Sibling virtual machine co-location confirmation and avoidance tactics for Public Infrastructure Clouds

Infrastructure Clouds offer large scale resources for rent, which are typically shared with other users—unless you are willing to pay a premium for single tenancy (if available). There is no guarantee that your instances will run on separate hosts, and this can cause a range of issues when your instances are co-locating on the same host including: mutual performance degradation, exposure to underlying host failures, and increased threat surface area for host compromise. Determining when your instances are co-located is useful then, as a user can implement policies for host separation. Co-location methods to date have typically focused on identifying co-location with another user’s instance, as this is a prerequisite for targeted attacks on the Cloud. However, as providers update their environments these methods either no longer work, or have yet to be proven on the Public Cloud. Further, they are not suitable to the task of simply and quickly detecting co-location amongst a large number of instances. We propose a method suitable for Xen based Clouds which addresses this problem and demonstrate it on EC2—the largest Public Cloud Infrastructure.

[1]  Kevin R. B. Butler,et al.  On detecting co-resident cloud instances using network flow watermarking techniques , 2014, International Journal of Information Security.

[2]  Antti Ylä-Jääski,et al.  Exploiting Hardware Heterogeneity within the Same Instance Type of Amazon EC2 , 2012, HotCloud.

[3]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[4]  Ed Tallent Hey! You! Get Off of My Cloud , 2012 .

[5]  Alexandru Iosup,et al.  A Performance Analysis of EC2 Cloud Computing Services for Scientific Computing , 2009, CloudComp.

[6]  Xiao Zhang,et al.  CPI2: CPU performance isolation for shared compute clusters , 2013, EuroSys '13.

[7]  Michael K. Reiter,et al.  HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis , 2011, 2011 IEEE Symposium on Security and Privacy.

[8]  Juri Papay,et al.  Snow White Clouds and the Seven Dwarfs , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[9]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[10]  Fei Liu,et al.  Mitigating Cross-VM Side Channel Attack on Multiple Tenants Cloud Platform , 2014, J. Comput..

[11]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[12]  Benjamin Farley,et al.  More for your money: exploiting performance heterogeneity in public clouds , 2012, SoCC '12.

[13]  Lee Gillam,et al.  Performance Evaluation for Cost-Efficient Public Infrastructure Cloud Use , 2014, GECON.

[14]  Anirban DasGupta,et al.  The matching, birthday and the strong birthday problem: a contemporary review , 2005 .