The Beauty or The Beast? Attacking Rate Limits of the Xen Hypervisor

Rate limits, i.e., throttling network bandwidth, are considered to be means of protection; and guarantee fair bandwidth distribution among virtual machines that reside on the same Xen hypervisor. In the absence of rate limits, a single virtual machine would be able to (unintentionally or maliciously) exhaust all resources, and cause a denial-of-service for its neighbors.

[1]  Ryan Shea,et al.  Performance of Virtual Machines Under Networked Denial of Service Attacks: Experiments and Analysis , 2013, IEEE Systems Journal.

[2]  Vern Paxson,et al.  Temporal Lensing and Its Application in Pulsing Denial-of-Service Attacks , 2015, 2015 IEEE Symposium on Security and Privacy.

[3]  Kevin R. B. Butler,et al.  On detecting co-resident cloud instances using network flow watermarking techniques , 2014, International Journal of Information Security.

[4]  Stephen D. Wolthusen,et al.  Robust Coordination of Cloud-Internal Denial of Service Attacks , 2013, 2013 International Conference on Cloud and Green Computing.

[5]  Massimiliano Rak,et al.  Stealthy Denial of Service Strategy in Cloud Computing , 2015, IEEE Transactions on Cloud Computing.

[6]  F. Richard Yu,et al.  Distributed denial of service attacks in software-defined networking with cloud computing , 2015, IEEE Communications Magazine.

[7]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[8]  Parv Venkitasubramaniam,et al.  Mitigating timing based information leakage in shared schedulers , 2012, 2012 Proceedings IEEE INFOCOM.

[9]  Larry Peterson,et al.  Proceedings of the nineteenth ACM symposium on Operating systems principles , 2003, SOSP 2003.

[10]  Benjamin Farley,et al.  Resource-freeing attacks: improve your cloud performance (at your neighbor's expense) , 2012, CCS.

[11]  Wanlei Zhou,et al.  Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks , 2011, J. Netw. Comput. Appl..

[12]  Brian D. Noble,et al.  Bobtail: Avoiding Long Tails in the Cloud , 2013, NSDI.

[13]  Michael M. Swift,et al.  Scheduler-based Defenses against Cross-VM Side-channels , 2014, USENIX Security Symposium.

[14]  Matti A. Hiltunen,et al.  An exploration of L2 cache covert channels in virtualized environments , 2011, CCSW '11.

[15]  Rob Sherwood,et al.  Misbehaving TCP receivers can cause internet-wide congestion collapse , 2005, CCS '05.

[16]  Julien Ridoux,et al.  Virtualize Everything but Time , 2010, OSDI.

[17]  Edgar R. Weippl,et al.  Cloudoscopy: services discovery and topology mapping , 2013, CCSW.

[18]  Christian Rossow,et al.  Amplification Hell: Revisiting Network Protocols for DDoS Abuse , 2014, NDSS.

[19]  Rajkumar Buyya,et al.  Heterogeneity in Mobile Cloud Computing: Taxonomy and Open Challenges , 2014, IEEE Communications Surveys & Tutorials.

[20]  Hovav Shacham,et al.  Do you know where your cloud files are? , 2011, CCSW '11.

[21]  Christian Rossow,et al.  Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks , 2014, WOOT.

[22]  M. Ullmann,et al.  Delay attacks — Implication on NTP and PTP time synchronization , 2009, 2009 International Symposium on Precision Clock Synchronization for Measurement, Control and Communication.

[23]  Huan Liu,et al.  A new form of DOS attack in a cloud and its avoidance mechanism , 2010, CCSW '10.

[24]  LiRong Mei,et al.  Optimization of Network Bandwidth Allocation in Xen , 2015, 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems.

[25]  Ryan Shea,et al.  Understanding the impact of Denial of Service attacks on Virtual Machines , 2012, 2012 IEEE 20th International Workshop on Quality of Service.

[26]  Kevin R. B. Butler,et al.  Detecting co-residency with active traffic analysis techniques , 2012, CCSW '12.

[27]  Mazliza Othman,et al.  A Survey of Mobile Cloud Computing Application Models , 2014, IEEE Communications Surveys & Tutorials.

[28]  Qusay H. Mahmoud,et al.  Storming the cloud: A look at denial of service in the Google App Engine , 2015, 2015 International Conference on Computing, Networking and Communications (ICNC).

[29]  Chong Li,et al.  Prioritizing soft real-time network traffic in virtualized hosts based on Xen , 2015, 21st IEEE Real-Time and Embedded Technology and Applications Symposium.

[30]  Tim Mather,et al.  Cloud Security and Privacy - An Enterprise Perspective on Risks and Compliance , 2009, Theory in practice.

[31]  T. S. Eugene Ng,et al.  The Impact of Virtualization on Network Performance of Amazon EC2 Data Center , 2010, 2010 Proceedings IEEE INFOCOM.

[32]  Ralf Steinmetz,et al.  A Tale of Millis and Nanos: Time Measurements in Virtual and Physical Machines , 2013, ESOCC.

[33]  Xi Chen,et al.  CloudScope: Diagnosing and Managing Performance Interference in Multi-tenant Clouds , 2015, 2015 IEEE 23rd International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems.

[34]  Brian D. Noble,et al.  Small is better: avoiding latency traps in virtualized data centers , 2013, SoCC.

[35]  Ronald L. Rivest,et al.  How to tell if your cloud files are vulnerable to drive crashes , 2011, CCS '11.

[36]  Xun Gong,et al.  Low-Cost Side Channel Remote Traffic Analysis Attack in Packet Networks , 2010, 2010 IEEE International Conference on Communications.

[37]  Yoshihiro Oyama,et al.  Load-based covert channels between Xen virtual machines , 2010, SAC '10.

[38]  Edgar R. Weippl,et al.  Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space , 2011, USENIX Security Symposium.