Swiper: Exploiting virtual machine vulnerability in third-party clouds with competition for I/O resources

Ron C. Chiang, Sundaresan Rajasekaran, Nan Zhang, H. Howie Huang

Research output: Contribution to journalArticlepeer-review

13 Scopus citations

Abstract

The emerging paradigm of cloud computing, e.g., Amazon Elastic Compute Cloud (EC2), promises a highly flexible yet robust environment for large-scale applications. Ideally, while multiple virtual machines (VM) share the same physical resources (e.g., CPUs, caches, DRAM, and I/O devices), each application should be allocated to an independently managed VM and isolated from one another. Unfortunately, the absence of physical isolation inevitably opens doors to a number of security threats. In this paper, we demonstrate in EC2 a new type of security vulnerability caused by competition between virtual I/O workloads - i.e., by leveraging the competition for shared resources, an adversary could intentionally slow down the execution of a targeted application in a VM that shares the same hardware. In particular, we focus on I/O resources such as hard-drive throughput and/or network bandwidth - which are critical for data-intensive applications. We design and implement Swiper, a framework which uses a carefully designed workload to incur significant delays on the targeted application and VM with minimum cost (i.e., resource consumption). We conduct a comprehensive set of experiments in EC2, which clearly demonstrates that Swiper is capable of significantly slowing down various server applications while consuming a small amount of resources.

Original languageEnglish (US)
Article number6824231
Pages (from-to)1732-1742
Number of pages11
JournalIEEE Transactions on Parallel and Distributed Systems
Volume26
Issue number6
DOIs
StatePublished - Jun 1 2015

All Science Journal Classification (ASJC) codes

  • Signal Processing
  • Hardware and Architecture
  • Computational Theory and Mathematics

Fingerprint Dive into the research topics of 'Swiper: Exploiting virtual machine vulnerability in third-party clouds with competition for I/O resources'. Together they form a unique fingerprint.

Cite this