Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hey, You, Get Off of My Cloud

Published byClaud Farmer Modified over 9 years ago

Similar presentations

Presentation on theme: "Hey, You, Get Off of My Cloud"— Presentation transcript:

1 Hey, You, Get Off of My Cloud
Exploring Information Leakage in Third-Party Compute Clouds By Thomas Ristenpart et al. Edward Wu

2 Structure High Level Picture/Motivation Thread Model Approach
Mitigations Pros/Cons What's New/Not New in Cloud Security? Acknowledgement: slides/thoughts borrowed from Prof. Ragib Hasan's lecture notes and UIUC Security Reading Group's reviews

3 Conference & Authors CCS 09
Influential, cited by 226 papers in 2 years (Google Scholar) Media coverage: MIT Technology Review, Network World, Network World (2), Computer World, Data Center Knowledge, IT Business Edge, Cloudsecurity.org, Infoworld First work on cloud cartography Attack launched against commercially available ”real” cloud (Amazon EC2) Claims up to 40% success in co-residence with target VM

4 High Level Picture Traditional system security mostly means keeping bad guys out. The attacker needs to either compromise the auth/access control system, or impersonate existing users. But clouds allow co-tenancy: Multiple independent users share the same physical infrastructure. An attacker can legitimately be in the same physical machine as the target

5 Challenges for the attacker
How to find out WHERE the target is located How to CO-LOCATE with the target in the same physical machine How to GATHER INFORMATION about the target

6 Approach Map the cloud infrastructure to find where the target is located Use various heuristics to determine co-residence of two VMs Launch probe VMs trying to be co-residence with target VMs Exploit cross-VM leakage to gather information about the target

7 Threat Model Attacker Model
Cloud infrastructure provider is trustworthy Cloud insiders are trustworthy Attacker is a malicious third party who can legitimately use cloud provider's service Assets Confidentiality aware services run on cloud Availability of services run on cloud

8 Threat Model Attacker Model
Cloud infrastructure provider is trustworthy Cloud insiders are trustworthy Attacker is a malicious third party who can legitimately use cloud provider's service Assets Confidentiality aware services run on cloud Availability of services run on clou

9 The Amazon EC2 Xen hypervisor, called Domain0, is used to manage guest images, physical resource provisioning, and access control rights. Dom0 routes packages and reports itself as a first hop. Consists of 2 regions (United States and Europe), each have 3 availability zones, 5 Linux instance types. (outdated!) Instances have a one-to-one mapping of internal IP addresses and external IP addresses, which are static

10 Mapping the Cloud Plot of internal IPs against zones
Result: Different availability zones correspond to different statically defined internal IP address ranges.

11 Mapping the Cloud Plot of internal IPs in Zone 3 against instance types Result: Same instance types correspond loosely with similar IP address range regions.

12 Determine Co-residence
Network-based co-resident checks: instances are likely co-resident if they have: matching Dom0 IP address small packet round-trip times numerically close internal IP addresses (within 7) Verified via a hard-disk-based covert channel Conclusion of test: Effective false positive rate of ZERO for the co-resident checks.

13 Probe VM Placement Strategy 1: Brute-forcing placement
a success rate of 8.4% Strategy 2: Abusing Placement Locality Attacker knows when the target instances will be launched Inference avaliability zone and instance type from its IP Instance flooding immediately following launch of instance by launch many instances simultaneously. Achieves a success rate of 40%

14 Information Leakage Co-Residency affords the ability to:
Denial of Service Estimate victim's work load Cache Network Traffic Extract cryptographic keys via cache-based side channels. Other cross-VM attacks

15 Mitigations Mapping: Use a randomized scheme to allocate IP addresses
Block some scanning tools/activities (nmap,traceroute) Co-residence checks: Prevent identification of dom0/hypervisor

16 Mitigations Co-location: Not allow co-residence at all:
Beneficial for cloud users Not efficient for cloud providers N-tier trust model? Information leakage: Prevent cache load attacks?

17 Amazon's response Amazon downplays report highlighting vulnerabilities in its cloud service "The side channel techniques presented are based on testing results from a carefully controlled lab environment with configurations that do not match the actual Amazon EC2 environment." "As the researchers point out, there are a number of factors that would make such an attack significantly more difficult in practice." downplays_report_highlighting_vulnerabilities_its_clo ud_service

18 Pros Shows preliminary work in side channel attacks in VMs.
Demonstrates the practicality of their attacks on Amazon EC2. Covers precise attack model. Simple tools are used to launch attack which are easily available to any attacker. Covers potential measures to take to inhibit such attacks.

19 Cons Are the side channels really effective?
How much an attacker can leverage the information leaked out using this scheme. If the target is on a full system it is not attackable by using this scheme.

20 What is not New? What’s New About Cloud Computing Security?Yanpei Chen, Vern Paxson, Randy H. Katz Argued that few cloud computing security issues are fundamentally new or fundamentally intractable. Remember the good old time-sharing systems such as Multics, National CCS?

21 What is not New? Phishing, downtime, data loss, password weaknesses, and compromised hosts running botnets Most research continues on web security, data outsourcing and assurance, and virtual machines Servers in cloud computing currently operate as (in)securely as servers in traditional enterprise datacenters Zeus running its C&C server on EC2 in 2009

22 What's New in Cloud Security?
Unexpected side channels (passively observing information) and covert channels Reputation fate-sharing: spam filter blacklist, police raid, server crash

23 Novelties in the cloud threat model
Data and software are not the only assets worth protecting, activity patterns also need to be protected. Need to accommodate a longer trust chain. (incentives for companies to specialize) Competitive businesses can operate within the same cloud computing ecosystem. Mutual auditability, between cloud users and providers Potentially inaccurate mental models of cloud computing as an always-available service, leads to false sense of security (EC2 Crash)

24

Download ppt "Hey, You, Get Off of My Cloud"

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Distributed System Lab.1 Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Thomas Ristenpart ¤, Eran Tromer, Hovav.

Distributed System Lab.1 Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Thomas Ristenpart ¤, Eran Tromer, Hovav.
Rohit Kugaonkar CMSC 601 Spring 2011 May 9 th 2011

Rohit Kugaonkar CMSC 601 Spring 2011 May 9 th 2011
Lecture 5: Cloud Security: what’s new? Xiaowei Yang (Duke University)

Lecture 5: Cloud Security: what’s new? Xiaowei Yang (Duke University)
Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)

Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Yan Qiang, 2009-1-7.

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Yan Qiang,
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.
Hey You, Get Off My Cloud: Exploring information Leakage in third party compute clouds T.Ristenpart, Eran Tromer, Hovav Shacham and Steven Savage ACM CCS.

Hey You, Get Off My Cloud: Exploring information Leakage in third party compute clouds T.Ristenpart, Eran Tromer, Hovav Shacham and Steven Savage ACM CCS.
 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.

 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
By Christopher Moran, Nicoara Talpes 1.  Solution is addressed to VMs that are web servers  Web servers should not have confidential information anyway.

By Christopher Moran, Nicoara Talpes 1.  Solution is addressed to VMs that are web servers  Web servers should not have confidential information anyway.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.
This paper states that one of the major problem to the adoption of cloud computing is that of security.  Existing cloud computing problem or concerns.

This paper states that one of the major problem to the adoption of cloud computing is that of security.  Existing cloud computing problem or concerns.
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds by Thomas Ristenpart et al. defended by Ning Xia & Najim Yaqubie.

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds by Thomas Ristenpart et al. defended by Ning Xia & Najim Yaqubie.
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds By Thomas Ristenpart Eran Tromer Hovav Shacham Stefan Savage.

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds By Thomas Ristenpart Eran Tromer Hovav Shacham Stefan Savage.

Similar presentations

Ads by Google