Cloudoscopy: services discovery and topology mapping

We define and study cloudoscopy, i.e., exposing sensitive information about the location of (victim) cloud services and/or about the internal organisation of the cloud network, in spite of location-hiding efforts by cloud providers. A typical cloudoscopy attack is composed of a number of steps: first expose the internal IP address of a victim instance, then measure its hop-count distance from adversarial cloud instances, and finally test to find a specific instance which is close enough to the victim (e.g., co-resident) to allow (denial of service or side-channel) attacks. We refer to the three steps/modules involved in such cloudoscopy attack by the terms IP address deanonymisation, hop-count measuring, and co-residence testing. We present specific methods for these three cloudoscopy modules, and report on results of our experimental validation on popular cloud platform providers. Our techniques can be used for attacking (victim) servers, as well as for benign goals, e.g., optimisation of instances placement and communication, or comparing clouds and validating cloud-provider placement guarantees.

[1]  Muli Ben-Yehuda,et al.  The Turtles Project: Design and Implementation of Nested Virtualization , 2010, OSDI.

[2]  Robert Nowak,et al.  Internet tomography , 2002, IEEE Signal Process. Mag..

[3]  Vyas Sekar,et al.  Verifiable resource accounting for cloud computing services , 2011, CCSW '11.

[4]  Khaled Salah,et al.  Performance analysis and comparison of interrupt-handling schemes in gigabit networks , 2007, Comput. Commun..

[5]  Miljenko Mikuc,et al.  Estimating the Impact of Interrupt Coalescing Delays on Steady State TCP Throughput , 2002 .

[6]  Adi Shamir,et al.  Efficient Cache Attacks on AES, and Countermeasures , 2010, Journal of Cryptology.

[7]  Marina Blanton,et al.  Deniable cloud storage: sharing files via public-key deniability , 2010, WPES '10.

[8]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[9]  Jamal Hadi Salim,et al.  Beyond Softnet , 2001, Annual Linux Showcase & Conference.

[10]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[11]  Sabrina De Capitani di Vimercati,et al.  Managing and accessing data in the cloud: Privacy risks and approaches , 2012, 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS).

[12]  Yulong Zhang,et al.  Improving Virtualization Security by Splitting Hypervisor into Smaller Components , 2012, DBSec.

[13]  Matti A. Hiltunen,et al.  An exploration of L2 cache covert channels in virtualized environments , 2011, CCSW '11.

[14]  Jiuxing Liu Evaluating standard-based self-virtualizing devices: A performance study on 10 GbE NICs with SR-IOV support , 2010, 2010 IEEE International Symposium on Parallel & Distributed Processing (IPDPS).

[15]  K. K. Ramakrishnan,et al.  Performance Considerations in Designing Network Interfaces , 1993, IEEE J. Sel. Areas Commun..

[16]  David Safford,et al.  I/O for Virtual Machine Monitors: Security and Performance Issues , 2008, IEEE Security & Privacy.

[17]  Ahmad-Reza Sadeghi,et al.  Twin Clouds: An Architecture for Secure Cloud Computing , 2011 .

[18]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[19]  Ari Juels,et al.  New approaches to security and availability for cloud data , 2013, CACM.

[20]  Michael K. Reiter,et al.  HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis , 2011, 2011 IEEE Symposium on Security and Privacy.

[21]  Amir Herzberg,et al.  Socket overloading for fun and cache-poisoning , 2013, ACSAC.

[22]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[23]  Onur Aciiçmez,et al.  New Results on Instruction Cache Attacks , 2010, CHES.

[24]  Haibo Chen,et al.  CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization , 2011, SOSP.

[25]  Dinan Gunawardena,et al.  Chatty Tenants and the Cloud Network Sharing Problem , 2013, NSDI.

[26]  Wei Huang,et al.  Unity: secure and durable personal cloud storage , 2012, CCSW '12.

[27]  Minlan Yu,et al.  CloudPolice: taking access control out of the network , 2010, Hotnets-IX.

[28]  Haibo Chen,et al.  Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W).

[29]  K. Salah,et al.  Boosting throughput of Snort NIDS under Linux , 2008, 2008 International Conference on Innovations in Information Technology.

[30]  Ruby B. Lee Hardware-enhanced access control for cloud computing , 2012, SACMAT '12.

[31]  Kevin R. B. Butler,et al.  Detecting co-residency with active traffic analysis techniques , 2012, CCSW '12.

[32]  Alan L. Cox,et al.  Concurrent Direct Network Access for Virtual Machine Monitors , 2007, 2007 IEEE 13th International Symposium on High Performance Computer Architecture.

[33]  EDDIE KOHLER,et al.  The click modular router , 2000, TOCS.

[34]  Paul England,et al.  Resource management for isolation enhanced cloud services , 2009, CCSW '09.

[35]  Bing Mao,et al.  CloudER: a framework for automatic software vulnerability location and patching in the cloud , 2012, ASIACCS '12.

[36]  Jennifer Rexford,et al.  Eliminating the hypervisor attack surface for a more secure cloud , 2011, CCS '11.

[37]  Salvatore J. Stolfo,et al.  The MEERKATS Cloud Security Architecture , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[38]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[39]  Amir Herzberg,et al.  Stealth DoS Attacks on Secure Channels , 2010, NDSS.

[40]  Stephan Krenn,et al.  Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice , 2011, 2011 IEEE Symposium on Security and Privacy.

[41]  Ronald L. Rivest,et al.  How to tell if your cloud files are vulnerable to drive crashes , 2011, CCS '11.

[42]  Ahmad-Reza Sadeghi,et al.  Token-Based Cloud Computing , 2010, TRUST.

[43]  Khaled Salah To coalesce or not to coalesce , 2007 .

[44]  Dan Tsafrir,et al.  System noise, OS clock ticks, and fine-grained parallel applications , 2005, ICS '05.