Authors:
Gerald Palfinger
1
;
Bernd Prünster
2
and
Dominik Ziegler
3
Affiliations:
1
A-SIT Secure Information Technology Center Austria, Seidlgasse 22 / Top 9, 1030 Vienna and Austria
;
2
Institute of Applied Information Processing and Communications (IAIK), Graz University of Technology, Inffeldgasse 16a, 8010 Graz and Austria
;
3
Know Center GmbH, Inffeldgasse 13, 8010 Graz and Austria
Keyword(s):
Deduplication, Side Channel, Cloud, File System, Copy-on-Write, CoW, ZFS, Storage, Virtual Private Server, Virtual Machine.
Related
Ontology
Subjects/Areas/Topics:
Data and Application Security and Privacy
;
Information and Systems Security
;
Privacy
;
Security and Privacy in the Cloud
;
Security and Privacy in Web Services
;
Software Security
Abstract:
By exploiting a side channel created by Copy-on-Write (CoW) operations of modern file systems, we present a novel attack which allows for detecting files in a shared cloud environment across virtual machine boundaries. In particular, we measure deduplication operation timings in order to probe for existing files of neighbouring virtual machines in a shared file system pool. As a result, no assumptions about the underlying hardware and no network access are necessary. To evaluate the real-world implications, we successfully demonstrate the feasibility of our attack on the ZFS file system. Our results clearly show that the presented attack enables the detection of vulnerable software or operating systems in a victim’s virtual machine on the same file system pool with high accuracy. Furthermore, we discuss several potential countermeasures and their implications.