Exploring Information Leakage in Third-Party Compute Clouds 1 Exploring Information Leakage in Third-Party Compute Clouds

Introduction Cloud computing: 3 Introduction Cloud computing: Applications delivered as services over the internet Hardware and systems software in the data centers

4 SaaS, PaaS, and IaaS

Infrastructure as a Service Infrastructure: server, storage, network, data center… User does not manage underlying cloud infrastructure User specify when to request and release resources Example: Amazon EC2

Software as a Service Browser-initiated application software User: no upfront investment in services or software licensing Provider: low costs Example: Google Apps

Platform as a Service Between IaaS and SaaS Enables user to deploy user-built applications onto a virtualized cloud platform Example: Windows Azure

Cloud Computing Infrastructure 8 Cloud Computing Infrastructure Local computing (left figure) Cloud computing (right figure)

Cloud providers Third party cloud computing Microsoft Azure Amazon EC2 9 Cloud providers Third party cloud computing Microsoft Azure Amazon EC2 Google AppEngine Rackspace Mosso Baidu Cloud

Benefits and risks Benefits Economics of scale: huge data center 1010 Benefits and risks Benefits Economics of scale: huge data center Low capital expenditure Dynamic provisioning (under utilize or saturation)

Benefits and risks Risks 1111 Benefits and risks Risks Inherited risk between client and cloud provider Stable? Trustworthy? Implicit threat from other clients due to shared physical resources

Virtualized cloud platforms Management VM (dom0) Work VM Work VM Work VM Hypervisor Hardware Examples: Amazon EC2, Microsoft Azure, OpenStack, RackSpace Hosting

Data breaches on the cloud a common occurrence: Microsoft: Spying on employee’s Hotmail account Google employee: Spying on children’s data NSA Snowden data leaks Enterprises like banks and finance companies prefer to use in-house cloud offerings rather than opting for public cloud platforms

The threat model Provider Administrator On the cloud, we have providers and administrators and other clients Provider Administrator

Management VM (dom0) Work VM Work VM Work VM Hypervisor Hardware

Example: Malware detection Management VM Client’s VM Checking daemon Code Data 2 Process the page Sec. Policy ? 3 1 Alert user Resume guest Hypervisor [Example: Gibraltar – Baliga, Ganapathy and Iftode, ACSAC’08]

Problem ? Hypervisor Management VM Client’s VM Checking daemon Code Clients must rely on provider to deploy customized services Management VM Client’s VM Checking daemon Code Data 2 Process the page Sec. Policy ? 3 1 Alert user Resume guest Hypervisor

Malicious cloud administrator Problem Client code & data secrecy and integrity vulnerable to attack Management VM Client’s VM Checking daemon Code Data 2 Process the page Sec. Policy ? 3 1 Malicious cloud administrator Alert user Resume guest Hypervisor

An interlude Suppose that you are a cloud provider. You claim to provide a certain hardware/VM/OS configuration and charge me accordingly. I am a client and paid you for a certain HW/SW configuration. How do I know that I’m getting what I paid for? How do I know that your software stack isn’t snooping on my activities?

One answer: Trusted hardware The Trusted Platform Module (TPM). Widely available: currently on most modern motherboards. About $5 to purchase. Next lecture: Software Guard Extensions (SGX) An upcoming trusted hardware architecture from Intel.

2121 Hey you, get off my cloud Multiplexing VMs on the same physical hardware (potential threat!)

Motivation & Goal Motivation Goal 2222 2222 Motivation & Goal Motivation Authors fear the confidentiality within compute clouds will be compromised Medical records, e-commerce (credit cards), etc. Goal Prove the existence of confidentiality breach within EC2 Suggest countermeasures

Procedure Overview Placement Extraction 2323 Procedure Overview Placement Placing adversary’s VM on the physical machine which hosts the victim’s VM Attacker-Victim VM Co-residence Strategy Proving Co-residence Extraction Extract confidential information Via “Manipulation of shared physical resource” “Information Leakage” Side channel Attacks

Threat Model (for this paper) 2424 Threat Model (for this paper) Adversaries are non-provider-affiliated malicious third party Victims are running confidentiality-requiring services in the cloud Attackers who are either interested in attacking some known hosted services or attacking a particular victim service Enabled by cloud computing relying on same physical computing resources

Probing and Attacking Strategy 2525 Probing and Attacking Strategy The paper studies the risk of attacks in below strategy Can one determine where in the cloud infrastructure an instance is located? Can one easily determine if two instances are co-resident on the same physical machine? Can an adversary launch instances that will be co-resident with other user’s instances? Can an adversary exploit cross-VM information leakage once co-resident?

2626 Amazon AWS and EC2 Best known as Amazon Web Service and Elastic Cloud Computing Flexibly rent computing resources (on demand) Ability to run VMs with guest OSs as Linux/Ubuntu/FreeBSD/OpenSolaris/Windows Xen hypervisor and Domain0 (previlieged VM) to manage guest images, resource provisioning and access control

Amazon EC2 Register Amazon AWS account 2727 Amazon EC2 Register Amazon AWS account Creates VM images with your choice of OS Bring up one or more instances of VM images

2828 Amazon EC2 Three degrees of freedom in specifying physical infrastructure where instances should run Regions (US, Europe, Asia, etc.) Availability zones (Power/Network connectivity) Instance type (micro, small, medium, large, xlarge) 32/64bit with different computing power/memory/storage capacity VMs placed on available physical servers shared by multiple instances

Amazon EC2 VMs have access to many network probing tools 2929 Amazon EC2 VMs have access to many network probing tools nmap, hping, wget Arbitrary attack code which attacks other guest OS (VM instances) External vs. internal probes

3030 Cloud Cartography Map the EC2 service to understand where potential targets are located in the cloud Hypothesis – availability zones and instant types respond to different internal IP addresses Methods Surveying public servers on EC2 Launching various types of EC2

Fuller map of EC2 Public EC2 IP address: 14054 unique internal IPs responsive to port 80/443 IPs from same /16 are of the same zone /24 containing a Dom0 IP address

3232 Cloud Cartography

3333 Mapping Significance Showed that internal IPs were assigned correlates with zone and VM type Adversary can infer zones and instances types of the target Such patterns can be exploited to ensure maximum likelihood of Co-residence Prevention of mapping Remove clustering based on zone & VM type Make it harder to map external/internal IPs VLANs and bridging

Co-residence Proof Matching Dom0 IP address 3434 Co-residence Proof Matching Dom0 IP address Small packet round-trip times Numerically close internal IP address

Co-residence Proof Matching Dom0 IP 3535 Co-residence Proof Matching Dom0 IP Special-privileged “first guest OS”, which manages routing of traffic to other guest VMs Using two traceroute to identify First hop = attacker instance’s Dom0 IP Last hop = victim instance’s Dom0 IP Done on a different physical machine 31 out of 400 pairs of instances found that have equal domain address

Co-residence Proof Round trip times Numerically close IPs within 7 3636 Co-residence Proof Round trip times instances Numerically close IPs within 7 Only 8 VM instances on a physical machine

Co-residency Obfuscation 3737 Co-residency Obfuscation Dom0 does not respond to traceroute Randomly assign internal IP address Isolate accounts

Exploring Placement in EC2 3838 Exploring Placement in EC2 No 2 instances from 1 account simultaneously running on the same physical machine - N instances would run on n separate machines One physical machine support a maximum 8 m1.small instances - No chance to penetrate if target’s instance is on a full machine Placement loyalty -Sequential placement vs parallel placement

Exploiting Placements in EC2 3939 Exploiting Placements in EC2 Method 1: Brute-forcing Target victim, infer likely zone and instance type from cloud map Initiate many instances of the same zone and type as the victim over long time period Check for co-residence Of 1686 victims, 141 successful co-residencies using 1785 attacker instances 8.4% coverage

Exploiting Placements in EC2 4040 Exploiting Placements in EC2 Method 2: Abusing placement locality Effects of zone/account/time of day Effects of increased time lag On targeting commercial instances

Exploiting Placements in EC2 4141 Exploiting Placements in EC2 The effect of increased time lag

Exploiting Placements in EC2 4242 Exploiting Placements in EC2 Anti-Placement Strategy Authors suggest letting users control where their VM instances run Users decide who to share hardware with Users pay extra for loss of efficiency

Cross-VM Information Leakage 4343 Cross-VM Information Leakage Side channels to learn information about co-resident instances Other channels: network access, CPU branch predictors and instruction caches, DRAM memory bus, etc Prime + Trigger + Probe measurement technique Prime: Read B at s-byte offsets in order to ensure it is cached Trigger: Busy-loop until the CPU’s cycle counter jumps by a large value Probe: Measure the time it takes to again read B at s-byte offsets.

Cross-VM Information Leakage 4444 Cross-VM Information Leakage Load-based co-residence detection

Cross-VM Information Leakage 4545 Cross-VM Information Leakage Estimating traffic rates Keystroke timing attack victim inputting SSH password becomes insecure

Conclusions Solutions/Suggestion Contributions 4646 Conclusions Solutions/Suggestion Contributions Identified security risk of EC2 Tied together exploits using Addressed legal, ethical concerns