Download presentation
Presentation is loading. Please wait.
Published byDuane Sutton Modified over 8 years ago
1
OSVT 北京大学 1 安全挑战 The practice of multi-tenancy enables various security attacks in the public cloud. There exist attacks that break the logical isolation provided by virtualization to breach confidentiality or degrade the performance of victim. (Perhaps)Most notable are the side-channels attacks that steal private keys across the virtual-machine isolation boundary by cleverly monitoring shared resource usage.
2
OSVT 北京大学 2 安全挑战 To achieve such attacks, an adversary should be able to launch a virtual machine on the same physical host with a victim, making the two VMs co- resident(sometimes the term co-located is used).Doing so consists of using a launch strategy together with a mechanism for co-residency detection. When an advantageous launch strategy exists, making it easy and cheap to achieve co-location. We say the cloud suffers from a placement vulnerability.
3
OSVT 北京大学 3 研究进展 (Varadarajan, 2015) have investigated the problem of placement vulnerabilities and quantitatively evaluated three popular public clouds,(EC2, GCE and Azure) for their susceptibility to co-location attacks. They finally find that it is much easier (10x higher success rate) and cheaper (up to $114 less) to achieve co- location in these three clouds when compared to a secure reference placement policy.
4
OSVT 北京大学 4 研究进展 Defenses against such vulnerabilities and researches on VM allocation and scheduling policies to mitigate multi-tenancy risks have been proposed in the academic literature (Bijon, 2015) (Han, 2014) (Godfrey, 2014) (Godfrey, 2013) (Raj, 2009)
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.