skip to main content
10.1145/3052973.3052978acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
research-article
Public Access

DoS Attacks on Your Memory in Cloud

Published: 02 April 2017 Publication History

Abstract

In cloud computing, network Denial of Service (DoS) attacks are well studied and defenses have been implemented, but severe DoS attacks on a victim's working memory by a single hostile VM are not well understood. Memory DoS attacks are Denial of Service (or Degradation of Service) attacks caused by contention for hardware memory resources on a cloud server. Despite the strong memory isolation techniques for virtual machines (VMs) enforced by the software virtualization layer in cloud servers, the underlying hardware memory layers are still shared by the VMs and can be exploited by a clever attacker in a hostile VM co-located on the same server as the victim VM, denying the victim the working memory he needs. We first show quantitatively the severity of contention on different memory resources. We then show that a malicious cloud customer can mount low-cost attacks to cause severe performance degradation for a Hadoop distributed application, and 38X delay in response time for an E-commerce website in the Amazon EC2 cloud. Then, we design an effective, new defense against these memory DoS attacks, using a statistical metric to detect their existence and execution throttling to mitigate the attack damage. We achieve this by a novel re-purposing of existing hardware performance counters and duty cycle modulation for security, rather than for improving performance or power consumption. We implement a full prototype on the OpenStack cloud system. Our evaluations show that this defense system can effectively defeat memory DoS attacks with negligible performance overhead.

References

[1]
Ab - the apache software foundation. http://httpd.apache.org/docs/2.2/programs/ab.html.
[2]
Amazon CloudWatch. https://aws.amazon.com/cloudwatch/.
[3]
Amazon virtual private cloud. https://aws.amazon.com/vpc/.
[4]
AMD architecture programmer's manual, volume 1: Application programming. http://support.amd.com/TechDocs/24592.pdf.
[5]
Google Stackdriver. https://cloud.google.com/stackdriver/.
[6]
Improving real-time performance by utilizing cache allocation technology. http://www.intel.com/content/www/us/en/communications/cache-allocation-technology-white-paper.html.
[7]
Intel 64 and IA-32 architectures software developer's manual, volume 3: System programming guide. http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html.
[8]
Magento: ecommerce software and ecommerce platform. http://www.magento.com/.
[9]
memtier benchmark. https://github.com/RedisLabs/memtier_benchmark.
[10]
Microsoft Azure Application Insights. https://azure.microsoft.com/en-us/services/application-insights/.
[11]
Sysbench: a system performance benchmark. https://launchpad.net/sysbench/.
[12]
Welcome to the httperf homepage. http://www.hpl.hp.com/research/linux/httperf/.
[13]
J. Ahn, C. Kim, J. Han, Y.-R. Choi, and J. Huh. Dynamic virtual machine scheduling in clouds for architectural shared resources. In USENIX Conference on Hot Topics in Cloud Computing, 2012.
[14]
S. Alarifi and S. D. Wolthusen. Robust coordination of cloud-internal denial of service attacks. In Intl. Conf. on Cloud and Green Computing, 2013.
[15]
H. S. Bedi and S. Shiva. Securing cloud infrastructure against co-resident DoS attacks using game theoretic defense mechanisms. In Intl. Conf. on Advances in Computing, Communications and Informatics, 2012.
[16]
H. Cook, M. Moreto, S. Bird, K. Dao, D. A. Patterson, and K. Asanovic. A hardware evaluation of cache partitioning to improve utilization and energy-efficiency while preserving responsiveness. In Intl. Symp. on Computer Architecture, 2013.
[17]
C. Delimitrou and C. Kozyrakis. Paragon: QoS-aware scheduling for heterogeneous datacenters. In Intl. Conf. on Architectural Support for Programming Languages and Operating Systems, 2013.
[18]
E. Ebrahimi, C. J. Lee, O. Mutlu, and Y. N. Patt. Fairness via source throttling: A configurable and high-performance fairness substrate for multi-core memory systems. In Architectural Support for Programming Languages and Operating Systems, 2010.
[19]
D. Grunwald and S. Ghiasi. Microarchitectural denial of service: Insuring microarchitectural fairness. In ACM/IEEE Intl. Symp. on Microarchitecture, 2002.
[20]
A. Gupta, J. Sampson, and M. B. Taylor. Quality time: A simple online technique for quantifying multicore execution efficiency. In IEEE Intl. Symp. on Performance Analysis of Systems and Software, 2014.
[21]
Q. Huang and P. P. Lee. An experimental study of cascading performance interference in a virtualized environment. SIGMETRICS Perf. Eval. Rev., 2013.
[22]
P. Jamkhedkar, J. Szefer, D. Perez-Botero, T. Zhang, G. Triolo, and R. B. Lee. A framework for realizing security on demand in cloud computing. In Conf. on Cloud Computing Technology and Science, 2013.
[23]
T. Kim, M. Peinado, and G. Mainar-Ruiz. Stealthmem: System-level protection against cache-based side channel attacks in the cloud. In USENIX Security Symp., 2012.
[24]
F. Liu, Y. Yarom, Q. Ge, G. Heiser, and R. B. Lee. Last-level cache side-channel attacks are practical. In IEEE Symp. on Security and Privacy, 2015.
[25]
H. Liu. A new form of DoS attack in a cloud and its avoidance mechanism. In ACM Workshop on Cloud Computing Security, 2010.
[26]
F. J. Massey Jr. The Kolmogorov-Smirnov test for goodness of fit. Journal of the American statistical Association, 1951.
[27]
T. Moscibroda and O. Mutlu. Memory performance attacks: Denial of memory service in multi-core systems. In USENIX Security Symp., 2007.
[28]
S. P. Muralidhara, L. Subramanian, O. Mutlu, M. Kandemir, and T. Moscibroda. Reducing memory interference in multicore systems via application-aware memory channel partitioning. In ACM/IEEE Intl. Symp. on Microarchitecture, 2011.
[29]
D. Novaković, N. Vasić, S. Novaković, D. Kostić, and R. Bianchini. Deepdive: Transparently identifying and managing performance interference in virtualized environments. In USENIX Conf. on Annual Technical Conference, 2013.
[30]
N. Poggi, D. Carrera, R. Gavalda, and E. Ayguade. Non-intrusive estimation of QoS degradation impact on e-commerce user satisfaction. In IEEE Intl. Symp. on Network Computing and Applications, 2011.
[31]
T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In ACM Conf. on Computer and Communications Security, 2009.
[32]
V. Varadarajan, T. Kooburat, B. Farley, T. Ristenpart, and M. M. Swift. Resource-freeing attacks: Improve your cloud performance (at your neighbor's expense). In ACM Conf. on Computer and Communications Security, 2012.
[33]
V. Varadarajan, Y. Zhang, T. Ristenpart, and M. Swift. A placement vulnerability study in multi-tenant public clouds. In USENIX Security Symp., 2015.
[34]
D. H. Woo and H.-H. S. Lee. Analyzing performance vulnerability due to resource denial-of-service attack on chip multiprocessors. In Workshop on Chip Multiprocessor Memory Systems and Interconnects, 2007.
[35]
Z. Wu, Z. Xu, and H. Wang. Whispers in the hyper-space: High-speed covert channel attacks in the cloud. In USENIX Security Symp., 2012.
[36]
Y. Xu, M. Bailey, F. Jahanian, K. Joshi, M. Hiltunen, and R. Schlichting. An exploration of L2 cache covert channels in virtualized environments. In ACM Workshop on Cloud computing security, 2011.
[37]
Z. Xu, H. Wang, and Z. Wu. A measurement study on co-residence threat inside the cloud. In USENIX Security Symp., 2015.
[38]
H. Yang, A. Breslow, J. Mars, and L. Tang. Bubble-flux: Precise online QoS management for increased utilization in warehouse scale computers. In ACM Intl. Symp. on Computer Architecture, 2013.
[39]
T. Zhang and R. B. Lee. CloudMonatt: An architecture for security health monitoring and attestation of virtual machines in cloud computing. In ACM Intl. Symp. on Computer Architecture, 2015.
[40]
X. Zhang, S. Dwarkadas, and K. Shen. Hardware execution throttling for multi-core resource management. In USENIX Annual Technical Conference, 2009.
[41]
X. Zhang, E. Tune, R. Hagmann, R. Jnagal, V. Gokhale, and J. Wilkes. CPI2: Cpu performance isolation for shared compute clusters. In ACM European Conf. on Computer Systems, 2013.
[42]
Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Cross-VM side channels and their use to extract private keys. In ACM Conf. on Computer and Communications Security, 2012.
[43]
Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Cross-tenant side-channel attacks in PaaS clouds. In ACM Conf. on Computer and Communications Security, 2014.
[44]
Y. Zhang, M. A. Laurenzano, J. Mars, and L. Tang. Smite: Precise QoS prediction on real-system smt processors to improve utilization in warehouse scale computers. In IEEE/ACM Intl. Symp. on Microarchitecture, 2014.
[45]
F. Zhou, M. Goel, P. Desnoyers, and R. Sundaram. Scheduler vulnerabilities and coordinated attacks in cloud computing. In IEEE Intl. Symp. on Network Computing and Applications, 2011.
[46]
S. Zhuravlev, S. Blagodurov, and A. Fedorova. Addressing shared resource contention in multicore processors via scheduling. In Intl. Conf. on Architectural Support for Programming Languages and Operating Systems, 2010.

Cited By

View all
  • (2025)A Survey of DDoS Attack and Defense Technologies in Multiaccess Edge ComputingIEEE Internet of Things Journal10.1109/JIOT.2024.349089712:2(1428-1452)Online publication date: 15-Jan-2025
  • (2024)Empirical observation of Execution Throttling as MQTT Broker defense against Memory Denial of Service AttacksProceedings of the 13th Latin-American Symposium on Dependable and Secure Computing10.1145/3697090.3699870(184-187)Online publication date: 26-Nov-2024
  • (2024)An Empirical Study of Performance Interference: Timing Violation Patterns and Impacts2024 IEEE 30th Real-Time and Embedded Technology and Applications Symposium (RTAS)10.1109/RTAS61025.2024.00033(320-333)Online publication date: 13-May-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security
April 2017
952 pages
ISBN:9781450349444
DOI:10.1145/3052973
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 April 2017

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. DoS attack
  2. cloud computing
  3. memory resource

Qualifiers

  • Research-article

Funding Sources

Conference

ASIA CCS '17
Sponsor:

Acceptance Rates

ASIA CCS '17 Paper Acceptance Rate 67 of 359 submissions, 19%;
Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)146
  • Downloads (Last 6 weeks)10
Reflects downloads up to 19 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2025)A Survey of DDoS Attack and Defense Technologies in Multiaccess Edge ComputingIEEE Internet of Things Journal10.1109/JIOT.2024.349089712:2(1428-1452)Online publication date: 15-Jan-2025
  • (2024)Empirical observation of Execution Throttling as MQTT Broker defense against Memory Denial of Service AttacksProceedings of the 13th Latin-American Symposium on Dependable and Secure Computing10.1145/3697090.3699870(184-187)Online publication date: 26-Nov-2024
  • (2024)An Empirical Study of Performance Interference: Timing Violation Patterns and Impacts2024 IEEE 30th Real-Time and Embedded Technology and Applications Symposium (RTAS)10.1109/RTAS61025.2024.00033(320-333)Online publication date: 13-May-2024
  • (2024)Evaluation of time-based virtual machine migration as moving target defense against host-based attacksJournal of Systems and Software10.1016/j.jss.2024.112222(112222)Online publication date: Sep-2024
  • (2024)CarePlus: A general framework for hardware performance counter based malware detection under system resource competitionComputers & Security10.1016/j.cose.2024.103884143(103884)Online publication date: Aug-2024
  • (2023)Attacks are forwardedProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620658(7517-7534)Online publication date: 9-Aug-2023
  • (2023)A Security Survey of NFV: From Causes to Practices2023 3rd International Conference on Consumer Electronics and Computer Engineering (ICCECE)10.1109/ICCECE58074.2023.10135454(624-628)Online publication date: 6-Jan-2023
  • (2022)GringottsProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560629(2627-2641)Online publication date: 7-Nov-2022
  • (2022)A Study on the Impact of Memory DoS Attacks on Cloud Applications and Exploring Real-Time Detection SchemesIEEE/ACM Transactions on Networking10.1109/TNET.2022.314489530:4(1644-1658)Online publication date: Aug-2022
  • (2022)Understanding the Security Implication of Aborting Virtual Machine Live MigrationIEEE Transactions on Cloud Computing10.1109/TCC.2020.298290010:2(1275-1286)Online publication date: 1-Apr-2022
  • Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media