1 / 22

Lecture 4 : Cloud Computing Security: a first look

Lecture 4 : Cloud Computing Security: a first look. Xiaowei Yang (Duke University). Cloud Computing: the good. Elasticity O n demand scaling The illustration of infinite resources Pay-as-you go No up-front cost Pay what you need: no risk for under or over provisioning.

keita
Télécharger la présentation

Lecture 4 : Cloud Computing Security: a first look

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)

  2. Cloud Computing: the good • Elasticity • On demand scaling • The illustration of infinite resources • Pay-as-you go • No up-front cost • Pay what you need: no risk for under or over provisioning

  3. Cloud Computing: the bad • Placing your valuable code/data on a third party infrastructure • A rogue cloud admin • How do you verify what you get? • Your VMs may co-reside in the same physical machines/network as your adversaries’ • Information leaking • Denial of service attacks • More discuss in the next lecture

  4. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Thomas Ristenpart, EranTromer, HovavShacham, Stefan Savage

  5. Overview of the attack • Placement • Placing eavesdropping VMs to co-reside with targeted VMs • Extraction • Extracting confidential information via cross-VM side channels • RSA or AES secret keys

  6. Threat model • Trusted cloud provider • A requirement for using third-party resources for now • Attackers are non-provider-affiliated malicious cloud users • Victims are other cloud users that have sensitive information

  7. Case study: EC2 • Three availability zones for fault tolerance • Geography • Hardware isolation • Five types of instances • m1.small, c1.medium, m1.large, m1.xlarge, c1.xlarge •  a total of 15 combinations

  8. IP addresses of instances • An instance may have a public IP • 75.101.210.100 • A public IP corresponds to a DNS name • ec2-75-101-210-100.compute-1.amazonaws.com • Internal DNS queries return an internal IP and DNS names • 10.252.146.52 • domU-12-31-38-00-8D-C6.compute-1.internal

  9. Virtualization structure • Dom0 manages guest images, physical resource provisioning, and access control rights • EC2: Dom0 routes packets for guest images • Last hop in traceroute Guest1 Guest2 Dom0 Zen Hypervisor

  10. Network probing • External probing from outside EC2 • Internal probing from an instance inside

  11. Cloud Cartography • Hypothesis • Same availability zone shares IP prefixes • VMs on the same physical machines share IP prefixes • Evaluation • Mapping EC2 public service to internal IPs • Creating test instances

  12. Determining placement parameters • Launch instances for each of the 15 availability/instance type combination • Obtain their internal IP addresses

  13. Availability Zone

  14. Instance type and accounts • 100 instances for the same zone • From a different account • Stick to the same

  15. Derive IP address allocation rules • Heuristics to label /24 prefixes with both availability zone and instance type: • All IPs from a /16 are from the same availability zone. • A /24 inherits any included sampled instance type. If there are multiple instances with distinct types, then we label the /24 with each distinct type (i.e., it is ambiguous). • A /24 containing a Dom0 IP address only contains Dom0 IP addresses. We associate to this /24 the type of the Dom0’s associated instance • All /24’s between two consecutive Dom0 /24’s inherit the former’s associated type.

  16. A mapping of public EC2 servers

  17. Determining Co-Residence • ?

  18. Achieving Co-Residence • Bruce-force • Launching many instances • Co-residence with 141 victim servers out of 1686 targeted servers • Sets of 20 • Varied time intervals • 1785 probe instances

  19. Abusing placement locality • Timing correlation • Instance flooding • Launch many instances soon after victim servers are launched • 40% success out of 20 probes

  20. Question • How to determine when a victim instance is launched?

  21. Extraction • Many low level techniques • Cache usage • Load-based co-residence detection • Estimating traffic rates • Keystroke time attack

  22. Summary • A first look at cloud security problems • Co-residence can be harmful • Next: more case studies and overview of security problems

More Related