Catch Me if You Can: A Closer Look at Malicious Co-Residency on the Cloud

Ahmed Osama Fathy Atya, Zhiyun Qian, Srikanth V. Krishnamurthy, Thomas F. La Porta, Patrick Drew McDaniel, Lisa M. Marvel

Research output: Contribution to journalArticle

Abstract

VM migration is an effective countermeasure against attempts at malicious co-residency. In this paper, our overarching objectives are: (a) to get an in-depth understanding of the ways and effectiveness with which an attacker can launch attacks toward achieving co-residency and (b) to design migration policies that are very effective in thwarting malicious co-residency, but are thrifty in terms of the bandwidth and downtime costs that are incurred with live migration. Toward achieving our goals, we first undertake an experimental study on Amazon EC2 to obtain an in-depth understanding of the side-channels, through which an attacker can use to ascertain co-residency with a victim. Here, in this paper, we identify a new set of stealthy side-channel attacks which we show to be more effective than the currently available attacks toward verifying co-residency. We also build a simple model that can be used for estimating co-residency times based on very few measurements on a given cloud platform, to account for varying attacker capabilities. Based on the study, we develop a set of guidelines to determine under what conditions the victim VM migrations should be triggered, given the performance costs in terms of bandwidth and downtime, which a user is willing to bear. Through extensive experiments on our private in-house cloud, we show that the migrations, using our guidelines, can limit the fraction of the time that an attacker VM co-resides with a victim VM to about 1% of the time with the bandwidth costs of a few MB and downtimes of a few seconds per day per VM migrated.

Original languageEnglish (US)
Article number8648158
Pages (from-to)560-576
Number of pages17
JournalIEEE/ACM Transactions on Networking
Volume27
Issue number2
DOIs
StatePublished - Apr 1 2019

Fingerprint

Bandwidth
Costs
Experiments
Side channel attack

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Science Applications
  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Cite this

Atya, Ahmed Osama Fathy ; Qian, Zhiyun ; Krishnamurthy, Srikanth V. ; La Porta, Thomas F. ; McDaniel, Patrick Drew ; Marvel, Lisa M. / Catch Me if You Can : A Closer Look at Malicious Co-Residency on the Cloud. In: IEEE/ACM Transactions on Networking. 2019 ; Vol. 27, No. 2. pp. 560-576.
@article{933096f1200b438383197019f673d75f,
title = "Catch Me if You Can: A Closer Look at Malicious Co-Residency on the Cloud",
abstract = "VM migration is an effective countermeasure against attempts at malicious co-residency. In this paper, our overarching objectives are: (a) to get an in-depth understanding of the ways and effectiveness with which an attacker can launch attacks toward achieving co-residency and (b) to design migration policies that are very effective in thwarting malicious co-residency, but are thrifty in terms of the bandwidth and downtime costs that are incurred with live migration. Toward achieving our goals, we first undertake an experimental study on Amazon EC2 to obtain an in-depth understanding of the side-channels, through which an attacker can use to ascertain co-residency with a victim. Here, in this paper, we identify a new set of stealthy side-channel attacks which we show to be more effective than the currently available attacks toward verifying co-residency. We also build a simple model that can be used for estimating co-residency times based on very few measurements on a given cloud platform, to account for varying attacker capabilities. Based on the study, we develop a set of guidelines to determine under what conditions the victim VM migrations should be triggered, given the performance costs in terms of bandwidth and downtime, which a user is willing to bear. Through extensive experiments on our private in-house cloud, we show that the migrations, using our guidelines, can limit the fraction of the time that an attacker VM co-resides with a victim VM to about 1{\%} of the time with the bandwidth costs of a few MB and downtimes of a few seconds per day per VM migrated.",
author = "Atya, {Ahmed Osama Fathy} and Zhiyun Qian and Krishnamurthy, {Srikanth V.} and {La Porta}, {Thomas F.} and McDaniel, {Patrick Drew} and Marvel, {Lisa M.}",
year = "2019",
month = "4",
day = "1",
doi = "10.1109/TNET.2019.2891528",
language = "English (US)",
volume = "27",
pages = "560--576",
journal = "IEEE/ACM Transactions on Networking",
issn = "1063-6692",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "2",

}

Catch Me if You Can : A Closer Look at Malicious Co-Residency on the Cloud. / Atya, Ahmed Osama Fathy; Qian, Zhiyun; Krishnamurthy, Srikanth V.; La Porta, Thomas F.; McDaniel, Patrick Drew; Marvel, Lisa M.

In: IEEE/ACM Transactions on Networking, Vol. 27, No. 2, 8648158, 01.04.2019, p. 560-576.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Catch Me if You Can

T2 - A Closer Look at Malicious Co-Residency on the Cloud

AU - Atya, Ahmed Osama Fathy

AU - Qian, Zhiyun

AU - Krishnamurthy, Srikanth V.

AU - La Porta, Thomas F.

AU - McDaniel, Patrick Drew

AU - Marvel, Lisa M.

PY - 2019/4/1

Y1 - 2019/4/1

N2 - VM migration is an effective countermeasure against attempts at malicious co-residency. In this paper, our overarching objectives are: (a) to get an in-depth understanding of the ways and effectiveness with which an attacker can launch attacks toward achieving co-residency and (b) to design migration policies that are very effective in thwarting malicious co-residency, but are thrifty in terms of the bandwidth and downtime costs that are incurred with live migration. Toward achieving our goals, we first undertake an experimental study on Amazon EC2 to obtain an in-depth understanding of the side-channels, through which an attacker can use to ascertain co-residency with a victim. Here, in this paper, we identify a new set of stealthy side-channel attacks which we show to be more effective than the currently available attacks toward verifying co-residency. We also build a simple model that can be used for estimating co-residency times based on very few measurements on a given cloud platform, to account for varying attacker capabilities. Based on the study, we develop a set of guidelines to determine under what conditions the victim VM migrations should be triggered, given the performance costs in terms of bandwidth and downtime, which a user is willing to bear. Through extensive experiments on our private in-house cloud, we show that the migrations, using our guidelines, can limit the fraction of the time that an attacker VM co-resides with a victim VM to about 1% of the time with the bandwidth costs of a few MB and downtimes of a few seconds per day per VM migrated.

AB - VM migration is an effective countermeasure against attempts at malicious co-residency. In this paper, our overarching objectives are: (a) to get an in-depth understanding of the ways and effectiveness with which an attacker can launch attacks toward achieving co-residency and (b) to design migration policies that are very effective in thwarting malicious co-residency, but are thrifty in terms of the bandwidth and downtime costs that are incurred with live migration. Toward achieving our goals, we first undertake an experimental study on Amazon EC2 to obtain an in-depth understanding of the side-channels, through which an attacker can use to ascertain co-residency with a victim. Here, in this paper, we identify a new set of stealthy side-channel attacks which we show to be more effective than the currently available attacks toward verifying co-residency. We also build a simple model that can be used for estimating co-residency times based on very few measurements on a given cloud platform, to account for varying attacker capabilities. Based on the study, we develop a set of guidelines to determine under what conditions the victim VM migrations should be triggered, given the performance costs in terms of bandwidth and downtime, which a user is willing to bear. Through extensive experiments on our private in-house cloud, we show that the migrations, using our guidelines, can limit the fraction of the time that an attacker VM co-resides with a victim VM to about 1% of the time with the bandwidth costs of a few MB and downtimes of a few seconds per day per VM migrated.

UR - http://www.scopus.com/inward/record.url?scp=85061969399&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85061969399&partnerID=8YFLogxK

U2 - 10.1109/TNET.2019.2891528

DO - 10.1109/TNET.2019.2891528

M3 - Article

AN - SCOPUS:85061969399

VL - 27

SP - 560

EP - 576

JO - IEEE/ACM Transactions on Networking

JF - IEEE/ACM Transactions on Networking

SN - 1063-6692

IS - 2

M1 - 8648158

ER -