Disk storage isolation and verification in cloud

Multi-tenancy of the cloud maximizes the utility of computation and storage resources by multiplexing the underlying hardware infrastructure amongst cloud customers; however, it also introduces significant security issues such as information leakage between two virtual machines (VMs) even if certain access control policy (e.g., Chinese Wall security policy) has been deployed in the cloud. Physical resource isolation between VMs is an effective mechanism to remove the covert channels in the cloud and prevent information leakage; however, due to economic concerns or negligence, some cheap-and-lazy cloud providers are not motivated to enforce the physical resource isolation as they promised. In this paper, we first develop a mechanism to check the co-residency of two files on local hard disk(s) by measuring the file access time, and then extend our mechanism to check data storage co-residency on Amazon S3 cloud storage.

[1]  Sushil Jajodia,et al.  Encryption policies for regulating access to outsourced data , 2010, TODS.

[2]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[3]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[4]  Hovav Shacham,et al.  Do you know where your cloud files are? , 2011, CCSW '11.

[5]  Kuo-Sen Chou,et al.  A practical Chinese wall security model in cloud computing , 2011, 2011 13th Asia-Pacific Network Operations and Management Symposium.

[6]  John C. Wray An Analysis of Covert Timing Channels , 1992, J. Comput. Secur..

[7]  Ronald L. Rivest,et al.  How to tell if your cloud files are vulnerable to drive crashes , 2011, CCS '11.

[8]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[9]  Matti A. Hiltunen,et al.  An exploration of L2 cache covert channels in virtualized environments , 2011, CCSW '11.

[10]  Michael K. Reiter,et al.  HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis , 2011, 2011 IEEE Symposium on Security and Privacy.

[11]  Mukesh Singhal,et al.  Information flow control in cloud computing , 2010, 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2010).

[12]  Bruce Jacob,et al.  Memory Systems: Cache, DRAM, Disk , 2007 .

[13]  Ju Wang,et al.  Windows Azure Storage: a highly available cloud storage service with strong consistency , 2011, SOSP.

[14]  GhemawatSanjay,et al.  The Google file system , 2003 .