Hey, You, Get Off of My Cloud Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage Presented by Daniel De Graaf.

Slides:

Advertisements

Similar presentations

Distributed System Lab.1 Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Thomas Ristenpart ¤, Eran Tromer, Hovav.

Advertisements

Towards Predictable Datacenter Networks

Rohit Kugaonkar CMSC 601 Spring 2011 May 9 th 2011

Lecture 5: Cloud Security: what’s new? Xiaowei Yang (Duke University)

Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Yan Qiang,

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Performance Anomalies Within The Cloud 1 This slide includes content from slides by Venkatanathan Varadarajan and Benjamin Farley.

Resource-Freeing Attacks: Improve Your Cloud Performance (at Your Neighbor's Expense) (Venkat)anathan Varadarajan, Thawan Kooburat, Benjamin Farley, Thomas.

Public Clouds (EC2, Azure, Rackspace, …) VM Multi-tenancy Different customers’ virtual machines (VMs) share same server Provider: Why multi-tenancy? Improved.

Hey You, Get Off My Cloud: Exploring information Leakage in third party compute clouds T.Ristenpart, Eran Tromer, Hovav Shacham and Steven Savage ACM CCS.

Hey, You, Get Off of My Cloud

Look Who’s Talking: Discovering Dependencies between Virtual Machines Using CPU Utilization HotCloud 10 Presented by Xin.

Rodney Owens and Weichao Wang Department of SIS UNC Charlotte 1 OS Fingerprinting through Memory De-duplication Technique in Virtual Machines.

COMMA: Coordinating the Migration of Multi-tier applications 1 Jie Zheng* T.S Eugene Ng* Kunwadee Sripanidkulchai† Zhaolei Liu* *Rice University, USA †NECTEC,

By Christopher Moran, Nicoara Talpes 1.  Solution is addressed to VMs that are web servers  Web servers should not have confidential information anyway.

1 Information Security – Theory vs. Reality , Winter 2011 Lecture 1: Introduction Eran Tromer.

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds by Thomas Ristenpart et al. defended by Ning Xia & Najim Yaqubie.

COMS E Cloud Computing and Data Center Networking Sambit Sahu

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds By Thomas Ristenpart Eran Tromer Hovav Shacham Stefan Savage.

Scheduler-based Defenses against Cross-VM Side- channels Venkat(anathan) Varadarajan, Thomas Ristenpart, and Michael Swift 1 D EPARTMENT OF C OMPUTER S.

CLOUD PRIVACY AND SECURITY CS 595 LECTURE 15 4/15/2015.

Authors: Thomas Ristenpart, et at.

Sam Becker. Introduction Why is it important? Security Why is it needed? Solution Schemes Questions.

Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.

Virtualization: An Overview Brendan Lynch. Forms of virtualization In all cases virtualization is taking a physical component and simulating the interface.

Self-service Cloud Computing Shakeel Butt Department of Computer Science Rutgers University.

1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 2 02/01/2010 Security and Privacy in Cloud Computing.

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Written by Thomas Ristenpart Eran Tromer Hovav Shacham Stehan.

1 Introduction to Information Security , Spring 2013 Lecture 9: Trusted computing architecture (cont.) Side-channel attacks Eran Tromer Slides.

Eliminating Fine Grained Timers in Xen Bhanu Vattikonda with Sambit Das and Hovav Shacham.

SECURITY IN CLOUD COMPUTING By Bina Bhaskar Anand Mukundan.

Department of Computer Science Engineering SRM University

Virtual Machine Course Rofideh Hadighi University of Science and Technology of Mazandaran, 31 Dec 2009.

 Configuring a vSwitch Cloud Computing (ISM) [NETW1009]

Adaptive software in cloud computing Marin Litoiu York University Canada.

Presented by: Sanketh Beerabbi University of Central Florida COP Cloud Computing.

IISWC 2007 Panel Benchmarking in the Web 2.0 Era Prashant Shenoy UMass Amherst.

Microsoft Virtual Academy.

1 Information Security – Theory vs. Reality , Winter Lecture 1: Introduction Eran Tromer with guest appearance by Daniel Genkin.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 4 09/10/2013 Security and Privacy in Cloud Computing.

High Performance File System Service for Cloud Computing Kenji Kobayashi, Osamu Tatebe University of Tsukuba, JAPAN.

Dynamic Resource Monitoring and Allocation in a virtualized environment.

Thomas Ristenpart,Eran Tromer, Horav Shahcham and Stefan Savage

Cloud security Tom Ristenpart CS Software-as-a-service Infrastructure-as-a- service Cloud providers Cloud computing NIST: Cloud computing is a model.

HEY, YOU, GET OFF OF MY CLOUD: EXPLORING INFORMATION LEAKAGE IN THIRD-PARTY COMPUTE CLOUDS Eran Tromer MIT Hovav Shacham UCSD Stefan Savage UCSD ACM CCS.

OS Fingerprinting through Memory De-duplication Technique in Virtual Machines Rodney Owens and Weichao Wang Department of SIS UNC Charlotte.

A paper by Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security,

FYP Briefing Presentation Building an Efficient IaaS: - Let’s become experts in cloud computing! April 15, 2010.

1 Information Security – Theory vs. Reality , Winter Lecture 1: Introduction Eran Tromer with guest appearance by Daniel Genkin.

SECURING SELF-VIRTUALIZING ETHERNET DEVICES IGOR SMOLYAR, MULI BEN-YEHUDA, AND DAN TSAFRIR PRESENTED BY LUREN WANG.

1 Information Security – Theory vs. Reality , Winter Lecture 1: Introduction, Architectural side channels 1/2 Lecturer: Eran Tromer.

Arne Wiebalck -- VM Performance: I/O

Cloud Computing Lecture 5-6 Muhammad Ahmad Jan.

OSVT 北京大学 1 安全挑战 The practice of multi-tenancy enables various security attacks in the public cloud. There exist attacks that break the logical isolation.

The Network & ATLAS Workshop on transatlantic networking panel discussion CERN, June Kors Bos, CERN, Geneva & NIKHEF, Amsterdam ( ATLAS Computing.

Migrating to Microsoft Azure from VMware, Amazon AWS, Hyper-V & More!

References: “Hey, You, Get Off My Cloud: Exploring Information Leakage in Third-Party Compute Clouds” by Thomas Ristenpart, Eran Tromer – UC San Diego;

Thomas Ristenpart , Eran Tromer, Hovav Shacham ,Stefan Savage CCS’09

Mapping/Topology attacks on Virtual Machines

Hey, You, Get Off of My Cloud

Zvi Ostfeld Slides credit: Eran Tromer

Written by : Thomas Ristenpart, Eran Tromer, Hovav Shacham,

Lecture 24 Virtual Machine Monitors

Windows Azure Migrating SQL Server Workloads

Specialized Cloud Architectures

Virtual Machine Migration for Secure Out-of-band Remote Management in Clouds T.Unoki, S.Futagami, K.Kourai (Kyushu Institute of Technology) OUT-OF-BAND.

Exploring Information Leakage in Third-Party Compute Clouds

Presentation transcript:

Hey, You, Get Off of My Cloud Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage Presented by Daniel De Graaf

Cloud Computing Virtual Machines with Dynamic Allocation – Amazon EC2 – Microsoft Azure – Rackspace Mosso Trusted provider, untrusted clients

Attacks on the Cloud Targeted attacks – Hypervisor compromise – Denial of Service – Information leakage Most need attacker’s and victim’s VM to be on the same physical host

Cloud Cartography Mapping current and future allocations Dynamic allocation Current systems have high placement locality Overall success of 40% for a given target

Attacks on Co-Resident VMs Information leakage – Disk I/O (access time) – CPU usage (cache timings) – Network traffic rate (latency and/or bandwidth) Critical information leak – SSH keystroke timings