Detecting co-residency with active traffic analysis techniques

Bates, Adam; Mood, Benjamin; Pletcher, Joe; Pruse, Hannah; Valafar, Masoud; Butler, Kevin

doi:10.1145/2381913.2381915

Cited by 80 publications

(51 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Additionally, we assume that the cloud provider is unaffiliated with adversaries, so Flooder cannot directly request co-residency with Victim. However, researchers have demonstrated indirect achievement of co-residency with specific victims on commercial clouds [1,4,7]. Therefore, we presume here that co-residency is achievable and build from there.…”

Section: Environmentsmentioning

confidence: 83%

“…Using UDP instead of TCP to flood Victim promises improvements due to UDP's statelessness, allowing increased control over packet timing and size. Additionally, having a malicious client connect directly to Victim, as done in [1], would help to control for environmental fluctuation in Flooder's client's throughput. To work around provider rate limits, a promising avenue of research includes micro-bursts, flooding for brief periods of time, as well as using multiple Flooders working together.…”

Section: Counter-measures and Future Visionmentioning

confidence: 99%

“…By contrast, previous work was conducted on local testbeds and furthermore required a malicious client to remain connected to Victim on the order of seconds to reliably measure throughput [1]. This limited potential targets to web or media servers that offered large downloads publicly.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Moving in Next Door: Network Flooding as a Side Channel in Cloud Environments

Agarwal

Murale

Hennessey

et al. 2016

Cryptology and Network Security

View full text Add to dashboard Cite

Abstract. Co-locating multiple tenants' virtual machines (VMs) on the same host underpins public clouds' affordability, but sharing physical hardware also exposes consumer VMs to side channel attacks from adversarial co-residents. We demonstrate passive bandwidth measurement to perform traffic analysis attacks on co-located VMs. Our attacks do not assume a privileged position in the network or require any communication between adversarial and victim VMs. Using a single feature in the observed bandwidth data, our algorithm can identify which of 3 potential YouTube videos a co-resident VM streamed with 66% accuracy. We discuss defense from both a cloud provider's and a consumer's perspective, showing that effective defense is difficult to achieve without costly under-utilization on the part of the cloud provider or over-utilization on the part of the consumer.

show abstract

Section: Environmentsmentioning

confidence: 83%

Section: Counter-measures and Future Visionmentioning

confidence: 99%

See 1 more Smart Citation

Moving in Next Door: Network Flooding as a Side Channel in Cloud Environments

Agarwal

Murale

Hennessey

et al. 2016

Cryptology and Network Security

View full text Add to dashboard Cite

show abstract

“…Bates et al [11] proposed a system where adversarial VMs introduce traffic congestion in host NICs, which is then detected by remote clients. Similarly, Zhang et al [6] designed HomeAlone, a system that detects VM placement by issuing side-channels in the L2 cache during periods of low traffic.…”

Section: Related Workmentioning

confidence: 99%

Previously-Selected-Server-First based Scalable VM Placement Algorithm for Mitigating Side Channel Attacks in Cloud Computing

G¹,

Rao²,

Murthy³

2018

IJWMT

View full text Add to dashboard Cite

Pertaining to the rapid usage of cloud computing, cloud based approaches are growing as an fascinating domain for numerous malignant tasks. Security is one of the vital issues faced by the cloud computing environment while sharing resources over the internet. Consumers are facing distinct security hazards while using cloud computing platform. Previous works mainly attempted to mitigate the side channels attacks by altering the infrastructure and the internal procedures of the cloud stack. However, the deployments of these alterations are not so easy and could not resist the attacks. In this paper, the authors attempted to solve the issues by enhancing the VM Placement policies in such a way that, it is complex for the invaders to collocate their object. A secure Dynamic VM placement approach is presented for the VM allocations into different servers in the cloud. The performance comparison of the suggested methodology is shows that the proposed approach has better efficiency evaluations such as hit rate, loss rate and resource loss when compared to other V M placement policies.

show abstract

“…There are mainly four kinds of method for co-residency detection. The first bases on the network information [3], analysis network parameters to determine whether virtual machines are co-resident or not; the second bases on I/O resource competition [8], analysis the mutation of throughput load; the third bases on Co-Residency Watermarking [9], analysis time interval distribution of received network packet which are watermarked or non-watermarked; the fourth is use of L2 Cache Home Alone [10], analysis of the use of Cache.…”

Section: Virtual Machine Co-resident Detectionmentioning

confidence: 99%

A Measurement Method of Threat for Co-Residency Detection Based On Cloud Model

Du¹,

Rao²,

Xian³

et al. 2017

dtcse

View full text Add to dashboard Cite

Abstract. Ideally, each VM should be deployed independently and isolated form one another while multiple virtual machines share the same physical resource. Unfortunately, the absence of physical isolation inevitably give opportunities to number of security threats. in this paper, A cloud modelbased method for measuring potential threat of virtual machine co-residency detection is proposed to solve the problem, which is caused by co-residency malicious VM, that malicious users steal private message and slow down others' performance. Based on the analysis of co-residency detection behavior characteristics, we utilized the method's advantage in the uncertain conversion of multi-attribute decision and the evaluation of fuzziness and randomness. The method comprehensively considers the threat attributes of co-residency detecting, and gives full play to the advantages of the cloud model, which provides an important basis for the research and application of the detection and defense of the virtual machine in the cloud environment. IntroductionAt present, cloud security is the inevitable focus when cloud business and academia talking about the development and application of cloud computing. According to the actual operation required, multiple virtual resources may be bound to the same physical resource in the mainstream of cloud computing service platform, which rent physical resource to multi tenants in the model of virtual resources [1]. Theoretically, any two virtual machine are and completely separate independent, but because of the physical dependencies between virtual machines, these virtual machines are not completely independent [5], that is physical basis condition for virtual machine coresident potential threats. Along with the development of cloud computing technology and commercial applications, public cloud resources has been low-priced, malicious users can attack coresident virtual machine or others in cloud platform in low cost. Malicious users can attack the virtual machine and application of other users through the same physical resource sharing of physical resources that result in potential security threats, destruction of data confidentiality and resource availability in the cloud platform [2]. The virtual machine with such threat as shown in Figure 1.

show abstract

Detecting co-residency with active traffic analysis techniques

Cited by 80 publications

References 33 publications

Moving in Next Door: Network Flooding as a Side Channel in Cloud Environments

Moving in Next Door: Network Flooding as a Side Channel in Cloud Environments

Previously-Selected-Server-First based Scalable VM Placement Algorithm for Mitigating Side Channel Attacks in Cloud Computing

A Measurement Method of Threat for Co-Residency Detection Based On Cloud Model

Contact Info

Product

Resources

About