A comprehensive study of co-residence threat in multi-tenant public PaaS clouds

Weijuan Zhang, Xiaoqi Jia, Chang Wang, Shengzhi Zhang, Qingjia Huang, Mingsheng Wang, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

Public Platform-as-a-Service (PaaS) clouds are always multitenant. Applications from different tenants may reside on the same physical machine, which introduces the risk of sharing physical resources with a potentially malicious application. This gives the malicious application the chance to extract secret information of other tenants via sidechannels. Though large numbers of researchers focus on the information extraction, there are few studies on the co-residence threat in public clouds, especially PaaS clouds. In this paper, we in detail studied the co-residence threat of public PaaS clouds. Firstly, we investigate the characteristics of different PaaS clouds and implement a memory bus based covert-channel detection method that works for various PaaS cloud platforms. Secondly, we study three popular PaaS clouds Amazon Elastic Beanstalk, IBM Bluemix and OpenShift, to identify the co-residence threat in their placement policies. We evaluate several placement variables (e.g., application type, number of the instances, time launched, data center region, etc.) to study their influence on achieving co-residence. The results show that all the three PaaS clouds are vulnerable to the co-residence threat and the application type plays an important role in achieving co-residence on container-based PaaS clouds. At last, we present an efficient launch strategy to achieve co-residence with the victim on public PaaS clouds.

Original languageEnglish (US)
Title of host publicationInformation and Communications Security - 18th International Conference, ICICS 2016, Proceedings
EditorsKwok-Yan Lam, Sihan Qing, Chi-Hung Chi
PublisherSpringer Verlag
Pages361-375
Number of pages15
ISBN (Print)9783319500102
DOIs
StatePublished - Jan 1 2016
Event18th International Conference on Information and Communications Security, ICICS 2016 - Singapore, Singapore
Duration: Nov 29 2016Dec 2 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9977 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other18th International Conference on Information and Communications Security, ICICS 2016
CountrySingapore
CitySingapore
Period11/29/1612/2/16

Fingerprint

Placement
Containers
Covert Channel
Data storage equipment
Data Center
Information Extraction
Container
Sharing
Resources
Evaluate
Strategy
Policy
Influence

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Zhang, W., Jia, X., Wang, C., Zhang, S., Huang, Q., Wang, M., & Liu, P. (2016). A comprehensive study of co-residence threat in multi-tenant public PaaS clouds. In K-Y. Lam, S. Qing, & C-H. Chi (Eds.), Information and Communications Security - 18th International Conference, ICICS 2016, Proceedings (pp. 361-375). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9977 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-50011-9_28
Zhang, Weijuan ; Jia, Xiaoqi ; Wang, Chang ; Zhang, Shengzhi ; Huang, Qingjia ; Wang, Mingsheng ; Liu, Peng. / A comprehensive study of co-residence threat in multi-tenant public PaaS clouds. Information and Communications Security - 18th International Conference, ICICS 2016, Proceedings. editor / Kwok-Yan Lam ; Sihan Qing ; Chi-Hung Chi. Springer Verlag, 2016. pp. 361-375 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{baf1e02db91d408ea6996855c87dc179,
title = "A comprehensive study of co-residence threat in multi-tenant public PaaS clouds",
abstract = "Public Platform-as-a-Service (PaaS) clouds are always multitenant. Applications from different tenants may reside on the same physical machine, which introduces the risk of sharing physical resources with a potentially malicious application. This gives the malicious application the chance to extract secret information of other tenants via sidechannels. Though large numbers of researchers focus on the information extraction, there are few studies on the co-residence threat in public clouds, especially PaaS clouds. In this paper, we in detail studied the co-residence threat of public PaaS clouds. Firstly, we investigate the characteristics of different PaaS clouds and implement a memory bus based covert-channel detection method that works for various PaaS cloud platforms. Secondly, we study three popular PaaS clouds Amazon Elastic Beanstalk, IBM Bluemix and OpenShift, to identify the co-residence threat in their placement policies. We evaluate several placement variables (e.g., application type, number of the instances, time launched, data center region, etc.) to study their influence on achieving co-residence. The results show that all the three PaaS clouds are vulnerable to the co-residence threat and the application type plays an important role in achieving co-residence on container-based PaaS clouds. At last, we present an efficient launch strategy to achieve co-residence with the victim on public PaaS clouds.",
author = "Weijuan Zhang and Xiaoqi Jia and Chang Wang and Shengzhi Zhang and Qingjia Huang and Mingsheng Wang and Peng Liu",
year = "2016",
month = "1",
day = "1",
doi = "10.1007/978-3-319-50011-9_28",
language = "English (US)",
isbn = "9783319500102",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "361--375",
editor = "Kwok-Yan Lam and Sihan Qing and Chi-Hung Chi",
booktitle = "Information and Communications Security - 18th International Conference, ICICS 2016, Proceedings",
address = "Germany",

}

Zhang, W, Jia, X, Wang, C, Zhang, S, Huang, Q, Wang, M & Liu, P 2016, A comprehensive study of co-residence threat in multi-tenant public PaaS clouds. in K-Y Lam, S Qing & C-H Chi (eds), Information and Communications Security - 18th International Conference, ICICS 2016, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9977 LNCS, Springer Verlag, pp. 361-375, 18th International Conference on Information and Communications Security, ICICS 2016, Singapore, Singapore, 11/29/16. https://doi.org/10.1007/978-3-319-50011-9_28

A comprehensive study of co-residence threat in multi-tenant public PaaS clouds. / Zhang, Weijuan; Jia, Xiaoqi; Wang, Chang; Zhang, Shengzhi; Huang, Qingjia; Wang, Mingsheng; Liu, Peng.

Information and Communications Security - 18th International Conference, ICICS 2016, Proceedings. ed. / Kwok-Yan Lam; Sihan Qing; Chi-Hung Chi. Springer Verlag, 2016. p. 361-375 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9977 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - A comprehensive study of co-residence threat in multi-tenant public PaaS clouds

AU - Zhang, Weijuan

AU - Jia, Xiaoqi

AU - Wang, Chang

AU - Zhang, Shengzhi

AU - Huang, Qingjia

AU - Wang, Mingsheng

AU - Liu, Peng

PY - 2016/1/1

Y1 - 2016/1/1

N2 - Public Platform-as-a-Service (PaaS) clouds are always multitenant. Applications from different tenants may reside on the same physical machine, which introduces the risk of sharing physical resources with a potentially malicious application. This gives the malicious application the chance to extract secret information of other tenants via sidechannels. Though large numbers of researchers focus on the information extraction, there are few studies on the co-residence threat in public clouds, especially PaaS clouds. In this paper, we in detail studied the co-residence threat of public PaaS clouds. Firstly, we investigate the characteristics of different PaaS clouds and implement a memory bus based covert-channel detection method that works for various PaaS cloud platforms. Secondly, we study three popular PaaS clouds Amazon Elastic Beanstalk, IBM Bluemix and OpenShift, to identify the co-residence threat in their placement policies. We evaluate several placement variables (e.g., application type, number of the instances, time launched, data center region, etc.) to study their influence on achieving co-residence. The results show that all the three PaaS clouds are vulnerable to the co-residence threat and the application type plays an important role in achieving co-residence on container-based PaaS clouds. At last, we present an efficient launch strategy to achieve co-residence with the victim on public PaaS clouds.

AB - Public Platform-as-a-Service (PaaS) clouds are always multitenant. Applications from different tenants may reside on the same physical machine, which introduces the risk of sharing physical resources with a potentially malicious application. This gives the malicious application the chance to extract secret information of other tenants via sidechannels. Though large numbers of researchers focus on the information extraction, there are few studies on the co-residence threat in public clouds, especially PaaS clouds. In this paper, we in detail studied the co-residence threat of public PaaS clouds. Firstly, we investigate the characteristics of different PaaS clouds and implement a memory bus based covert-channel detection method that works for various PaaS cloud platforms. Secondly, we study three popular PaaS clouds Amazon Elastic Beanstalk, IBM Bluemix and OpenShift, to identify the co-residence threat in their placement policies. We evaluate several placement variables (e.g., application type, number of the instances, time launched, data center region, etc.) to study their influence on achieving co-residence. The results show that all the three PaaS clouds are vulnerable to the co-residence threat and the application type plays an important role in achieving co-residence on container-based PaaS clouds. At last, we present an efficient launch strategy to achieve co-residence with the victim on public PaaS clouds.

UR - http://www.scopus.com/inward/record.url?scp=85006007435&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85006007435&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-50011-9_28

DO - 10.1007/978-3-319-50011-9_28

M3 - Conference contribution

AN - SCOPUS:85006007435

SN - 9783319500102

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 361

EP - 375

BT - Information and Communications Security - 18th International Conference, ICICS 2016, Proceedings

A2 - Lam, Kwok-Yan

A2 - Qing, Sihan

A2 - Chi, Chi-Hung

PB - Springer Verlag

ER -

Zhang W, Jia X, Wang C, Zhang S, Huang Q, Wang M et al. A comprehensive study of co-residence threat in multi-tenant public PaaS clouds. In Lam K-Y, Qing S, Chi C-H, editors, Information and Communications Security - 18th International Conference, ICICS 2016, Proceedings. Springer Verlag. 2016. p. 361-375. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-50011-9_28