A placement vulnerability study in multi-tenant public clouds

Proceedings of the 24th USENIX Security Symposium

Volumn , Issue , 2015, Pages 913-928

  Varadarajan, Venkatanathan ^a   Zhang, Yinqian ^b   Ristenpart, Thomas ^a,c   Swift, Michael ^a  

^a UNIVERSITY OF WISCONSIN MADISON   (United States)

^b OHIO STATE UNIVERSITY   (United States)

^c Cornell Tech ^*  (United States)

Author keywords

Cloud security; Co location detection; Multi tenancy

Indexed keywords

ECONOMICS; INFRASTRUCTURE AS A SERVICE (IAAS); LOCATION; MAPS; VIRTUAL MACHINE; WINDOWS OPERATING SYSTEM;

CLOUD APPLICATIONS; CLOUD SECURITIES; COLOCATIONS; ECONOMIES OF SCALE; ISOLATION TECHNOLOGY; MULTI TENANCIES; PRIVATE CLOUDS; SECRET INFORMATION;

SIDE CHANNEL ATTACK;

EID: 84968932741     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (39)

1. Amazon ec2 instance store. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html.
2. Amazon elastic compute cloud. http://aws.amazon.com/ec2/.
3. Apache libcloud. http://libcloud.apache.org/.
4. Aws elastic beanstalk. http://aws.amazon.com/elasticbeanstalk/.
5. Aws innovation at scale, re:invent 2014, slide 9-10. http://www.slideshare.net/AmazonWebServices/spot301-aws- innovation- at- scale- aws- reinvent- 2014.
6. Google compute engine. https://cloud.google.com/compute/.
7. Google compute engine – disks. https://cloud.google.com/compute/docs/disks/.
8. Google compute enginer autoscaler. http://cloud.google.com/compute/docs/autoscaler/.
9. Haproxy: The reliable, high performance tcp/http load balancer. http://www.haproxy.org/.
10. Heroku PaaS system. https://www.heroku.com/.
11. Intel Ivy Bridge cache replacement policy. http://blog.stuffedcow.net/2013/01/ivb- cache- replacement/.
12. Olio workload. https://cwiki.apache.org/confluence/display/OLIO/The+Workload.
13. Rightscale. http://www.rightscale.com.
14. Virtual machine and cloud service sizes for azure. https://msdn.microsoft.com/en-us/library/azure/dn197896.aspx.
15. Windows azure. http://www.windowsazure.com/.
16. Amazon ec2 pricing, 2015. http://aws.amazon.com/ec2/pricing/.
17. Amazon Web Services. Extend your it infrastructure with amazon virtual private cloud. Technical report, Amazon, 2013.
18. Y. Azar, S. Kamara, I. Menache, M. Raykova, and B. Shepard. Co-location-resistant clouds. In In Proceedings of the ACM Workshop on Cloud Computing Security, pages 9–20, 2014.
19. A. Bates, B. Mood, J. Pletcher, H. Pruse, M. Valafar, and K. Butler. Detecting co-residency with active traffic analysis techniques. In Proceedings of the 2012 ACM Workshop on Cloud Computing Security Workshop, pages 1–12. ACM, 2012.
20. B. Beach. Virtual private cloud. In Pro Powershell for Amazon Web Services, pages 67–88. Springer, 2014.
21. B. Farley, A. Juels, V. Varadarajan, T. Ristenpart, K. D. Bowers, and M. M. Swift. More for your money: Exploiting performance heterogeneity in public clouds. In Proceedings of the Third ACM Symposium on Cloud Computing. ACM, 2012.
22. M. Ferdman, A. Adileh, O. Kocberber, S. Volos, M. Alisafaee, D. Jevdjic, C. Kaynak, A. D. Popescu, A. Ailamaki, and B. Falsafi. Clearing the clouds: a study of emerging scale-out workloads on modern hardware. In Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems. ACM, 2012.
23. Y. Han, T. Alpcan, J. Chan, and C. Leckie. Security games for virtual machine allocation in cloud computing. In Decision and Game Theory for Security. Springer International Publishing, 2013.
24. Y. Han, J. Chan, T. Alpcan, and C. Leckie. Virtual machine allocation policies against co-resident attacks in cloud computing. In IEEE International Conference on Communications,, 2014.
25. A. Herzberg, H. Shulman, J. Ullrich, and E. Weippl. Cloudoscopy: Services discovery and topology mapping. In 2013 ACM Workshop on Cloud Computing Security Workshop, pages 113–122, 2013.
26. D. Kanter. L3 cache and ring interconnect. http://www.realworldtech.com/sandy-bridge/8/.
27. T. Kohno, A. Broido, and K. Claffy. Remote physical device fingerprinting. In Security and Privacy, 2005 IEEE Symposium on, pages 211–225. IEEE, 2005.
28. D. Mosberger and T. Jin. httperfa tool for measuring web server performance. ACM SIGMETRICS Performance Evaluation Review, 26(3):31–37, 1998.
29. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security, pages 199–212. ACM, 2009.
30. V. Varadarajan, T. Kooburat, B. Farley, T. Ristenpart, and M. M. Swift. Resource-freeing attacks: Improve your cloud performance (at your neighbor’s expense). In Proceedings of the 2012 ACM conference on Computer and communications security, pages 281–292. ACM, 2012.
31. L. Wang, A. Nappa, J. Caballero, T. Ristenpart, and A. Akella. Whowas: A platform for measuring web deployments on IaaS clouds. In Proceedings of the 2014 Conference on Internet Measurement Conference, pages 101–114. ACM, 2014.
32. Z. Wu, Z. Xu, and H. Wang. Whispers in the hyper-space: High-speed covert channel attacks in the cloud. In USENIX Security symposium, pages 159–173, 2012.
33. Y. Xu, M. Bailey, F. Jahanian, K. Joshi, M. Hiltunen, and R. Schlichting. An exploration of L2 cache covert channels in virtualized environments. In Proceedings of the 3rd ACM workshop on Cloud computing security workshop, pages 29–40. ACM, 2011.
34. Z. Xu, H. Wang, and Z. Wu. A measurement study on co-residence threat inside the cloud. In USENIX Security Symposium, 2015.
35. Y. Yarom and K. Falkner. Flush+reload: A high resolution, low noise, L3 cache side-channel attack. In 23rd USENIX Security Symposium, pages 719–732. USENIX Association, 2014.
36. Y. Zhang, A. Juels, A. Oprea, and M. K. Reiter. Homealone: Co-residency detection in the cloud via side-channel analysis. In Proceedings of the 2011 IEEE Symposium on Security and Privacy, pages 313–328. IEEE Computer Society, 2011.
37. Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Cross-VM side channels and their use to extract private keys. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 305–316. ACM, 2012.
38. Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Cross-tenant side-channel attacks in PaaS clouds. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 990–1003. ACM, 2014.
39. F. Zhou, M. Goel, P. Desnoyers, and R. Sundaram. Scheduler vulnerabilities and attacks in cloud computing. CoRR, abs/1103.0759, 2011.