1. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds
Thomas Ristenpart , Eran Tromer, Hovav Shacham ,Stefan Savage
CCS’09
Speaker：Kuo

2. Outline Introduction THREAT MODEL EC2 service NETWORK PROBING
CLOUD CARTOGRAPHY
DETERMINING CORESIDENCE
EXPLOITING PLACEMENT IN EC2
CROSS-VM INFORMATION LEAKAGE

3. introduction Cloud computing: Advantages: Drawback:
cloud computing services
cloud computing technologies
Advantages:
dynamic provisioning
Low capital expenditures
Drawback:
risks between customer and cloud provider
risks between customer and customer
雲端運算是一種概念,根據知名分析公司Gartner
第一種雲端運算，叫「雲端服務」(cloud computing services)：有些網路服務，透過一個瀏覽器，透過互聯網來存取、來操作、來服務，譬如Salesforce.com的CRM工具，或是Amazon EC2的空間服務，這一類的「雲端運算」可視為Grid computing、SaaS的自然延伸，使用者完全不必去擔心成長的問題，遠端自然會幫你將該需要的伺服器或資料庫都準備好，使用者只要放心的把東西丟到網路上、丟往遠端的服務商即可。也充份善用了互聯網的便利性，讓使用者可以安全的將所有資料都存在遠端的一或多個伺服機裡，到哪裡都可以使用，服務商也可隨時作升級或更動，同時又巧妙的將龐大運算的問題丟給「雲端」解決，於是讓一隻單薄的手機或一個沒有運算能力的GPS也都可以上網幹很多奇奇怪怪的事，這一種雲端運算，主要是在形容一種新的「服務」方式。
第二種雲端運算，叫「雲端技術」(cloud computing technologies)：有些提到雲端運算的，其實是「data center」的下一代產品，內部系統採用多台電腦一同運算、儲存、相互備援，譬如可以將基因圖譜定序、DNA解碼等拆成好多來演算，又譬如Skype與BitTorrent以點對點(P2P)來共同組成單一系統，這個陣營其實才是正宗的distributed computing的「分身」，它技術牽扯到「雲端」的部份，遠比第一種雲端運算還要多，這種雲端運算主要是在形容一種新的「技術」。
而「「網格運算」」則是分散式運算加以延伸的一支，其主要特點在於將各種不同平台、不同架構、不同等級的電腦透過分散式運算的方式做整合運用。所謂的「網格」指的則是以公開的基準處理分散各處的資料。
由此觀之，「雲端運算」與「網格運算」並沒有顯著的不同。的確，兩者都是分散式運算的延伸，唯獨「網格運算」著眼於整合眾多異構平台，而「雲端運算」則強調在本地端資源有限的情況下，利用網路取得遠方的運算資源。
Drawback:
因為在vm之間,實體資源是透明的被分享的
此篇paper拿amazon ec2的服務當例子
作者依據他們從ec2上所實驗得到的資料,在這種提供雲端計算服務的server上進行攻擊

4. 2. THREAT MODEL
we consider the provider and its infrastructure to be trusted.
adversaries are non-provider-affiliated malicious parties.
Assume:
a malicious party can run and control many instances in the cloud
an attacker’s instances might even run on the same physical hardware as potential victims.
也不會針對系統的弱點去做攻擊
攻擊者可以操作這些分享的實體資源來獲取機密的資料

5. 3. EC2 service Amazon’s Elastic Compute Cloud (EC2) service:
flexibly rent computational resources
Amazon provides two “regions”, US and Europe
Each region contains three “availability zones”
provides the ability to run Linux, FreeBSD, OpenSolaris and Windows within a virtual machine (VM) provided by a version of the Xen hypervisor
Domain0 :
Configured to route packets for its guest images and reports itself as a hop in traceroutes.
manage guest images, their physical resource provisioning, and any access control rights.
The Xen® hypervisor, the powerful open source industry standard for virtualization, offers a powerful, efficient, and secure feature set for virtualization of x86, x86_64, IA64, ARM, and other CPU architectures. It supports a wide range of guest operating systems including Windows®, Linux®, Solaris®, and various versions of the BSD operating systems.
這些vm就被放置在這些實體的server上

6. zone1
zone2
zone3 US
Europe
Domain 0 VM VM VM VM

7. a valid account, a user creates one or more VM images
Instance: one such running image
instance type
‘m1.small’
‘c1.medium’
‘m1.large’
‘m1.xlarge’
‘c1.xlarge’
Each instance has
external IPv4 address and domain name
an internal private address and domain name
a single virtual core providing one ECU combined with 1.7 GB of memory and 160 GB of local storage
provides 2 virtual cores each with 2 ECUs, 7.5GB of memory and 850GB of local storage.
一個account 最多只能同時執行20個instance
“small compute slot” (m1.small) is described as a single vir-
tual core providing one ECU (EC2 Compute Unit, claimed to
be equivalent to a 1.0–1.2 GHz 2007 Opteron or 2007 Xeon
processor) combined with 1.7 GB of memory and 160 GB
of local storage,

8. 4.NETWORK PROBING
utilize nmap, hping,and wget to perform network probes to determine liveness of EC2 instances
nmap : perform TCP connect probes, attempt to complete a 3-way hand-shake between a source and target.
hping: perform TCP SYN traceroutes, which iteratively sends TCP SYN packets with increasing time-to-lives (TTLs).
wget: retrieve web pages
nmap :來查出該 port 的服務為何 ,瞭解一下到底有幾部主機活在你的網路當中 ,掌握住您區域網路內每部主機的服務啟動狀況
在指定的網路區段下掃瞄主機群的網路連線，探測指定主機已開啟的通訊埠，藉由前兩項資訊可檢測出遠端主機的作業系統及網路服務為何。
Hping:網路探測, Hping –網路封包檢驗工具，產生各種
TCP/UDP/ICMP/RAW IP 封包並檢驗回應封包
Wget:擷取HTML 檔案
Both TCP connect probes and SYN traceroutes
require a target port; we only targeted ports 80 or 443.
嘗試與目標instance建立連線
嘗試去找出攻擊者and目標instance的距離

9. two types of probes:
External probes: a system outside EC2 and has destination an EC2 instance.
internal probes:an EC2 instance (under our control) and has destination another EC2 instance.
因為道德與合法性的問題,所以我們只做INTERNAL PROBES

10. 5.CLOUD CARTOGRAPHY
Hypothesis: different availability zones (instance types) are likely to correspond to different internal IP address ranges
using data sets:
One created by launching a number of EC2 instances of varying types and surveying the resulting IP address assigned.
‘map’ the EC2 service to understand where potential targets are located and the instance creation parameters needed to attempt establishing co-residence of an adversarial instance.

11. 5.1 Surveying public servers on EC2
Utilizing WHOIS queries, identify four distinct IP address prefixes,/16,/17,/18,/19
remain IP addresses
performed a TCP connect probe on port 80
11315 responsive IPswget on port 80
9558 responded
57344 IP addressesperformed a TCP port 4438375 responsive IPs
resulted in a list of unique internal IPs
用ec2裡面的DNS去轉換,會發現有….

12. 5.2 Instance placement parameters
the Amazon EC2 internal IP address space is cleanly partitioned between availability zones and instance types
首先實驗ZONE所分配的IP ADDRESS是不是分開的

13. availability zones
assumption :internal IP addresses are statically assigned to physical machines
a plot of the internal IP address assigned to each of the 300 instances, partitioned according to availability zone
不然要做IP routing時實作上會有困難
this
data supports the assessment that availability zones use sep-
arate physical infrastructure.

14. instance type and account:
account A and B
launched 100 instances(20 of each type) in zone3
55 of the account B IPs were repeats of those assigned to instances for account A
A結束等39小時後,b才開始啟動
一個ip address是不會被分配到兩個type,也就是說一個ip只會屬於一個type
Ex : 有個type m1.small 的instance拿到 ,當這個instance被結束後,ip會被回收,有新的instance被啟動,只有在m1.small type中才有可能被分配到 這個ip
我們發現,在account B 所啟動的instance中,有55個ip是之前曾分配給account a 的instance
由這個實驗得知,在type中的ip是互相混在一起的,也就是說,你沒法說在type m1.small的ip是從哪個範圍到哪個範圍,只能知道,屬於type m1.small的ip 就屬於m1.small的,不會是其他type的

15. 5.3 A fuller map of EC2

16. 6. DETERMINING CORESIDENCE
instances are likely co-resident if they have
(1) matching Dom0 IP address:
(2) small packet round-trip times,
(3) numerically close internal IP addresses
一個instances的network traffic’s first hop 就是dom0,所以利用TCP SYN tranceroute 去trace其他的instance, 然後再看它最後一個hop
Rtt:封包從傳送端到目的端傳送的來回時間,通常第一個回報的Rtt都會比較慢,所以作者座了10個probe 會把第一個去掉
作者他們去查詢亞馬遜ec2上m1.small使用的cpuid,而去知道,運作m1.small type 的實體機器,有兩個cpu 每個cpu有兩個core,而ec2上限訂每個instance只能使用50%的core usage,所以去推測只有8個instance可以同時在同一台機器上run,
因此,如果ip address 很相近,在8個以內,我們也可以推測,這兩個instance是鄰居
50%

17. 6.1 Veracity of the co-residence checks
if two instances (under our control) can successfully transmit via the hard-disk-based covert channel then they are co-resident
隱密性通道是指被電腦系統中的程序用來傳送違反系統安全政策訊息的傳輸通道

18. 7. EXPLOITING PLACEMENT IN EC2
Goal:
How an adversary launch instance that will be co-residence with target victims
Observations
n instances in parallel under a single account results in placement on n separate machines.
No more than eight m1.small instances were ever observed to be simultaneously co-resident.
placement locality
Sequential placement locality
Parallel placement locality
在我們能確認一個instance在哪個type和zone 以及能辨別兩個instance是不是鄰居後,我們接下來就是將攻擊者的instance啟動,並且期望這個攻擊者的instance能與被攻擊的instance能成鄰居
我們沒有觀察到 一個account同時執行兩個instance, 這兩個instance會在同一台實體機器上,所以同時執行n個instance會分布在不同n台機器上
一台實體機器最大只能同時執行八個m1.small,當機器滿了,攻擊者的instance就沒機會可以被分派到同一台上
Sequential place-
ment locality exists when two instances run sequentially (the
first terminated before launching the second) are often as-
signed to the same machine. Parallel placement locality
exists when two instances run (from distinct accounts) at
roughly the same time are often assigned to the same ma-
chine.

19. Sequential placement locality :
two instances run sequentially are often assigned to the same machine.
Parallel placement locality :
exists when two instances run (from distinct accounts) at roughly the same time are often assigned to the same machine.
接下來後面提到的部份,都會以m1.small這個type來說明

20. 7.1 Brute-forcing placement
strategy:
run numerous instances over a long period of time
步驟:
Enumerates a set of potential target victims.
Infers these targets belong to which zone and which instance type
repeatedly runs probe instances in the target zone and of the target type.
Each probe checks if it is co-resident with any of the targets.
If not the instance is quickly terminated.
Achieve 8.4% coverage of the target set
對於大的目標集合,這個策略成功的機率會比較大,ex 有1個目標,用此策略100個,結果只中1/100, 如果有40個目標,中的機率就是40/100

21. 7.2 Abusing Placement Locality
strategy:
Assume that an attacker can launch instances relatively soon after the launch of a target victim
The attacker then engages in instance flooding:running as many instances in parallel as possible
find attack strategies that do better than
brute-force for individual targets or small target sets.
如果我們run這個probe instance的時間短到接近目標instance的啟動時間,
那麼攻擊者可以展現parallel placement locality的特性,
這會使攻擊者與目標者的instance處在同一台機器上的機率很大
我們怎麼能夠期望,在目標instance啟動後能很快的啟動instance?
舉例,攻擊者可以監視server的狀態,當instance有在run十,server才run,反之,
當他出現新的instance,我們就從事instance flooding
另外,攻擊者也可以去觸發一個新的目標instance

22. Different zone does not affect co-residence rates
Different account and time of day does not affect co-residence rates
看基本的成功率是多少

23. The effect of increased time lag.
“Total co-resident” corresponds to the number of probe instances at the indicated hour offset that were co-resident with at least one of the victims. “New co-resident” is the number of victim instances that were collided with for the first time at the indicated hour offset.

24. 8. CROSS-VM INFORMATION LEAKAGE
Goal:
show the ability of a malicious instance to utilize side channels to learn information about co-resident instances.
我們會在目標instance上引起一些公開存取的服務,藉由目標instance在這服務上的行為,來判別是否為共存的狀態
一般的攻擊觀察明文和密文, 並試圖找出金匙．而Side-Channel Attack則觀察其它的行為資訊來試圖回復金匙．所謂的Side-Channel就是說除了一般正常的加解密方式以外, 使用任何其它不是原來設計作為加解密的演算或方式所得到的結果）並且成功的應用在公開金匙或秘密金匙系統上
主要利用
電腦加解密運算時之時間特徵，推導出私密金鑰的一種攻擊
方法。
利用與目標共存,來蒐息目標對cache的存取行為的資料,藉由這個cache-based load measurements來做Keystroke timing attack:

25. 8.1Measuring cache usage
a high load indicates activity on co-resident instances
utilize the Prime+Probe technique to measure cache activity
Measurement via Prime+Probe:
This measurement method tries to discover the set of memory blocks read by the encryption a posteriori, by examining the state of the cache after encryption.

26. Cache-based covert channel
Cache load measurements create very effective covert channels between cooperating processes running in different VMs
A covert channel is any communication channel that can be exploited by a process to transfer information in a manner that violates the system’s security policy
cache covert-channel attack:
the sender idles to transmit “0” and frantically accesses memory to transmit “1”.
The receiver accesses a memory block of his own and observes the access latencies. High latencies are indicative that the sender is evicting the receiver’s data from the caches, i.e., that “1” is transmitted.
This attack is applicable across VMs, though it tends to be unreliable (and thus has very low bandwidth) in a noisy setting.

27. 8.2 Load-based co-residence detection
In the second trial we used a fresh pair of instances co-resident on a different machine,

28. 8.3 Estimating traffic rates
report on initial experimentation with estimation, via side channel measurements, of HTTP traffic rates to a co-resident web server.
For example, timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information which can be exploited to break the system

29. Keystroke timing attack:
the adversary’s goal is to measure the time between keystrokes made by a victim typing a password
The attacking VM is able to observe a clear signal with 5% missed keystrokes and 0.3 false triggers per second. The timing resolution is roughly 13ms.
電腦加解密運算時之時間特徵，推導出私密金鑰的一種攻擊

30. Thanks!