Exploring Information Leakage in Third-Party Compute Clouds

Slides:



Advertisements
Similar presentations
Distributed System Lab.1 Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Thomas Ristenpart ¤, Eran Tromer, Hovav.
Advertisements

Rohit Kugaonkar CMSC 601 Spring 2011 May 9 th 2011
Lecture 5: Cloud Security: what’s new? Xiaowei Yang (Duke University)
Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Yan Qiang,
Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.
Hey You, Get Off My Cloud: Exploring information Leakage in third party compute clouds T.Ristenpart, Eran Tromer, Hovav Shacham and Steven Savage ACM CCS.
Hey, You, Get Off of My Cloud
Security Issues and Challenges in Cloud Computing
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds by Thomas Ristenpart et al. defended by Ning Xia & Najim Yaqubie.
What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.
Cloud Computing (101).
Authors: Thomas Ristenpart, et at.
Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.
M.A.Doman Model for enabling the delivery of computing as a SERVICE.
Cloud Computing Cloud Computing Class-1. Introduction to Cloud Computing In cloud computing, the word cloud (also phrased as "the cloud") is used as a.
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Written by Thomas Ristenpart Eran Tromer Hovav Shacham Stehan.
SECURITY IN CLOUD COMPUTING By Bina Bhaskar Anand Mukundan.
Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.
Cloud Computing. What is Cloud Computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable.
Cloud Computing 1. Outline  Introduction  Evolution  Cloud architecture  Map reduce operation  Platform 2.
Introduction to Cloud Computing
In the name of God :).
M.A.Doman Short video intro Model for enabling the delivery of computing as a SERVICE.
Cloud Computing & Amazon Web Services – EC2 Arpita Patel Software Engineer.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 4 09/10/2013 Security and Privacy in Cloud Computing.
Thomas Ristenpart,Eran Tromer, Horav Shahcham and Stefan Savage
What is the cloud ? IT as a service Cloud allows access to services without user technical knowledge or control of supporting infrastructure Best described.
HEY, YOU, GET OFF OF MY CLOUD: EXPLORING INFORMATION LEAKAGE IN THIRD-PARTY COMPUTE CLOUDS Eran Tromer MIT Hovav Shacham UCSD Stefan Savage UCSD ACM CCS.
INTRODUCTION TO CLOUD COMPUTING ggg UNDERSTANDING CLOUD COMPUTING UNDERSTANDING CLOUD COMPUTING DEFINITION CLOUD COMPUTING.
A paper by Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security,
CLOUD COMPUTING. What is cloud computing ? History Virtualization Cloud Computing hardware Cloud Computing services Cloud Architecture Advantages & Disadvantages.
Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.
3/12/2013Computer Engg, IIT(BHU)1 CLOUD COMPUTING-1.
Web Technologies Lecture 13 Introduction to cloud computing.
References: “Hey, You, Get Off My Cloud: Exploring Information Leakage in Third-Party Compute Clouds” by Thomas Ristenpart, Eran Tromer – UC San Diego;
Hey, You, Get Off of My Cloud Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage Presented by Daniel De Graaf.
1 TCS Confidential. 2 Objective : In this session we will be able to learn:  What is Cloud Computing?  Characteristics  Cloud Flavors  Cloud Deployment.
Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.
© 2012 Eucalyptus Systems, Inc. Cloud Computing Introduction Eucalyptus Education Services 2.
Thomas Ristenpart , Eran Tromer, Hovav Shacham ,Stefan Savage CCS’09
SEMINAR ON.  OVERVIEW -  What is Cloud Computing???  Amazon Elastic Cloud Computing (Amazon EC2)  Amazon EC2 Core Concept  How to use Amazon EC2.
CS 6027 Advanced Networking FINAL PROJECT ​. Cloud Computing KRANTHI ​ CHENNUPATI PRANEETHA VARIGONDA ​ SANGEETHA LAXMAN ​ VARUN ​ DENDUKURI.
Prof. Jong-Moon Chung’s Lecture Notes at Yonsei University
Mapping/Topology attacks on Virtual Machines
Lecture 6: Cloud Computing
Unit 3 Virtualization.
Guide to Operating Systems, 5th Edition
Chapter 6: Securing the Cloud
Avenues International Inc.
Hey, You, Get Off of My Cloud
Cloud computing-The Future Technologies
Prepared by: Assistant prof. Aslamzai
Secure Software Confidentiality Integrity Data Security Authentication
Written by : Thomas Ristenpart, Eran Tromer, Hovav Shacham,
Andrew McCombs March 10th, 2011
Chapter 21: Cloud Computing and Related Security Issues
Chapter 22: Cloud Computing Technology and Security
AWS. Introduction AWS launched in 2006 from the internal infrastructure that Amazon.com built to handle its online retail operations. AWS was one of the.
Cloud Computing Dr. Sharad Saxena.
Managing Clouds with VMM
Outline Virtualization Cloud Computing Microsoft Azure Platform
Guide to Operating Systems, 5th Edition
Cloud Computing Cloud computing refers to “a model of computing that provides access to a shared pool of computing resources (computers, storage, applications,
Chapter 9 An Introduction and Overview of Cloud Computing
AWS Cloud Computing Masaki.
Shielding applications from an untrusted cloud with Haven
Azure Container Service
Presentation transcript:

Exploring Information Leakage in Third-Party Compute Clouds 1 Exploring Information Leakage in Third-Party Compute Clouds

Introduction Cloud computing: 3 Introduction Cloud computing: Applications delivered as services over the internet Hardware and systems software in the data centers

4 SaaS, PaaS, and IaaS

Infrastructure as a Service Infrastructure: server, storage, network, data center… User does not manage underlying cloud infrastructure User specify when to request and release resources Example: Amazon EC2

Software as a Service Browser-initiated application software User: no upfront investment in services or software licensing Provider: low costs Example: Google Apps

Platform as a Service Between IaaS and SaaS Enables user to deploy user-built applications onto a virtualized cloud platform Example: Windows Azure

Cloud Computing Infrastructure 8 Cloud Computing Infrastructure Local computing (left figure) Cloud computing (right figure)

Cloud providers Third party cloud computing Microsoft Azure Amazon EC2 9 Cloud providers Third party cloud computing Microsoft Azure Amazon EC2 Google AppEngine Rackspace Mosso Baidu Cloud

Benefits and risks Benefits Economics of scale: huge data center 1010 Benefits and risks Benefits Economics of scale: huge data center Low capital expenditure Dynamic provisioning (under utilize or saturation)

Benefits and risks Risks 1111 Benefits and risks Risks Inherited risk between client and cloud provider Stable? Trustworthy? Implicit threat from other clients due to shared physical resources

Virtualized cloud platforms Management VM (dom0) Work VM Work VM Work VM Hypervisor Hardware Examples: Amazon EC2, Microsoft Azure, OpenStack, RackSpace Hosting

Data breaches on the cloud a common occurrence: Microsoft: Spying on employee’s Hotmail account Google employee: Spying on children’s data NSA Snowden data leaks Enterprises like banks and finance companies prefer to use in-house cloud offerings rather than opting for public cloud platforms

The threat model Provider Administrator On the cloud, we have providers and administrators and other clients Provider Administrator

Management VM (dom0) Work VM Work VM Work VM Hypervisor Hardware

Example: Malware detection Management VM Client’s VM Checking daemon Code Data 2 Process the page Sec. Policy ? 3 1 Alert user Resume guest Hypervisor [Example: Gibraltar – Baliga, Ganapathy and Iftode, ACSAC’08]

Problem ? Hypervisor Management VM Client’s VM Checking daemon Code Clients must rely on provider to deploy customized services Management VM Client’s VM Checking daemon Code Data 2 Process the page Sec. Policy ? 3 1 Alert user Resume guest Hypervisor

Malicious cloud administrator Problem Client code & data secrecy and integrity vulnerable to attack Management VM Client’s VM Checking daemon Code Data 2 Process the page Sec. Policy ? 3 1 Malicious cloud administrator Alert user Resume guest Hypervisor

An interlude Suppose that you are a cloud provider. You claim to provide a certain hardware/VM/OS configuration and charge me accordingly. I am a client and paid you for a certain HW/SW configuration. How do I know that I’m getting what I paid for? How do I know that your software stack isn’t snooping on my activities?

One answer: Trusted hardware The Trusted Platform Module (TPM). Widely available: currently on most modern motherboards. About $5 to purchase. Next lecture: Software Guard Extensions (SGX) An upcoming trusted hardware architecture from Intel.

2121 Hey you, get off my cloud Multiplexing VMs on the same physical hardware (potential threat!)

Motivation & Goal Motivation Goal 2222 2222 Motivation & Goal Motivation Authors fear the confidentiality within compute clouds will be compromised Medical records, e-commerce (credit cards), etc. Goal Prove the existence of confidentiality breach within EC2 Suggest countermeasures

Procedure Overview Placement Extraction 2323 Procedure Overview Placement Placing adversary’s VM on the physical machine which hosts the victim’s VM Attacker-Victim VM Co-residence Strategy Proving Co-residence Extraction Extract confidential information Via “Manipulation of shared physical resource” “Information Leakage” Side channel Attacks

Threat Model (for this paper) 2424 Threat Model (for this paper) Adversaries are non-provider-affiliated malicious third party Victims are running confidentiality-requiring services in the cloud Attackers who are either interested in attacking some known hosted services or attacking a particular victim service Enabled by cloud computing relying on same physical computing resources

Probing and Attacking Strategy 2525 Probing and Attacking Strategy The paper studies the risk of attacks in below strategy Can one determine where in the cloud infrastructure an instance is located? Can one easily determine if two instances are co-resident on the same physical machine? Can an adversary launch instances that will be co-resident with other user’s instances? Can an adversary exploit cross-VM information leakage once co-resident?

2626 Amazon AWS and EC2 Best known as Amazon Web Service and Elastic Cloud Computing Flexibly rent computing resources (on demand) Ability to run VMs with guest OSs as Linux/Ubuntu/FreeBSD/OpenSolaris/Windows Xen hypervisor and Domain0 (previlieged VM) to manage guest images, resource provisioning and access control

Amazon EC2 Register Amazon AWS account 2727 Amazon EC2 Register Amazon AWS account Creates VM images with your choice of OS Bring up one or more instances of VM images

2828 Amazon EC2 Three degrees of freedom in specifying physical infrastructure where instances should run Regions (US, Europe, Asia, etc.) Availability zones (Power/Network connectivity) Instance type (micro, small, medium, large, xlarge) 32/64bit with different computing power/memory/storage capacity VMs placed on available physical servers shared by multiple instances

Amazon EC2 VMs have access to many network probing tools 2929 Amazon EC2 VMs have access to many network probing tools nmap, hping, wget Arbitrary attack code which attacks other guest OS (VM instances) External vs. internal probes

3030 Cloud Cartography Map the EC2 service to understand where potential targets are located in the cloud Hypothesis – availability zones and instant types respond to different internal IP addresses Methods Surveying public servers on EC2 Launching various types of EC2

Fuller map of EC2 Public EC2 IP address: 14054 unique internal IPs responsive to port 80/443 IPs from same /16 are of the same zone /24 containing a Dom0 IP address

3232 Cloud Cartography

3333 Mapping Significance Showed that internal IPs were assigned correlates with zone and VM type Adversary can infer zones and instances types of the target Such patterns can be exploited to ensure maximum likelihood of Co-residence Prevention of mapping Remove clustering based on zone & VM type Make it harder to map external/internal IPs VLANs and bridging

Co-residence Proof Matching Dom0 IP address 3434 Co-residence Proof Matching Dom0 IP address Small packet round-trip times Numerically close internal IP address

Co-residence Proof Matching Dom0 IP 3535 Co-residence Proof Matching Dom0 IP Special-privileged “first guest OS”, which manages routing of traffic to other guest VMs Using two traceroute to identify First hop = attacker instance’s Dom0 IP Last hop = victim instance’s Dom0 IP Done on a different physical machine 31 out of 400 pairs of instances found that have equal domain address

Co-residence Proof Round trip times Numerically close IPs within 7 3636 Co-residence Proof Round trip times instances Numerically close IPs within 7 Only 8 VM instances on a physical machine

Co-residency Obfuscation 3737 Co-residency Obfuscation Dom0 does not respond to traceroute Randomly assign internal IP address Isolate accounts

Exploring Placement in EC2 3838 Exploring Placement in EC2 No 2 instances from 1 account simultaneously running on the same physical machine - N instances would run on n separate machines One physical machine support a maximum 8 m1.small instances - No chance to penetrate if target’s instance is on a full machine Placement loyalty -Sequential placement vs parallel placement

Exploiting Placements in EC2 3939 Exploiting Placements in EC2 Method 1: Brute-forcing Target victim, infer likely zone and instance type from cloud map Initiate many instances of the same zone and type as the victim over long time period Check for co-residence Of 1686 victims, 141 successful co-residencies using 1785 attacker instances 8.4% coverage

Exploiting Placements in EC2 4040 Exploiting Placements in EC2 Method 2: Abusing placement locality Effects of zone/account/time of day Effects of increased time lag On targeting commercial instances

Exploiting Placements in EC2 4141 Exploiting Placements in EC2 The effect of increased time lag

Exploiting Placements in EC2 4242 Exploiting Placements in EC2 Anti-Placement Strategy Authors suggest letting users control where their VM instances run Users decide who to share hardware with Users pay extra for loss of efficiency

Cross-VM Information Leakage 4343 Cross-VM Information Leakage Side channels to learn information about co-resident instances Other channels: network access, CPU branch predictors and instruction caches, DRAM memory bus, etc Prime + Trigger + Probe measurement technique Prime: Read B at s-byte offsets in order to ensure it is cached Trigger: Busy-loop until the CPU’s cycle counter jumps by a large value Probe: Measure the time it takes to again read B at s-byte offsets.

Cross-VM Information Leakage 4444 Cross-VM Information Leakage Load-based co-residence detection

Cross-VM Information Leakage 4545 Cross-VM Information Leakage Estimating traffic rates Keystroke timing attack victim inputting SSH password becomes insecure

Conclusions Solutions/Suggestion Contributions 4646 Conclusions Solutions/Suggestion Contributions Identified security risk of EC2 Tied together exploits using Addressed legal, ethical concerns