Detecting co-residency with active traffic analysis techniques

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2012, Pages 1-12

  Bates, Adam ^a   Mood, Benjamin ^a   Pletcher, Joe ^a   Pruse, Hannah ^a   Valafar, Masoud ^a   Butler, Kevin ^a  

^a UNIVERSITY OF OREGON   (United States)

Author keywords

Cloud Security; Covert Channel; Traffic Analysis

Indexed keywords

CLOUD PROVIDERS; COVERT CHANNELS; CUSTOMER INFORMATION; DESIGN OF HARDWARES; HARDWARE CONFIGURATIONS; HYPERVISOR; LOAD MEASUREMENTS; NETWORK FLOWS; PHYSICAL RESOURCES; SIDE-CHANNEL; SYSTEM LOADS; THIRD PARTIES; TRAFFIC ANALYSIS; TRAFFIC-ANALYSIS TECHNIQUES; UNIVERSITY OF OREGON; VIRTUAL MACHINES; VIRTUALIZATIONS;

CLOUD COMPUTING; HARDWARE;

WATERMARKING;

EID: 84869782980     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2381913.2381915     Document Type: Conference Paper

References (47)

1. Amazon EC2 Service Level Agreement. http://aws.amazon.com/ec2-sla/.
2. Amazon. Amazon Elastic Compute Cloud (EC2). http://aws.amazon.com/ec2/.
3. M. Armbrust, A. Fox, R. Griffith, A. Joseph, R. Katz, et al. Above the Clouds: A Berkeley View of Cloud Computing. Technical Report UCB/EECS-2009-28, University of California, Berkeley, 2009.
4. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the Art of Virtualization. In Proc. 19th ACM Symp. on Operating Systems Principles, SOSP '03, pages 164-177, New York, NY, USA, 2003. ACM.
5. A. Blum, D. Song, and S. Venkataraman. Detection of interactive stepping stones: Algorithms and confidence bounds. Proc. Recent Advances in Intrusion Detection (RAID), 2004.
6. K. D. Bowers, M. van Dijk, A. Juels, A. Oprea, and R. L. Rivest. How to Tell if Your Cloud Files Are Vulnerable to Drive Crashes. In CCS '11: Proc. 18th ACM Conf. on Computer and Communications Security, pages 501-514, Chicago, IL, USA, 2011.
7. J. Brodkin. VMware confirms source code leak, LulzSec-affiliated hacker claims credit. http://arstechnica.com/business/news/2012/04/vmware-confirms- sourcecode-leak-lulzsec-affiliated-hackerclaims-credit.ars.
8. S. Cabuk, C. E. Brodley, and C. Shields. Ip covert timing channels: design and detection. In Proc. 11th ACM conference on Computer and communications security, CCS '04, pages 178-187, New York, NY, USA, 2004. ACM.
9. S. Cabuk, C. E. Brodley, and C. Shields. IP Covert Channel Detection. ACM Transactions on Information and System Security (TISSEC), 12(4), Apr. 2009.
10. S. Chinni and R. Hiremane. Virtual Machine Device Queues. White paper, Intel Corporation, 2007.
11. B. Coskun and N. Memon. Online sketching of network flows for real-time stepping-stone detection. In Proc. 2009 Annual Computer Security Applications Conf., ACSAC '09, pages 473-483, Washington, DC, USA, 2009. IEEE Computer Society.
12. CVE-2007-4993. pygrub (tools/pygrub/src/grubconf.py) in xen 3.0.3. http://cve.mitre.org/cgibin/cvename.cgi?name=CVE-2007-4993.
13. CVE-2007-5497. Multiple integer overflows in libext2fs. http://cve.mitre.org/cgibin/cvename.cgi?name=CVE-2007-5497.
14. CVE-2010-2240. The doanonymouspage function in mm/memory.c. http://cve.mitre.org/cgibin/cvename.cgi?name=CVE-2010-2240.
15. Y. Dong, Z. Yu, and G. Rose. SR-IOV Networking in Xen: Architecture, Design and Implementation. In Proc. First Conf. on I/O Virtualization, WIOV'08, page 10, Berkeley, CA, USA, 2008. USENIX Association.
16. S. Gamage, A. Kangarlou, R. R. Kompella, and D. Xu. Opportunistic Flooding to Improve TCP Transmit Performance in Virtualized Clouds. In Proc. 2nd ACM Symp. on Cloud Computing, SOCC '11, pages 1-14, New York, NY, USA, 2011. ACM.
17. S. Gianvecchio and H. Wang. Detecting covert timing channels: an entropy-based approach. In Proc. 14th ACM conference on Computer and communications security (CCS'07), Alexandria, VA, USA, 2007.
18. D. Gupta, L. Cherkasova, R. Gardner, and A. Vahdat. Enforcing Performance Isolation Across Virtual Machines in Xen. In In Middleware, 2006.
19. I. Habib. Virtualization with KVM. Linux Journal, Feb. 2008.
20. A. Houmansadr and N. Borisov. SWIRL: A Scalable Watermark to Detect Correlated Network Flows. In Proc. 18th ISOC Symp. on Network and Distributed Systems Security (NDSS '11), San Diego, CA, USA, Feb. 2011.
21. A. Houmansadr, N. Kiyavash, and N. Borisov. RAINBOW: A Robust and Invisible Non-Blind Watermark for Network Flows. In Proc. 16th Network and Distributed System Security Symp. (NDSS'09), February 2009.
22. E. Keller, J. Szefer, J. Rexford, and R. B. Lee. Eliminating the Hypervisor Attack Surface for a More Secure Cloud. In Proc. ACM Conf. on Computer and Communications Security (CCS'11), Oct. 2011.
23. G. Keramidas, A. Antonopoulos, D. Serpanos, and S. Kaxiras. Non Deterministic Caches: A Simple and Effective Defense Against Side Channel Attacks. Design Automation for Embedded Systems, pages 221-230, 2008.
24. N. Kiyavash, A. Houmansadr, and N. Borisov. Multi-flow Attacks Against Network Flow Watermarking Schemes. In Proc. 17th USENIX Security Symp., San Jose, CA, 2008.
25. P. Kutch. PCI-SIG SR-IOV Primer. Technical report, Intel Corporation, 2011.
26. A. M. Law and D. W. Kelton. Simulation Modeling and Analysis. McGraw-Hill Higher Education, 2000.
27. X. Luo, E. Chan, and R. Chang. Cloak: A Ten-Fold Way for Reliable Covert Communications. In Proc. European Symp. on Research in Computer Security ESORICS, 2007.
28. X. Luo, J. Zhang, R. Perdisci, and W. Lee. On the Secrecy of Spread-Spectrum Flow Watermarks. In Proc. European Symp. on Research in Computer Security ESORICS. 2010.
29. X. Luo, P. Zhou, J. Zhang, R. Perdisci, W. Lee, and R. K. C. Chang. Exposing Invisible Timing-based Traffic Watermarks with BACKLIT. In Proc. 27th Ann. Comp. Sec. Applications Conf., ACSAC '11, Orlando, FL, USA, Dec. 2011.
30. J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig. TrustVisor: Efficient TCB Reduction and Attestation. In Proc. 2010 IEEE Symp. on Security and Privacy, Oakland, CA, USA, May 2010.
31. S. Murdoch and G. Danezis. Low-Cost Traffic Analysis of Tor. In Proc. 2005 IEEE Symp. on Security and Privacy, Oakland, CA, USA, May 2005.
32. K. Okamura and Y. Oyama. Load-based covert channels between Xen virtual machines. In Proc. 2010 ACM Symp. on Applied Computing, SAC '10, Sierre, Switzerland, 2010.
33. P. Peng, P. Ning, and D. S. Reeves. On the Secrecy of Timing-Based Active Watermarking Trace-Back Techniques. In Proc. 2006 IEEE Symp. on Security and Privacy, Oakland, CA, USA, 2006.
34. A. N. Pettitt and M. A. Stephens. The Kolmogorov-Smirnov Goodness-of-Fit Statistic with Discrete and Grouped Data. Technometrics, 19(2):205-210, 1977.
35. H. Raj, R. Nathuji, A. Singh, and P. England. Resource Management for Isolation Enhanced Cloud Services. In Proc. 2009 ACM Workshop on Cloud Computing Security, CCSW '09, Chicago, IL, USA, 2009.
36. K. K. Ram, J. R. Santos, Y. Turner, A. L. Cox, A. L. Cox, and S. Rixner. Achieving 10 Gb/s using Xen Para-virtualized Network Drivers. Xen Summit, Febuary 2009.
37. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. In CCS'09: Proc. 16th ACM Conf. on Computer and Communications Security, Chicago, IL, USA, October 2009.
38. J. Schad, J. Dittrich, and J.-A. Quiané-Ruiz. Runtime Measurements in the Cloud: Observing, Analyzing, and Reducing Variance. Proc. VLDB Endowment, 3(1-2):460-471, Sept. 2010.
39. A. Seshadri, M. Luk, N. Qu, and A. Perrig. SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. In SOSP'07: Proc. 21st ACM Symp. on Operating Systems Principles, Stevenson, WA, USA, 2007.
40. W. R. Stevens. TCP/IP illustrated (vol. 1): the protocols. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 1993.
41. VMSA-2008-0008. Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion Resolve Critical Security Issues. http://www.vmware.com/security/ advisories/VMSA-2008-0008.html.
42. X. Wang, S. Chen, and S. Jajodia. Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems. In Proc. 2007 IEEE Symp. on Security and Privacy, Oakland, CA, USA, May 2007.
43. X. Wang and D. S. Reeves. Robust Correlation of Encrypted Attack Traffic Through Stepping Stones by Manipulation of Interpacket Delays. In Proc. 10th ACM conference on Computer and communications security, CCS '03, pages 20-29, New York, NY, USA, 2003. ACM.
44. J. Whiteaker, F. Schneider, and R. Teixeira. Explaining Packet Delays Under Virtualization. SIGCOMM Computer and Communication Review, pages 38-44, 2011.
45. Y. Xu, M. Bailey, F. Jahanian, K. Joshi, M. Hiltunen, and R. Schlichting. An Exploration of L2 Cache Covert Channels in Virtualized Environments. In Proc. 3rd ACM Workshop on Cloud Computing Security (CCSW'11), Nov. 2011.
46. W. Yu, X. Fu, S. Graham, D. Xuan, and W. Zhao. DSSS-Based Flow Marking Technique for Invisible Traceback. In Proc. 2007 IEEE Symp. on Security and Privacy, May 2007.
47. Y. Zhang, A. Juels, A. Oprea, and M. Reiter. HomeAlone: Co-Residency Detection in the Cloud via Side-Channel Analysis. In Proc. 2011 IEEE Symp. on Security and Privacy, Berkeley, CA, USA, May 2011.