Sift - An Efficient Method for Co-residency Detection on Amazon EC2

Kang Chen, Qingni Shen, Cong Li, Yang Luo, Yahui Yang, Zhonghai Wu

2016

Abstract

Cloud computing, an emerging computing and service paradigm, where the computing and storage capabilities are outsourced on demand, offers the advanced capabilities of sharing and multi-tenancy. But security has been a major barrier for its adoption to enterprise, as being placed with other tenants on the same physical machine (i.e. co-residency or co-location) poses a particular risk. Former research has shown how side channels in shared hardware may enable attackers to exfiltrate sensitive data across virtual machines (VMs). In view of such risks, tenants need to be able to verify physical isolation of their VMs. This paper presents Sift, an efficient and reliable approach for co-residency detection. Through a pre-filtration procedure, the time for co-residency detection could be significantly reduced. We describe the cloud scenarios envisaged for use of Sift and the accompanying threat model. A preliminary validation of Sift has been carried out in a local lab Xen virtualization experimental platform. Then, using the Amazon’s Elastic Compute Cloud (EC2) as the test platform, we evaluate its practicability in production cloud environment. It appears that Sift can confirm co-residency with a target VM instance in less than 5 seconds with an extremely low false rate.

References

  1. Bijon, K., Krishnan, R., & Sandhu, R. (2015, June). Mitigating Multi-Tenancy Risks in IaaS Cloud Through Constraints-Driven Virtual Resource Scheduling. In Proceedings of the 20th ACM Symposium on Access Control Models and Technologies (pp. 63-74). ACM.
  2. Bates, A., Mood, B., Pletcher, J., Pruse, H., Valafar, M., & Butler, K. (2012, October). Detecting co-residency with active traffic analysis techniques. In Proceedings of the 2012 ACM Workshop on Cloud computing security workshop (pp. 1-12). ACM.
  3. Godfrey, M., & Zulkernine, M. (2014). Preventing CacheBased Side-Channel Attacks in a Cloud Environment. Cloud Computing, IEEE Transactions on, 2(4), 395- 408.
  4. Godfrey, M., & Zulkernine, M. (2013, June). A serverside solution to cache-based side-channel attacks in the cloud. In Cloud Computing (CLOUD), 2013 IEEE Sixth International Conference on (pp. 163-170). IEEE.
  5. Han, Y., Chan, J., Alpcan, T., & Leckie, C. (2014, June). Virtual machine allocation policies against co-resident attacks in cloud computing. In Communications (ICC), 2014 IEEE International Conference on (pp. 786-792). IEEE.
  6. Hund, R., Willems, C., & Holz, T. (2013, May). Practical timing side channel attacks against kernel space ASLR. In Security and Privacy (SP), 2013 IEEE Symposium on (pp. 191-205). IEEE.
  7. Ristenpart, T., Tromer, E., Shacham, H., & Savage, S. (2009, November). Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security (pp. 199- 212). ACM.
  8. Raj, H., Nathuji, R., Singh, A., & England, P. (2009, November). Resource management for isolation enhanced cloud services. In Proceedings of the 2009 ACM workshop on Cloud computing security (pp. 77- 84). ACM.
  9. Shen, Q., Wan, M., Zhang, Z., Zhang, Z., Qing, S., & Wu, Z. (2013). A covert channel using event channel state on xen hypervisor. In Information and Communications Security (pp. 125-134). Springer International Publishing.
  10. Varadarajan, V., Zhang, Y., Ristenpart, T., & Swift, M. (2015, August). A placement vulnerability study in multi-tenant public clouds. In 24th USENIX Security Symposium (USENIX Security 15)(Washington, DC (pp. 913-928).
  11. Varadarajan, V., Kooburat, T., Farley, B., Ristenpart, T., & Swift, M. M. (2012, October). Resource-freeing attacks: improve your cloud performance (at your neighbor's expense). In Proceedings of the 2012 ACM conference on Computer and communications security (pp. 281-292). ACM.
  12. Wu, Z., Xu, Z., & Wang, H. (2012, August). Whispers in the Hyper-space: High-speed Covert Channel Attacks in the Cloud. In USENIX Security symposium (pp. 159-173).
  13. Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., & Schlichting, R. (2011, October). An exploration of L2 cache covert channels in virtualized environments. In Proceedings of the 3rd ACM workshop on Cloud computing security workshop (pp. 29-40). ACM.
  14. Yarom, Y., & Falkner, K. E. (2013). Flush+ Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack. IACR Cryptology ePrint Archive, 2013, 448.
  15. Zhang, Y., Juels, A., Oprea, A., & Reiter, M. K. (2011, May). Homealone: Co-residency detection in the cloud via side-channel analysis. In Security and Privacy (SP), 2011 IEEE Symposium on (pp. 313-328). IEEE.
  16. Zhang, Y., Juels, A., Reiter, M. K., & Ristenpart, T. (2012, October). Cross-VM side channels and their use to extract private keys. In Proceedings of the 2012 ACM conference on Computer and communications security (pp. 305-316). ACM.
  17. Zhang, Y., Juels, A., Reiter, M. K., & Ristenpart, T. (2014, November). Cross-tenant side-channel attacks in paas clouds. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (pp. 990-1003). ACM.
  18. Zhou, F., Goel, M., Desnoyers, P., & Sundaram, R. (2011). Scheduler vulnerabilities and attacks in cloud computing. arXiv preprint arXiv:1103.0759.
Download


Paper Citation


in Harvard Style

Chen K., Shen Q., Li C., Luo Y., Yang Y. and Wu Z. (2016). Sift - An Efficient Method for Co-residency Detection on Amazon EC2 . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 423-431. DOI: 10.5220/0005742004230431


in Bibtex Style

@conference{icissp16,
author={Kang Chen and Qingni Shen and Cong Li and Yang Luo and Yahui Yang and Zhonghai Wu},
title={Sift - An Efficient Method for Co-residency Detection on Amazon EC2},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={423-431},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005742004230431},
isbn={978-989-758-167-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Sift - An Efficient Method for Co-residency Detection on Amazon EC2
SN - 978-989-758-167-0
AU - Chen K.
AU - Shen Q.
AU - Li C.
AU - Luo Y.
AU - Yang Y.
AU - Wu Z.
PY - 2016
SP - 423
EP - 431
DO - 10.5220/0005742004230431