A comprehensive study of co-residence threat in multi-tenant public PaaS clouds

Weijuan Zhang, Xiaoqi Jia, Chang Wang, Shengzhi Zhang, Qingjia Huang, Mingsheng Wang, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Scopus citations

Abstract

Public Platform-as-a-Service (PaaS) clouds are always multitenant. Applications from different tenants may reside on the same physical machine, which introduces the risk of sharing physical resources with a potentially malicious application. This gives the malicious application the chance to extract secret information of other tenants via sidechannels. Though large numbers of researchers focus on the information extraction, there are few studies on the co-residence threat in public clouds, especially PaaS clouds. In this paper, we in detail studied the co-residence threat of public PaaS clouds. Firstly, we investigate the characteristics of different PaaS clouds and implement a memory bus based covert-channel detection method that works for various PaaS cloud platforms. Secondly, we study three popular PaaS clouds Amazon Elastic Beanstalk, IBM Bluemix and OpenShift, to identify the co-residence threat in their placement policies. We evaluate several placement variables (e.g., application type, number of the instances, time launched, data center region, etc.) to study their influence on achieving co-residence. The results show that all the three PaaS clouds are vulnerable to the co-residence threat and the application type plays an important role in achieving co-residence on container-based PaaS clouds. At last, we present an efficient launch strategy to achieve co-residence with the victim on public PaaS clouds.

Original languageEnglish (US)
Title of host publicationInformation and Communications Security - 18th International Conference, ICICS 2016, Proceedings
EditorsKwok-Yan Lam, Sihan Qing, Chi-Hung Chi
PublisherSpringer Verlag
Pages361-375
Number of pages15
ISBN (Print)9783319500102
DOIs
StatePublished - Jan 1 2016
Event18th International Conference on Information and Communications Security, ICICS 2016 - Singapore, Singapore
Duration: Nov 29 2016Dec 2 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9977 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other18th International Conference on Information and Communications Security, ICICS 2016
CountrySingapore
CitySingapore
Period11/29/1612/2/16

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'A comprehensive study of co-residence threat in multi-tenant public PaaS clouds'. Together they form a unique fingerprint.

Cite this