Cloudoscopy: Services discovery and topology mapping

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2013, Pages 113-122

  Herzberg, Amir ^a   Shulman, Haya ^b   Ullrich, Johanna ^c   Weippl, Edgar ^c  

^a BAR ILAN UNIVERSITY   (Israel)

^b DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

^c SBA Research GGmbH   (Austria)

Author keywords

cloud mapping; cloud security; cloud tomography; low rate attacks; socket overloading

Indexed keywords

CLOUD SECURITIES; DENIAL OF SERVICE; EXPERIMENTAL VALIDATIONS; LOW RATES; SENSITIVE INFORMATIONS; SERVICES DISCOVERY; SOCKET OVERLOADING; TOPOLOGY MAPPING;

SECURITY OF DATA;

CLOUD COMPUTING;

EID: 84889069721     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2517488.2517491     Document Type: Conference Paper

References (50)

1. O. Aciiçmez, B. B. Brumley, and P. Grabher. New results on instruction cache attacks. In Cryptographic Hardware and Embedded Systems, CHES 2010, pages 110-124. Springer, 2010.
2. H. Ballani, K. Jang, T. Karagiannis, C. Kim, D. Gunawardena, and G. O'Shea. Chatty tenants and the cloud network sharing problem. In Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation, pages 171-184. USENIX Association, 2013.
3. A. Bates, B. Mood, J. Pletcher, H. Pruse, M. Valafar, and K. Butler. Detecting co-residency with active traffic analysis techniques. In Proceedings of the 2012 ACM Workshop on Cloud computing security workshop, pages 1-12. ACM, 2012.
4. M. Ben-Yehuda, M. D. Day, Z. Dubitzky, M. Factor, N. Har'El, A. Gordon, A. Liguori, O. Wasserman, and B.-A. Yassour. The turtles project: Design and implementation of nested virtualization. In OSDI, volume 10, pages 423-436, 2010.
5. K. D. Bowers, M. van Dijk, A. Juels, A. Oprea, and R. L. Rivest. How to tell if your cloud files are vulnerable to drive crashes. In Proceedings of the 18th ACM conference on Computer and communications security, pages 501-514. ACM, 2011.
6. S. Bugiel, S. Nürnberger, A.-R. Sadeghi, and T. Schneider. Twin clouds: An architecture for secure cloud computing. In Workshop on Cryptography and Security in Clouds (WCSC 2011), 2011.
7. P. Chen, D. Xu, and B. Mao. Clouder: a framework for automatic software vulnerability location and patching in the cloud. In Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, pages 50-50. ACM, 2012.
8. R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka, and J. Molina. Controlling data in the cloud: outsourcing computation without outsourcing control. In Proceedings of the 2009 ACM workshop on Cloud computing security, pages 85-90. ACM, 2009.
9. A. Coates, A. O. Hero III, R. Nowak, and B. Yu. Internet tomography. Signal Processing Magazine, IEEE, 19(3):47-65, 2002.
10. S. De Capitani di Vimercati, S. Foresti, and P. Samarati. Managing and accessing data in the cloud: Privacy risks and approaches. In Risk and Security of Internet and Systems (CRiSIS), 2012 7th International Conference on, pages 1-9. IEEE, 2012.
11. P. Gasti, G. Ateniese, and M. Blanton. Deniable cloud storage: sharing files via public-key deniability. In Proceedings of the 9th annual ACM workshop on Privacy in the electronic society, pages 31-42. ACM, 2010.
12. D. Gullasch, E. Bangerter, and S. Krenn. Cache games-bringing access-based cache attacks on aes to practice. In Security and Privacy (SP), 2011 IEEE Symposium on, pages 490-505. IEEE, 2011.
13. A. Herzberg and H. Shulman. Stealth DoS attacks on secure channels. In Proc. Symp. on Network and Distributed Systems Security (NDSS '10), San Diego, CA, Feb. 2010. Internet Society.
14. A. Herzberg and H. Shulman. Socket Overloading for Fun and Cache-Poisoning. In Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC). ACM, 2013.
15. A. Juels and A. Oprea. New approaches to security and availability for cloud data. Communications of the ACM, 56(2):64-73, 2013.
16. S. Kamara and K. Lauter. Cryptographic cloud storage. In Financial Cryptography and Data Security, pages 136-149. Springer, 2010.
17. P. A. Karger and D. R. Safford. I/O for Virtual Machine Monitors: Security and Performance Issues. IEEE Security & Privacy, 6(5):16-23, 2008.
18. A. D. Keromytis, R. Geambasu, S. Sethumadhavan, S. J. Stolfo, J. Yang, A. Benameur, M. Dacier, M. Elder, D. Kienzle, and A. Stavrou. The meerkats cloud security architecture. In Distributed Computing Systems Workshops (ICDCSW), 2012 32nd International Conference on, pages 446-450. IEEE, 2012.
19. B. H. Kim, W. Huang, and D. Lie. Unity: secure and durable personal cloud storage. In Proceedings of the 2012 ACM Workshop on Cloud computing security workshop, pages 31-36. ACM, 2012.
20. S. R. Kleiman. Apparatus and method for interrupt handling in a multi-threaded operating system kernel, May 7 1996. US Patent 5,515,538.
21. E. Kohler, R. Morris, B. Chen, J. Jannotti, and M. F. Kaashoek. The click modular router. ACM Transactions on Computer Systems (TOCS), 18(3):263-297, 2000.
22. A. Kuzmanovic and E. W. Knightly. Low-Rate TCP-Targeted Denial of Service Attacks: the Shrew vs. the Mice and Elephants. In SIGCOMM, pages 75-86, New York, NY, USA, 2003. ACM.
23. S. Larsen, P. Sarangam, R. Huggahalli, and S. Kulkarni. Architectural breakdown of end-to-end latency in a tcp/ip network. International Journal of Parallel Programming, 37(6):556-571, 2009.
24. R. B. Lee. Hardware-enhanced access control for cloud computing. In Proceedings of the 17th ACM symposium on Access Control Models and Technologies, pages 1-2. ACM, 2012.
25. J. Liu. Evaluating standard-based self-virtualizing devices: A performance study on 10 gbe nics with sr-iov support. In Parallel & Distributed Processing (IPDPS), 2010 IEEE International Symposium on, pages 1-12. IEEE, 2010.
26. D. A. Osvik, A. Shamir, and E. Tromer. Cache attacks and countermeasures: the case of aes. In Topics in Cryptology-CT-RSA 2006, pages 1-20. Springer, 2006.
27. W. Pan, Y. Zhang, M. Yu, and J. Jing. Improving virtualization security by splitting hypervisor into smaller components. In Data and Applications Security and Privacy XXVI, pages 298-313. Springer, 2012.
28. L. Popa, M. Yu, S. Y. Ko, S. Ratnasamy, and I. Stoica. Cloudpolice: taking access control out of the network. In Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, page 7. ACM, 2010.
29. H. Raj, R. Nathuji, A. Singh, and P. England. Resource management for isolation enhanced cloud services. In Proceedings of the 2009 ACM workshop on Cloud computing security, pages 77-84. ACM, 2009.
30. K. Ramakrishnan. Performance considerations in designing network interfaces. Selected Areas in Communications, IEEE Journal on, 11(2):203-219, 1993.
31. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security, pages 199-212. ACM, 2009.
32. A.-R. Sadeghi, T. Schneider, and M. Winandy. Token-based cloud computing. In Trust and Trustworthy Computing, pages 417-429. Springer, 2010.
33. K. Salah. To coalesce or not to coalesce. AEU-International Journal of Electronics and Communications, 61(4):215-225, 2007.
34. K. Salah, K. El-Badawi, and F. Haidari. Performance analysis and comparison of interrupt-handling schemes in gigabit networks. Computer Communications, 30(17):3425-3441, 2007.
35. K. Salah and A. Qahtan. Boosting throughput of snort nids under linux. In Innovations in Information Technology, 2008. IIT 2008. International Conference on, pages 643-647. IEEE, 2008.
36. J. H. Salim, R. Olsson, and A. Kuznetsov. Beyond softnet. In Proceedings of the 5th annual Linux Showcase & Conference, volume 5, pages 18-18, 2001.
37. V. Sekar and P. Maniatis. Verifiable resource accounting for cloud computing services. In Proceedings of the 3rd ACM workshop on Cloud computing security workshop, pages 21-26. ACM, 2011.
38. J. Shi, X. Song, H. Chen, and B. Zang. Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring. In Dependable Systems and Networks Workshops (DSN-W), 2011 IEEE/IFIP 41st International Conference on, pages 194-199. IEEE, 2011.
39. N. C. A. System. Vulnerability Summary for CVE-2007-4993. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007- 4993, September 2007.
40. N. C. A. System. Vulnerability Summary for CVE-2007-5497. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007- 5497, December 2007.
41. N. C. A. System. Vulnerability Summary for CVE-2010-2240. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010- 2240, March 2010.
42. J. Szefer, E. Keller, R. B. Lee, and J. Rexford. Eliminating the hypervisor attack surface for a more secure cloud. In Proceedings of the 18th ACM conference on Computer and communications security, pages 401-412. ACM, 2011.
43. E. Tromer, D. A. Osvik, and A. Shamir. Efficient cache attacks on aes, and countermeasures. Journal of Cryptology, 23(1):37-71, 2010.
44. D. Tsafrir, Y. Etsion, D. G. Feitelson, and S. Kirkpatrick. System noise, os clock ticks, and fine-grained parallel applications. In Proceedings of the 19th annual international conference on Supercomputing, pages 303-312. ACM, 2005.
45. P. Willmann, J. Shafer, D. Carr, A. Menon, S. Rixner, A. L. Cox, and W. Zwaenepoel. Concurrent direct network access for virtual machine monitors. In High Performance Computer Architecture, 2007. HPCA 2007. IEEE 13th International Symposium on, pages 306-317. IEEE, 2007.
46. Y. Xu, M. Bailey, F. Jahanian, K. Joshi, M. Hiltunen, and R. Schlichting. An exploration of l2 cache covert channels in virtualized environments. In Proceedings of the 3rd ACM workshop on Cloud computing security workshop, pages 29-40. ACM, 2011.
47. M. Zec, M. Mikuc, and M. Zagar. Estimating the impact of interrupt coalescing delays on steady state tcp throughput. In Proceedings of the 10th SoftCOM, volume 2002. Citeseer, 2002.
48. F. Zhang, J. Chen, H. Chen, and B. Zang. Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pages 203-216. ACM, 2011.
49. Y. Zhang, A. Juels, A. Oprea, and M. K. Reiter. Homealone: Co-residency detection in the cloud via side-channel analysis. In Security and Privacy (SP), 2011 IEEE Symposium on, pages 313-328. IEEE, 2011.
50. Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Cross-vm side channels and their use to extract private keys. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 305-316. ACM, 2012.