Advertisement

A Replication Study to Explore Network-Based Co-residency of Virtual Machines in the Cloud

  • Sanchay GuptaEmail author
  • Robert MiceliEmail author
  • Joel CoffmanEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12403)

Abstract

By deploying virtual machines (VMs) on shared infrastructure in the cloud, users gain flexibility, increase scalability, and decrease their operational costs compared to on-premise infrastructure. However, a cloud environment introduces new vulnerabilities, particularly from untrusted users sharing the same physical hardware. In 2009, Ristenpart et al. demonstrated that an attacker could place a VM on the same physical hardware and extract confidential information from a target using a side-channel attack. We replicated this seminal work on cloud cartography and network-based co-residency tests on Amazon Web Services (AWS) and OpenStack cloud infrastructures. Although the Elastic Compute Cloud (EC2) cloud cartography remains similar to prior work, current mitigations deter the network-based co-residency tests. OpenStack’s cloud cartography differs from EC2’s, and we found that OpenStack was vulnerable to one network-based co-residency test. Our results indicate that co-residency threats remain a concern more than a decade after their initial description.

References

  1. 1.
    Smith, J.E., Nair, R.: The architecture of virtual machines. Computer 38(5), 32–38 (2005)CrossRefGoogle Scholar
  2. 2.
    Kotsovinos, E.: Virtualization: blessing or curse? Commun. ACM 54(1), 61–65 (2011)CrossRefGoogle Scholar
  3. 3.
    Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security. CCS ’09, New York, NY, USA, pp. 199–212. ACM (2009)Google Scholar
  4. 4.
    Vaquero, L.M., Rodero-Merino, L., Morán, D.: Locking the sky: a survey on IaaS cloud security. Computing 91(1), 93–118 (2011)CrossRefGoogle Scholar
  5. 5.
    Hashizume, K., Rosado, D.G., Fernández-Medina, E., Fernandez, E.B.: An analysis of security issues for cloud computing. J. Internet Serv. Appl. 4(1), 25 (2013)Google Scholar
  6. 6.
    Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security. CCS 2012, New York, NY, USA, pp. 305–316. ACM (2012)Google Scholar
  7. 7.
    Irazoqui, G., Eisenbarth, T., Sunar, B.: Cross processor cache attacks. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security - ASIA CCS 2016, Xi’an, China, pp. 353–364. ACM Press (2016)Google Scholar
  8. 8.
    Xu, Z., Wang, H., Wu, Z.: A measurement study on co-residence threat inside the cloud. In: 24th USENIX Security Symposium. USENIX Security 2015, Washington, D.C., USENIX Association, pp. 929–944 (August 2015)Google Scholar
  9. 9.
    Varadarajan, V., Zhang, Y., Ristenpart, T., Swift, M.: A placement vulnerability study in multi-tenant public clouds. In: Proceedings of the 24th USENIX Security Symposium, Washington, D.C., USENIX Association, pp. 913–928, August 2015Google Scholar
  10. 10.
    Zhang, T., Zhang, Y., Lee, R.B.: Memory DoS Attacks in Multi-tenant Clouds: Severity and Mitigation. arXiv:1603.03404 [cs] (March 2016)
  11. 11.
    Duplyakin, D., et al.: The Design and Operation of CloudLab. In: Proceedings of the USENIX Annual Technical Conference. ATC 2019, pp. 1–14 (July 2019)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Engineering for ProfessionalsJohns Hopkins UniversityBaltimoreUSA
  2. 2.Department of Computer and Cyber SciencesUnited States Air Force AcademyAir Force AcademyUSA

Personalised recommendations