Download presentation
Presentation is loading. Please wait.
Published byMoris Clinton Thompson Modified over 6 years ago
1
“Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds”
Written by : Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage Presented by: Ibrahim Elsayed
2
Overview What is the cloud? New threats in cloud computing
Research questions Experiment Explore cloud infrastructure. Determine co-residency. Achieve co-residency. Exploit information. What can we do? Conclusion
3
Cloud Computing What is the cloud?
The new infrastructure for hosting data and deploying software and services. Benefits Cost Savings Scalability Flexibility
4
Cloud Computing On-demand computing outsourcing Examples:
Amazon’s EC2 (Elastic Compute Cloud) Microsoft’s Azure Service Platform Rackspace’s Mosso New Threats: Trust relationship between customer and cloud provider Multi-tenancy (security threat)
5
Multi-tenancy Your instance is placed on the same server with other customers
6
Research Motivation Explore the threats of multi-tenancy in cloud computing Provide experimental results of the impact of these threats using a real cloud service provider (Amazon EC2) as a case study
7
Research Questions Can one determine where in the cloud infrastructure an instance is located? Can one easily determine if two instances are co-resident on the same physical machine? Can an adversary launch instances that will be co-resident with other user’s instances? Can an adversary exploit cross-VM information leakage once co-resident?
8
AMAZON ELASTIC COMPUTE CLOUD - EC2
Scalable, pay-as-you-go compute capacity in the cloud Customers can run different operating systems within a virtual machine Different regions and availability zones
9
Attack The attack considered requires two main steps: 1- Placement
Place a malicious VM on the same physical machine as that of the victim 2- Extraction extract confidential information from the victim via a side channel attack
10
Attacker Not affiliated with the provider (third-party user)
Can run many instances at the same time Can create multiple accounts Up to 20 instances per account
11
Cloud Cartography Try to learn about how Amazon places instance in order to carry out the attack Each instance assigned internal and external IP address Review addresses assigned to a large number of launched instances
12
Determining Co-Residence
Co-resident: instances running on same machine Network-based co-residence checks: Matching (host domain) Dom0 IP address Small packet round-trip times 10 RTTs 1st always slow Use last 9 Numerically close internal IP address (within 7)
13
Achieving co-residency
Two main techniques are presented to become co-resident with another user: Brute Force launch many instances over a relatively long period of time. Abusing Placement Locality Target recently launched attacks.
14
Brute-Force Placement
Launch many instances within a time frame If co-resident, successful placement Else, terminate probe instance Of 1686 target victims co-residence achieved with 141 victim servers ( 8.4% coverage of targets). Max 20 simultaneous instance for one account. Allows reasonable success rate when used to target large target sets
15
Placement Locality Recall that one of the main features of cloud computing is to only run servers when needed. This suggests that servers are often run on instances, terminated when not needed, and later run again. The key idea is to catch the time at which the victim turns on (relaunches) his instance.
16
EC2 Placement Policy Placement locality Sequential placement locality
Two instance run sequentially are often assigned to the same machine (one starts after one terminated). Parallel placement locality Two instance from distinct accounts run roughly at the same time are often assigned to the same machine.
17
Placement Locality Attack recently launched instances (temporal locality). Monitor a server’s state (e.g., via network probing). Launch lots of instances right after the launch of victim’s instance. Experiment Single victim instance is launched Attacker launches 20 instances within 5 minutes (in appropriate zone and type) Perform co-residence check
18
Placement Locality Experiments achieved an 40% coverage of targets.
19
Exploiting co-residence
CPU contains small and fast memory cache shared by all instances .
20
Exploiting co-residence
CPU contains small and fast memory cache shared by all instances . If the attacker accesses the memory, it is served from the cache
21
Exploiting co-residence
CPU contains small and fast memory cache shared by all instances . If the attacker accesses the memory, it is served from the cache if the victim accesses the memory, the cache fills up and the attacker notices a slow-down
22
Exploiting co-residence
Time-shared cache allows an attacker to measure when other instances are experiencing computational load Web traffic monitoring
23
Exploiting co-residence
Also, the attacker can deduce the memory access patterns of the victim Example: if the victim is performing RSA or AES decryption, the access patterns are determined by the secret key Attacker can steal AES secret key in 65 milliseconds
24
Keystroke timing attack
Cache load measurements used to mount a keystroke attack The goal is to measure the time between keystrokes made by a victim typing a password Report a keystroke when the probing measurement is between 3.1 μs and 9 μs (upper threshold filters out unrelated activity) Inter-keystroke times if properly measures can be used to perform recovery of the password
25
Inhibiting Side-Channel Attacks
Blinding techniques Cache wiping, random delay insertion, adjust machine’s perception of time But, are these effective? Usually, impractical and application specific May not be possible to PLUG all side-channels Only way: AVOID co-residence
26
Research Questions - Answered
Can one determine where in the cloud infrastructure an instance is located? - Yes. Can one easily determine if two instances are co-resident on the same physical machine? Can an adversary launch instances that will be co-resident with other user’s instances? Can an adversary exploit cross-VM information leakage once co-resident? - Sort of.
27
Summary New risks from cloud computing exposed
Shared physical infrastructure may and most likely will cause problems Practical attack performed Suggested countermeasure
28
Resources https://cse.sc.edu/~huangct/CSCE813F15/CCS09_cloudsec.pdf
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.