Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 5: Cloud Security: what’s new? Xiaowei Yang (Duke University)

Published byKaleb Aspell Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 5: Cloud Security: what’s new? Xiaowei Yang (Duke University)"— Presentation transcript:

1 Lecture 5: Cloud Security: what’s new? Xiaowei Yang (Duke University)

2 Recap Exploring information leakage in third- party compute clouds – Placement – Determining co-residence – Inferrence

3 Placement Launching test instances Determining the correlation between instance placement and IP addresses Launching many probe instances in the same availability zone

4 Determining co-residence Traceroute

5 Cross-VM information leakage Load measurement: Prime-Trigger-Probe – B: buffer of size b; s: cache line size 1.Prime: Read B at s-offset 2.Trigger: busy-loop until swapped out 3.Probe: measure the time it takes to read B again at s-offset – If it takes long  – If it does not take long 

6 Load-based co-residence detection Send http requests to a target VM Do load measurement – High  – Low 

7 Which one(s) shows co-resident?

8 Estimating traffic rates High traffic rates  high load

9 Keystroke timing attack Hypothesis – On an idle machine, High load spike  keystroke input Timing between high load spikes  timing between keystrokes Timing between keystrokes  infers password

10 Summary Co-residence  information leak Defending against it is hard

11 WHAT’S NEW ABOUT CLOUD COMPUTING SECURITY?

12 Overview New threats New research opportunities

13 New threats A more reliable alternative to botnets – If cloud computing is cheaper and more reliable than botnets, use cloud Brute-forcer Resource sharing and interference – Placement, inferrence Reputation fate sharing – Spammers block other legitimate services – An FBI raid

14 Novel elements Protecting data and software is not enough  Activity pattern needs protection as well Reputation attribution A longer trust chain Competitiveness business may co-locate

15 Is mutual auditability a solution? Provider audits customer’s activities Customer audits what a provider provides  enables attribution of blame

16 New opportunities Cloud providers should offer a choice of security primitives – Granularity of virtualizations Physical machines, LANS, clouds, or datacenters Mutual auditability – Provider audits customer’s activities – Customer audits what a provider provides –  enables attribution of blame Studying cloud security vulnerabilities

17 Next Discovering VM dependencies using CPU utilization – Question to ponder: can this technique be used a security attack?

18 Interesting techniques Inference technique – Auto-regressive modeling: use past samples to predict future values – Compute distances of AR models Models with similar coefficients are closer – K-mean clustering Perturbation to improve inference accuracy

19 Security attacks Achieving co-residence Do load measurements Figure out service correlations DoS all related services

Download ppt "Lecture 5: Cloud Security: what’s new? Xiaowei Yang (Duke University)"

Similar presentations

Abstract There is significant need to improve existing techniques for clustering multivariate network traffic flow record and quickly infer underlying.

Abstract There is significant need to improve existing techniques for clustering multivariate network traffic flow record and quickly infer underlying.
Distributed System Lab.1 Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Thomas Ristenpart ¤, Eran Tromer, Hovav.

Distributed System Lab.1 Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Thomas Ristenpart ¤, Eran Tromer, Hovav.
Rohit Kugaonkar CMSC 601 Spring 2011 May 9 th 2011

Rohit Kugaonkar CMSC 601 Spring 2011 May 9 th 2011
Protecting Cyber-TA Contributors: Risks and Challenges Vitaly Shmatikov The University of Texas at Austin.

Protecting Cyber-TA Contributors: Risks and Challenges Vitaly Shmatikov The University of Texas at Austin.
Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)

Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Yan Qiang, 2009-1-7.

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Yan Qiang,
A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.
Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk email o Over 70% of email traffic  Bugs ---

Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk o Over 70% of traffic  Bugs ---
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.

1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
Virtualization and Cloud Computing

Virtualization and Cloud Computing
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.
Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.

Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
Hey You, Get Off My Cloud: Exploring information Leakage in third party compute clouds T.Ristenpart, Eran Tromer, Hovav Shacham and Steven Savage ACM CCS.

Hey You, Get Off My Cloud: Exploring information Leakage in third party compute clouds T.Ristenpart, Eran Tromer, Hovav Shacham and Steven Savage ACM CCS.
Hey, You, Get Off of My Cloud

Hey, You, Get Off of My Cloud
Look Who’s Talking: Discovering Dependencies between Virtual Machines Using CPU Utilization HotCloud 10 Presented by Xin.

Look Who’s Talking: Discovering Dependencies between Virtual Machines Using CPU Utilization HotCloud 10 Presented by Xin.
By Christopher Moran, Nicoara Talpes 1.  Solution is addressed to VMs that are web servers  Web servers should not have confidential information anyway.

By Christopher Moran, Nicoara Talpes 1.  Solution is addressed to VMs that are web servers  Web servers should not have confidential information anyway.

Similar presentations

Ads by Google