Malicious co-residency on the cloud: Attacks and defense

Ahmed Osama Fathy Atya, Zhiyun Qian, Srikanth V. Krishnamurthy, Thomas F. La Porta, Patrick Drew McDaniel, Lisa Marvel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

Attacker VMs try to co-reside with victim VMs on the same physical infrastructure as a precursor to launching attacks that target information leakage. VM migration is an effective countermeasure against attempts at malicious co-residency. In this paper, we first undertake an experimental study on Amazon EC2 to obtain an in-depth understanding of the side-channels an attacker can use to ascertain co-residency with a victim. Here, we identify a new set of stealthy side-channel attacks which, we show to be more effective than currently available attacks towards verifying co-residency. Based on the study, we develop a set of guidelines to determine under what conditions victim VM migrations should be triggered given performance costs in terms of bandwidth and downtime, that a user is willing to bear. Via extensive experiments on our private in-house cloud, we show that migrations using our guidelines can limit the fraction of the time that an attacker VM co-resides with a victim VM to about 1 % of the time with bandwidth costs of a few MB and downtimes of a few seconds, per day per VM migrated.

Original languageEnglish (US)
Title of host publicationINFOCOM 2017 - IEEE Conference on Computer Communications
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781509053360
DOIs
StatePublished - Oct 2 2017
Event2017 IEEE Conference on Computer Communications, INFOCOM 2017 - Atlanta, United States
Duration: May 1 2017May 4 2017

Publication series

NameProceedings - IEEE INFOCOM
ISSN (Print)0743-166X

Other

Other2017 IEEE Conference on Computer Communications, INFOCOM 2017
CountryUnited States
CityAtlanta
Period5/1/175/4/17

Fingerprint

Bandwidth
Launching
Costs
Experiments
Side channel attack

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Electrical and Electronic Engineering

Cite this

Atya, A. O. F., Qian, Z., Krishnamurthy, S. V., La Porta, T. F., McDaniel, P. D., & Marvel, L. (2017). Malicious co-residency on the cloud: Attacks and defense. In INFOCOM 2017 - IEEE Conference on Computer Communications [8056951] (Proceedings - IEEE INFOCOM). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/INFOCOM.2017.8056951
Atya, Ahmed Osama Fathy ; Qian, Zhiyun ; Krishnamurthy, Srikanth V. ; La Porta, Thomas F. ; McDaniel, Patrick Drew ; Marvel, Lisa. / Malicious co-residency on the cloud : Attacks and defense. INFOCOM 2017 - IEEE Conference on Computer Communications. Institute of Electrical and Electronics Engineers Inc., 2017. (Proceedings - IEEE INFOCOM).
@inproceedings{a93a23de6caf46cea155a999b321a292,
title = "Malicious co-residency on the cloud: Attacks and defense",
abstract = "Attacker VMs try to co-reside with victim VMs on the same physical infrastructure as a precursor to launching attacks that target information leakage. VM migration is an effective countermeasure against attempts at malicious co-residency. In this paper, we first undertake an experimental study on Amazon EC2 to obtain an in-depth understanding of the side-channels an attacker can use to ascertain co-residency with a victim. Here, we identify a new set of stealthy side-channel attacks which, we show to be more effective than currently available attacks towards verifying co-residency. Based on the study, we develop a set of guidelines to determine under what conditions victim VM migrations should be triggered given performance costs in terms of bandwidth and downtime, that a user is willing to bear. Via extensive experiments on our private in-house cloud, we show that migrations using our guidelines can limit the fraction of the time that an attacker VM co-resides with a victim VM to about 1 {\%} of the time with bandwidth costs of a few MB and downtimes of a few seconds, per day per VM migrated.",
author = "Atya, {Ahmed Osama Fathy} and Zhiyun Qian and Krishnamurthy, {Srikanth V.} and {La Porta}, {Thomas F.} and McDaniel, {Patrick Drew} and Lisa Marvel",
year = "2017",
month = "10",
day = "2",
doi = "10.1109/INFOCOM.2017.8056951",
language = "English (US)",
series = "Proceedings - IEEE INFOCOM",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
booktitle = "INFOCOM 2017 - IEEE Conference on Computer Communications",
address = "United States",

}

Atya, AOF, Qian, Z, Krishnamurthy, SV, La Porta, TF, McDaniel, PD & Marvel, L 2017, Malicious co-residency on the cloud: Attacks and defense. in INFOCOM 2017 - IEEE Conference on Computer Communications., 8056951, Proceedings - IEEE INFOCOM, Institute of Electrical and Electronics Engineers Inc., 2017 IEEE Conference on Computer Communications, INFOCOM 2017, Atlanta, United States, 5/1/17. https://doi.org/10.1109/INFOCOM.2017.8056951

Malicious co-residency on the cloud : Attacks and defense. / Atya, Ahmed Osama Fathy; Qian, Zhiyun; Krishnamurthy, Srikanth V.; La Porta, Thomas F.; McDaniel, Patrick Drew; Marvel, Lisa.

INFOCOM 2017 - IEEE Conference on Computer Communications. Institute of Electrical and Electronics Engineers Inc., 2017. 8056951 (Proceedings - IEEE INFOCOM).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Malicious co-residency on the cloud

T2 - Attacks and defense

AU - Atya, Ahmed Osama Fathy

AU - Qian, Zhiyun

AU - Krishnamurthy, Srikanth V.

AU - La Porta, Thomas F.

AU - McDaniel, Patrick Drew

AU - Marvel, Lisa

PY - 2017/10/2

Y1 - 2017/10/2

N2 - Attacker VMs try to co-reside with victim VMs on the same physical infrastructure as a precursor to launching attacks that target information leakage. VM migration is an effective countermeasure against attempts at malicious co-residency. In this paper, we first undertake an experimental study on Amazon EC2 to obtain an in-depth understanding of the side-channels an attacker can use to ascertain co-residency with a victim. Here, we identify a new set of stealthy side-channel attacks which, we show to be more effective than currently available attacks towards verifying co-residency. Based on the study, we develop a set of guidelines to determine under what conditions victim VM migrations should be triggered given performance costs in terms of bandwidth and downtime, that a user is willing to bear. Via extensive experiments on our private in-house cloud, we show that migrations using our guidelines can limit the fraction of the time that an attacker VM co-resides with a victim VM to about 1 % of the time with bandwidth costs of a few MB and downtimes of a few seconds, per day per VM migrated.

AB - Attacker VMs try to co-reside with victim VMs on the same physical infrastructure as a precursor to launching attacks that target information leakage. VM migration is an effective countermeasure against attempts at malicious co-residency. In this paper, we first undertake an experimental study on Amazon EC2 to obtain an in-depth understanding of the side-channels an attacker can use to ascertain co-residency with a victim. Here, we identify a new set of stealthy side-channel attacks which, we show to be more effective than currently available attacks towards verifying co-residency. Based on the study, we develop a set of guidelines to determine under what conditions victim VM migrations should be triggered given performance costs in terms of bandwidth and downtime, that a user is willing to bear. Via extensive experiments on our private in-house cloud, we show that migrations using our guidelines can limit the fraction of the time that an attacker VM co-resides with a victim VM to about 1 % of the time with bandwidth costs of a few MB and downtimes of a few seconds, per day per VM migrated.

UR - http://www.scopus.com/inward/record.url?scp=85034090019&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85034090019&partnerID=8YFLogxK

U2 - 10.1109/INFOCOM.2017.8056951

DO - 10.1109/INFOCOM.2017.8056951

M3 - Conference contribution

AN - SCOPUS:85034090019

T3 - Proceedings - IEEE INFOCOM

BT - INFOCOM 2017 - IEEE Conference on Computer Communications

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Atya AOF, Qian Z, Krishnamurthy SV, La Porta TF, McDaniel PD, Marvel L. Malicious co-residency on the cloud: Attacks and defense. In INFOCOM 2017 - IEEE Conference on Computer Communications. Institute of Electrical and Electronics Engineers Inc. 2017. 8056951. (Proceedings - IEEE INFOCOM). https://doi.org/10.1109/INFOCOM.2017.8056951