
- Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Recommendations
CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization
SOSP '11: Proceedings of the Twenty-Third ACM Symposium on Operating Systems PrinciplesMulti-tenant cloud, which usually leases resources in the form of virtual machines, has been commercially available for years. Unfortunately, with the adoption of commodity virtualized infrastructures, software stacks in typical multi-tenant clouds are ...
Cloud in cloud: approaches and implementations
SIGITE '10: Proceedings of the 2010 ACM conference on Information technology educationFacilitated by the development of virtual machine (VM) technology, distributed computing and high-speed internet, cloud computing has been gradually adopted in industry and in education to deliver on-demand services and applications remotely. In this ...
A Framework for Realizing Security on Demand in Cloud Computing
CLOUDCOM '13: Proceedings of the 2013 IEEE International Conference on Cloud Computing Technology and Science - Volume 01In this paper we present our vision for Security on Demand in cloud computing: a system where cloud providers can offer customized security for customers' code and data throughout the term of contract. Security on demand enables security-focussed ...
Comments