Rohit Kugaonkar CMSC 601 Spring 2011 May 9 th 2011

Slides:



Advertisements
Similar presentations
Mitesh Soni. Not an Expert Session… Only an Overview Please Ask Questions Stop me if I am throwing Bouncers Language Preference?
Advertisements

Distributed System Lab.1 Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Thomas Ristenpart ¤, Eran Tromer, Hovav.
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.
Lecture 5: Cloud Security: what’s new? Xiaowei Yang (Duke University)
Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.
1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Yan Qiang,
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Cloud Computing Security Ohio Information Security Forum July 16 th, 2011 James Walden, Ph.D. Northern Kentucky University.
Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.
Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.
Hey You, Get Off My Cloud: Exploring information Leakage in third party compute clouds T.Ristenpart, Eran Tromer, Hovav Shacham and Steven Savage ACM CCS.
Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.
Hey, You, Get Off of My Cloud
Full AES key extraction in 65 milliseconds using cache attacks
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds By Thomas Ristenpart Eran Tromer Hovav Shacham Stefan Savage.
Virtualization and the Cloud
Authors: Thomas Ristenpart, et at.
Cloud Usability Framework
M.A.Doman Model for enabling the delivery of computing as a SERVICE.
SPRING 2011 CLOUD COMPUTING Cloud Computing San José State University Computer Architecture (CS 147) Professor Sin-Min Lee Presentation by Vladimir Serdyukov.
Cloud computing Tahani aljehani.
Getting Started with Oracle Compute Cloud
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 2 02/01/2010 Security and Privacy in Cloud Computing.
CLOUD COMPUTING & COST MANAGEMENT S. Gurubalasubramaniyan, MSc IT, MTech Presented by.
Introduction to Cloud Computing
“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Written by Thomas Ristenpart Eran Tromer Hovav Shacham Stehan.
© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.
Eliminating Fine Grained Timers in Xen Bhanu Vattikonda with Sambit Das and Hovav Shacham.
Cloud Computing. What is Cloud Computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable.
Computer Science and Engineering 1 Cloud ComputingSecurity.
M.A.Doman Short video intro Model for enabling the delivery of computing as a SERVICE.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 4 09/10/2013 Security and Privacy in Cloud Computing.
Overview Abstract Vulnerability: An Overview Cloud Computing Cloud-Specific Vulnerabilities Architectural Components and Vulnerabilities Conclusion.
Plan  Introduction  What is Cloud Computing?  Why is it called ‘’Cloud Computing’’?  Characteristics of Cloud Computing  Advantages of Cloud Computing.
Thomas Ristenpart,Eran Tromer, Horav Shahcham and Stefan Savage
In the Cloud How to Address Security in the Cloud.
HEY, YOU, GET OFF OF MY CLOUD: EXPLORING INFORMATION LEAKAGE IN THIRD-PARTY COMPUTE CLOUDS Eran Tromer MIT Hovav Shacham UCSD Stefan Savage UCSD ACM CCS.
A paper by Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security,
Security Issues in Cloud Environment Vamshi. Cloud Environment Security My project.
PaaSport Introduction on Cloud Computing PaaSport training material.
Cloud computing Cloud Computing1. NIST: Five essential characteristics On-demand self-service Computing capabilities, disks are demanded over the network.
CLOUD COMPUTING RICH SANGPROM. What is cloud computing? “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a.
Software Acquisition Management. Cloud Computing 2.
3/12/2013Computer Engg, IIT(BHU)1 CLOUD COMPUTING-1.
Web Technologies Lecture 13 Introduction to cloud computing.
References: “Hey, You, Get Off My Cloud: Exploring Information Leakage in Third-Party Compute Clouds” by Thomas Ristenpart, Eran Tromer – UC San Diego;
Hey, You, Get Off of My Cloud Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage Presented by Daniel De Graaf.
© 2012 Eucalyptus Systems, Inc. Cloud Computing Introduction Eucalyptus Education Services 2.
Advanced cloud infrastructures and services SAULIUS ŽIŪKAS.
Thomas Ristenpart , Eran Tromer, Hovav Shacham ,Stefan Savage CCS’09
SEMINAR ON.  OVERVIEW -  What is Cloud Computing???  Amazon Elastic Cloud Computing (Amazon EC2)  Amazon EC2 Core Concept  How to use Amazon EC2.
Mapping/Topology attacks on Virtual Machines
Chapter 6: Securing the Cloud
Hey, You, Get Off of My Cloud
Alina Oprea Associate Professor, CCIS Northeastern University
Written by : Thomas Ristenpart, Eran Tromer, Hovav Shacham,
Cloud Management Mechanisms
Cloud Computing Kelley Raines.
Chapter 21: Cloud Computing and Related Security Issues
Chapter 22: Cloud Computing Technology and Security
CNIT131 Internet Basics & Beginning HTML
Service Oriented Architecture for Cloud Based Travel Reservation Software as a Service Comp 684 – Rayna Burgess.
Cloud Computing: Concepts
Computer Science and Engineering
Exploring Information Leakage in Third-Party Compute Clouds
Presentation transcript:

Rohit Kugaonkar CMSC 601 Spring 2011 May 9 th

 “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”. - The NIST Definition of Cloud Computing

 On-Demand service  Pay only for actual usage  Shared resources  Rapid elasticity  Virtualization  Advanced Security "Cloud Security and Privacy'',O'Reilly

 Insecure programming interfaces or APIs  Threat from inside employees  Data Protection  Identity and access management  Shared Technology issues  Hypervisor security  Cross-side channel attacks between VMs

 Virtual machines share the physical memory, CPU cycles, network buffers, DRAM of the physical machine  Attack on Amazon EC2 web services: Researchers from MIT and University of California explained in their paper “Hey,You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds”

 Attacks takes place in two steps: 1. Placement of attacker virtual machine on the same physical machine. 2. Exploiting the shared resources.  CPU cache leakage attack  Measure load of the other virtual web server  Extract AES and RSA keys.  Keystrokes timing analysis  Extract user passwords from SSH terminal.

 D. A. Osvik, A. Shamir, and E. Tromer, “Cache attacks and countermeasures: the case of AES”.  D. Page, “Theoretical use of cache memory as a cryptanalytic side-channel”.  D. Page, “Defending against cache-based side- channel attacks”.  D. Page, “Partitioned cache architecture as a side-channel defense mechanism”.  E. Tromer, D. A. Osvik, and A. Shamir, "Efficient cache attacks on AES, and countermeasures

 Dawn Xiaodong Song, David Wagner, Xuqing Tian, ``Timing Analysis of Keystrokes and Timing Attacks on SSH'‘.  Cloud service providers: “Securing Microsoft's Cloud Infrastructure", Microsoft Global Foundation Services. “Amazon Web Services: Overview of Security Processes"

 Dividing the security mechanism in 2 components.  Customized operating system image.  A light weight process running on each of the virtual machines.  Collect security logs or any malicious behavior from each of the virtual machines and send it for analysis to dedicated machine.

 Analysis part will be performed at dedicated machine/s.  Analysis of the security logs in real time.  Looking for the same cache memory access pattern!  Routing all the web server traffic through these dedicated machines.  Real time fixing of any tampering on VMs.  Wiping out cache only when attack pattern is detected by the dedicated machine.

 Hypervisor security.  Security mechanism to protect against keystroke based timing attacks.

 Thomas Ristenpart, Eran Tromer, Hovav Shacham and Stefan Savage ``Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds’’.  Tim Mather, Subra Kumaraswamy, Shahed Latif, ``Cloud Security and Privacy'',O'Reilly publication.  D. A. Osvik, A. Shamir, and E. Tromer, “Cache attacks and countermeasures: the case of AES”,  D. Page, “Theoretical use of cache memory as a cryptanalytic side-channel”,  D. Page, “Defending against cache-based side-channel attacks.  D. Page, “Partitioned cache architecture as a side-channel defense mechanism”.  E. Tromer, D. A. Osvik, and A. Shamir, "Efficient cache attacks on AES, and countermeasures“.  Dawn Xiaodong Song, David Wagner, Xuqing Tian, ``Timing Analysis of Keystrokes and Timing Attacks on SSH”.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.