Cross-VM information leakage Load measurement: Prime-Trigger-Probe – B: buffer of size b; s: cache line size 1.Prime: Read B at s-offset 2.Trigger: busy-loop until swapped out 3.Probe: measure the time it takes to read B again at s-offset – If it takes long – If it does not take long
Load-based co-residence detection Send http requests to a target VM Do load measurement – High – Low
Overview New threats New research opportunities
New threats A more reliable alternative to botnets – If cloud computing is cheaper and more reliable than botnets, use cloud Brute-forcer Resource sharing and interference – Placement, inferrence Reputation fate sharing – Spammers block other legitimate services – An FBI raid
Novel elements Protecting data and software is not enough Activity pattern needs protection as well Reputation attribution A longer trust chain Competitiveness business may co-locate
Is mutual auditability a solution? Provider audits customer’s activities Customer audits what a provider provides enables attribution of blame
New opportunities Cloud providers should offer a choice of security primitives – Granularity of virtualizations Physical machines, LANS, clouds, or datacenters Mutual auditability – Provider audits customer’s activities – Customer audits what a provider provides – enables attribution of blame Studying cloud security vulnerabilities
Next Discovering VM dependencies using CPU utilization – Question to ponder: can this technique be used a security attack?
Interesting techniques Inference technique – Auto-regressive modeling: use past samples to predict future values – Compute distances of AR models Models with similar coefficients are closer – K-mean clustering Perturbation to improve inference accuracy
Security attacks Achieving co-residence Do load measurements Figure out service correlations DoS all related services
Your consent to our cookies if you continue to use this website.