Hey You Get Off of My Cloud Exploring
- Slides: 28
“Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds” Written by : Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage Presented by: Ibrahim Elsayed
Overview ● ● What is the cloud? New threats in cloud computing Research questions Experiment ○ Explore cloud infrastructure. ○ Determine co-residency. ○ Achieve co-residency. ○ Exploit information. ● What can we do? ● Conclusion
Cloud Computing ● What is the cloud? The new infrastructure for hosting data and deploying software and services. ● Benefits ○ Cost Savings ○ Scalability ○ Flexibility
Cloud Computing ● On-demand computing outsourcing ● Examples: ○ Amazon’s EC 2 (Elastic Compute Cloud) ○ Microsoft’s Azure Service Platform ○ Rackspace’s Mosso ● New Threats: ○ Trust relationship between customer and cloud provider ○ Multi-tenancy (security threat)
Multi-tenancy ● Your instance is placed on the same server with other customers
Research Motivation ● Explore threats of multi-tenancy in cloud computing ● Provide experimental results of the impact of these threats using a real cloud service provider (Amazon EC 2) as a case study
Research Questions ● Can one determine where in the cloud infrastructure an instance is located? ● Can one easily determine if two instances are co-resident on the same physical machine? ● Can an adversary launch instances that will be co-resident with other user’s instances? ● Can an adversary exploit cross-VM information leakage once co-resident?
AMAZON ELASTIC COMPUTE CLOUD - EC 2 ● Scalable, pay-as-you-go compute capacity in the cloud ● Customers can run different operating systems within a virtual machine ● Different regions and availability zones
Attack ● The attack considered requires two main steps: 1 - Placement Place a malicious VM on the same physical machine as that of the victim 2 - Extraction extract confidential information from the victim via a side channel attack
Attacker ● Not affiliated with the provider (third-party user) ● Can run many instances at the same time o Can create multiple accounts o Up to 20 instances per account
Cloud Cartography ● Try to learn about how Amazon places instance in order to carry out the attack ● Each instance assigned internal and external IP address ● Review addresses assigned to a large number of launched instances
Determining Co-Residence ● Co-resident: instances running on same machine ● Network-based co-residence checks: ○ Matching (host domain) Dom 0 IP address ○ Small packet round-trip times ■ 10 RTTs ■ 1 st always slow ■ Use last 9 ○ Numerically close internal IP address (within 7)
Achieving co-residency ● Two main techniques are presented to become coresident with another user: - Brute Force launch many instances over a relatively long period of time. - Abusing Placement Locality Target recently launched attacks.
Brute-Force Placement ● Launch many instances within a time frame ○ If co-resident, successful placement ○ Else, terminate probe instance ● Of 1686 target victims co-residence achieved with 141 victim servers ( 8. 4% coverage of targets). ● Max 20 simultaneous instance for one account. ● Allows reasonable success rate when used to target large target sets
Placement Locality ● Recall that one of the main features of cloud computing is to only run servers when needed. ● This suggests that servers are often run on instances, terminated when not needed, and later run again. ● The key idea is to catch the time at which the victim turns on (relaunches) his instance.
EC 2 Placement Policy ● Placement locality ○ Sequential placement locality - Two instance run sequentially are often assigned to the same machine (one starts after one terminated). ○ Parallel placement locality - Two instance from distinct accounts run roughly at the same time are often assigned to the same machine.
Placement Locality ● Attack recently launched instances (temporal locality). ● Monitor a server’s state (e. g. , via network probing). Launch lots of instances right after the launch of victim’s instance. ● Experiment ○ Single victim instance is launched ○ Attacker launches 20 instances within 5 minutes (in appropriate zone and type) ○ Perform co-residence check
Placement Locality ● Experiments achieved an 40% coverage of targets.
Exploiting co-residence ● CPU contains small and fast memory cache shared by all instances.
Exploiting co-residence ● CPU contains small and fast memory cache shared by all instances. ● If the attacker accesses the memory, it is served from the cache
Exploiting co-residence ● CPU contains small and fast memory cache shared by all instances. ● If the attacker accesses the memory, it is served from the cache ● if the victim accesses the memory, the cache fills up and the attacker notices a slow-down
Exploiting co-residence ● Time-shared cache allows an attacker to measure when other instances are experiencing computational load ● Web traffic monitoring
Exploiting co-residence ● Also, the attacker can deduce the memory access patterns of the victim ● Example: if the victim is performing RSA or AES decryption, the access patterns are determined by the secret key ● Attacker can steal AES secret key in 65 milliseconds
Keystroke timing attack ● Cache load measurements used to mount a keystroke attack ● The goal is to measure the time between keystrokes made by a victim typing a password ● Report a keystroke when the probing measurement is between 3. 1 μs and 9 μs (upper threshold filters out unrelated activity) ● Inter-keystroke times if properly measures can be used to perform recovery of the password
Inhibiting Side-Channel Attacks ● Blinding techniques ○ Cache wiping, random delay insertion, adjust machine’s perception of time ● But, are these effective? ○ Usually, impractical and application specific ○ May not be possible to PLUG all side-channels ● Only way: AVOID co-residence
Research Questions - Answered ● Can one determine where in the cloud infrastructure an instance is located? - Yes. ● Can one easily determine if two instances are co-resident on the same physical machine? - Yes. ● Can an adversary launch instances that will be co-resident with other user’s instances? - Yes. ● Can an adversary exploit cross-VM information leakage once co-resident? - Sort of.
Summary ● New risks from cloud computing exposed ● Shared physical infrastructure may and most likely will cause problems ● Practical attack performed ● Suggested countermeasure
Resources ● https: //cse. sc. edu/~huangct/CSCE 813 F 15/CCS 09_clou dsec. pdf ● https: //eprint. iacr. org/2005/271. pdf ● http: //rump 2009. cr. yp. to/8 d 9 cebc 9 ad 358331 fcde 611 bf 4 5 f 735 d. pdf ● http: //zoo. cs. yale. edu/classes/cs 722/2011/esyta_cloud. pdf
- Hey hey you you get off of my cloud
- Hey hey you you get off of my cloud
- Get on get in get off
- Song with hey hey hey in chorus
- Figurative language in the song one thing by one direction
- Pictures
- Please sit down and your seat belts
- Laughing and a running hey hey
- 126/63 blood pressure
- Somebody once asked could i spare some change for gas
- Elbows off the table fingers off the food song
- Defensive line drills
- Male gaze nedir
- Conditional 1 2 3
- Observatiedoelen
- What do you get when you cross darth vader with an elephant
- Get up get moving quiz
- Get up get moving quiz
- Get up get moving quiz
- Sequence pseudocode
- Get focused get results
- Germer
- Hey you
- Hey you
- Hey-you-see-so
- Nice to meet ya mucho gusto
- Nice to meet ya mucho gusto
- Computing refers to
- Cloud integration patterns