Download presentation
Presentation is loading. Please wait.
1
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds
Authors: Thomas Ristenpart, et at. Defended by Vaibhav Rastogi and Yi Yang
2
Introduction Introduction EC2 Service, Network Probing Attacking Steps
Cloud Cartography Placement Extraction Discussion
3
Traditional system security mostly means keeping bad guys out.
The attacker needs to either compromise the auth/access control system, or impersonate existing users
4
But clouds allow co-tenancy :
Multiple independent users share the same physical infrastructure So, an attacker can legitimately be in the same physical machine as the target.
5
How to find out where the target is located
How to be co-located with the target in the same (physical) machine How to gather information about the target
6
Exploring Information Leakage in Third-Party Compute Clouds
First work on cloud cartography Attack launched against commercially available “real” cloud (Amazon EC2) Up to 40% success in co-residence with target VM
7
Cloud infrastructure provider is trustworthy
Cloud insiders are trustworthy Attacker is a malicious third party who can legitimately the cloud provider as a client Threat: An attacker’s instances can run on the same physical hardware as potential victims. Therefore, the attacker might manipulate shared physical resources (eg. CPU caches, network queues, etc) to learn otherwise confidential information.
8
Attack Tasks Map the cloud infrastructure to find where the target is located Use various heuristics to determine co-residency of two VMs Launch probe VMs trying to be co-resident with target VMs Exploit cross-VM leakage to gather information about target
9
[Figures from Xen Wiki]
The EC2 Service The EC2 service enables users to flexibly rent computational resources for use by their applications. A privileged virtual machine, called Domain0, is configured to route packets for its guest images and reports itself as a hop in traceroutes. 2 Regions, 3 Availability zones, 5 instance types. Each instance has one internal IP and one external IP. Both are static. For example: External IP: Internal IP: [Figures from Xen Wiki]
10
Network Probing Nmap, hping, wget for network probing
Nmap is a security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network. hping is a packet generator and analyzer for the TCP/IP protocol. Wget is a computer program that retrieves content from web servers. By using such tools, we can understand VM placement in the EC2 system and provide evidence of co-residence.
11
Finding: Different availability zones correspond to different internal IP address ranges;
12
Finding: same instance type within the same zone
= similar IP regions
13
Task 2: Determining co-residence
Check to determine if a given VM is placed in the same physical machine as another VM Instances are likely co-resident if they have (1) matching Dom0 IP address, (2) small packet round-trip times, or (3) numerically close internal IP addresses (e.g. within 7).
14
Task #3: Making a probe VM co-resident with target VM
Brute force scheme Idea: figure out target’s availability zone and type Launch many probe instances in the same area Success rate: 8.4%, but on large target set
15
Task #3: Making a probe VM co-resident with target VM
Smarter strategy: utilize locality Idea: VM instances launched right after target are likely to be co-resident with the target Success rate: 40%!
16
Task #3: Making a probe VM co-resident with target VM
Window of opportunity is quite large, measured in days
17
Task #4: Gather leaked information
Now that the VM is co-resident with target, what can it do? Gather information via side channels Perform DoS
18
Task 4.1: Gathering information
Measure latency of cache loads Use that to determine Co-residence Traffic rates Keystroke timing
19
Credits Slides based on work of Ragib Hasan Johns Hopkins University
20
Mitigation strategies #1: Mapping
Use a randomized scheme to allocate IP addresses Block some tools (nmap, traceroute)
21
Mitigation strategies #2: Co-residence checks
Prevent traceroute (i.e., prevent identification of dom0)
22
Mitigation strategies #3: Co-location
Not allow co-residence at all Beneficial for cloud user Not efficient for cloud provider
23
Mitigation strategies #4: Information leakage
Prevent cache load attacks?
24
Discussion How is the problem different from other attacks?
What’s so special about clouds?
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.