Lecture 5: Cloud Security: what’s new? Xiaowei Yang (Duke University)

Slides:



Advertisements
Similar presentations
Abstract There is significant need to improve existing techniques for clustering multivariate network traffic flow record and quickly infer underlying.
Advertisements

Distributed System Lab.1 Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Thomas Ristenpart ¤, Eran Tromer, Hovav.
Rohit Kugaonkar CMSC 601 Spring 2011 May 9 th 2011
Protecting Cyber-TA Contributors: Risks and Challenges Vitaly Shmatikov The University of Texas at Austin.
Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Yan Qiang,
A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.
Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk o Over 70% of traffic  Bugs ---
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
Virtualization and Cloud Computing
5-Network Defenses Dr. John P. Abraham Professor UTPA.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.
Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
Hey You, Get Off My Cloud: Exploring information Leakage in third party compute clouds T.Ristenpart, Eran Tromer, Hovav Shacham and Steven Savage ACM CCS.
Hey, You, Get Off of My Cloud
Look Who’s Talking: Discovering Dependencies between Virtual Machines Using CPU Utilization HotCloud 10 Presented by Xin.
By Christopher Moran, Nicoara Talpes 1.  Solution is addressed to VMs that are web servers  Web servers should not have confidential information anyway.
Security Awareness: Applying Practical Security in Your World
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds by Thomas Ristenpart et al. defended by Ning Xia & Najim Yaqubie.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds By Thomas Ristenpart Eran Tromer Hovav Shacham Stefan Savage.
Virtual Memory Deung young, Moon ELEC 5200/6200 Computer Architecture and Design Lectured by Dr. V. Agrawal Lectured by Dr. V.
Authors: Thomas Ristenpart, et at.
N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
TitleEfficient Timing Channel Protection for On-Chip Networks Yao Wang and G. Edward Suh Cornell University.
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 2 02/01/2010 Security and Privacy in Cloud Computing.
ATIF MEHMOOD MALIK KASHIF SIDDIQUE Improving dependability of Cloud Computing with Fault Tolerance and High Availability.
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Written by Thomas Ristenpart Eran Tromer Hovav Shacham Stehan.
© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.
SECURITY IN CLOUD COMPUTING By Bina Bhaskar Anand Mukundan.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Intrusion Prevention System. Module Objectives By the end of this module, participants will be able to: Use the FortiGate Intrusion Prevention System.
M.A.Doman Short video intro Model for enabling the delivery of computing as a SERVICE.
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 4 09/10/2013 Security and Privacy in Cloud Computing.
Team 6: (DDoS) The Amazon Cloud Attack Kevin Coleman, Jeffrey Starker, Karthik Rangarajan, Paul Beresuita, Arunabh Verma and Amay Singhal.
Thomas Ristenpart,Eran Tromer, Horav Shahcham and Stefan Savage
HEY, YOU, GET OFF OF MY CLOUD: EXPLORING INFORMATION LEAKAGE IN THIRD-PARTY COMPUTE CLOUDS Eran Tromer MIT Hovav Shacham UCSD Stefan Savage UCSD ACM CCS.
A paper by Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security,
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Network security Product Group 2 McAfee Network Security Platform.
BY SYDNEY FERNANDES T.E COMP ROLL NO: INTRODUCTION Networks are used as a medium inorder to exchange data packets between the server and clients.
References: “Hey, You, Get Off My Cloud: Exploring Information Leakage in Third-Party Compute Clouds” by Thomas Ristenpart, Eran Tromer – UC San Diego;
Hey, You, Get Off of My Cloud Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage Presented by Daniel De Graaf.
DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.
Thomas Ristenpart , Eran Tromer, Hovav Shacham ,Stefan Savage CCS’09
Chen Qian, Xin Li University of Kentucky
Mapping/Topology attacks on Virtual Machines
Threat Modeling for Cloud Computing
Combating Botnets Botnets are a complex and continuously evolving challenge to user confidence and security on the Internet. Introduction Botnets are.
Hey, You, Get Off of My Cloud
UNIVERSITY OF HOUSTON Start
Alina Oprea Associate Professor, CCIS Northeastern University
Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM
Real-time protection for web sites and web apps against ATTACKS
Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.
Written by : Thomas Ristenpart, Eran Tromer, Hovav Shacham,
Introduction to Networking
Operating Systems Bina Ramamurthy CSE421 11/27/2018 B.Ramamurthy.
Brute force attacks, DDOS, Botnet, Exploit, SQL injection
Defending high value targets in the cloud using IP Reputation
LOAD BALANCING INSTANCE GROUP APPLICATION #1 INSTANCE GROUP Overview
Exploring Information Leakage in Third-Party Compute Clouds
Cybersecurity Simplified: Phishing
Presentation transcript:

Lecture 5: Cloud Security: what’s new? Xiaowei Yang (Duke University)

Recap Exploring information leakage in third- party compute clouds – Placement – Determining co-residence – Inferrence

Placement Launching test instances Determining the correlation between instance placement and IP addresses Launching many probe instances in the same availability zone

Determining co-residence Traceroute

Cross-VM information leakage Load measurement: Prime-Trigger-Probe – B: buffer of size b; s: cache line size 1.Prime: Read B at s-offset 2.Trigger: busy-loop until swapped out 3.Probe: measure the time it takes to read B again at s-offset – If it takes long  – If it does not take long 

Load-based co-residence detection Send http requests to a target VM Do load measurement – High  – Low 

Which one(s) shows co-resident?

Estimating traffic rates High traffic rates  high load

Keystroke timing attack Hypothesis – On an idle machine, High load spike  keystroke input Timing between high load spikes  timing between keystrokes Timing between keystrokes  infers password

Summary Co-residence  information leak Defending against it is hard

WHAT’S NEW ABOUT CLOUD COMPUTING SECURITY?

Overview New threats New research opportunities

New threats A more reliable alternative to botnets – If cloud computing is cheaper and more reliable than botnets, use cloud Brute-forcer Resource sharing and interference – Placement, inferrence Reputation fate sharing – Spammers block other legitimate services – An FBI raid

Novel elements Protecting data and software is not enough  Activity pattern needs protection as well Reputation attribution A longer trust chain Competitiveness business may co-locate

Is mutual auditability a solution? Provider audits customer’s activities Customer audits what a provider provides  enables attribution of blame

New opportunities Cloud providers should offer a choice of security primitives – Granularity of virtualizations Physical machines, LANS, clouds, or datacenters Mutual auditability – Provider audits customer’s activities – Customer audits what a provider provides –  enables attribution of blame Studying cloud security vulnerabilities

Next Discovering VM dependencies using CPU utilization – Question to ponder: can this technique be used a security attack?

Interesting techniques Inference technique – Auto-regressive modeling: use past samples to predict future values – Compute distances of AR models Models with similar coefficients are closer – K-mean clustering Perturbation to improve inference accuracy

Security attacks Achieving co-residence Do load measurements Figure out service correlations DoS all related services

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.