Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds - PowerPoint PPT Presentation

Loading...

PPT – Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds PowerPoint presentation | free to download - id: 6d1efa-YzNkO



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds

Description:

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Authors: Thomas Ristenpart, et at. Defended by Vaibhav Rastogi and Yi Yang – PowerPoint PPT presentation

Number of Views:63
Avg rating:3.0/5.0
Slides: 25
Provided by: Goog66
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds


1
Hey, You, Get Off of My CloudExploring
Information Leakage in Third-Party Compute Clouds
  • Authors Thomas Ristenpart, et at.
  • Defended by Vaibhav Rastogi and Yi Yang

2
Introduction
  • Introduction
  • EC2 Service, Network Probing
  • Attacking Steps
  • Cloud Cartography
  • Placement
  • Extraction
  • Discussion

3
Traditional system security mostly means keeping
bad guys out. The attacker needs to either
compromise the auth/access control system, or
impersonate existing users
4
But clouds allow co-tenancy Multiple
independent users share the same physical
infrastructure So, an attacker can legitimately
be in the same physical machine as the target.
5
How to find out where the target is located How
to be co-located with the target in the same
(physical) machine How to gather information
about the target
6
Exploring Information Leakage in Third-Party
Compute Clouds
  • First work on cloud cartography
  • Attack launched against commercially available
    real cloud (Amazon EC2)
  • Up to 40 success in co-residence with target VM

7
  • Cloud infrastructure provider is trustworthy
  • Cloud insiders are trustworthy
  • Attacker is a malicious third party who can
    legitimately the cloud provider as a client
  • Threat An attackers instances can run on the
    same physical hardware as potential victims.
    Therefore, the attacker might manipulate shared
    physical resources (eg. CPU caches, network
    queues, etc) to learn otherwise confidential
    information.

8
Attack Tasks 
  • Map the cloud infrastructure to find where the
    target is located
  • Use various heuristics to determine co-residency
    of two VMs
  • Launch probe VMs trying to be co-resident with
    target VMs
  • Exploit cross-VM leakage to gather information
    about target

9
The EC2 Service
  • The EC2 service enables users to flexibly rent
    computational resources for use by their
    applications.
  • A privileged virtual machine, called Domain0, is
    configured to route packets for its guest images
    and reports itself as a hop in traceroutes.
  • 2 Regions, 3 Availability zones, 5 instance
    types.
  • Each instance has one internal IP and one
    external IP. Both are static. For example
  • External IP 75.101.210.100
  • Internal IP 10.252.146.52

Figures from Xen Wiki
10
Network Probing
  • Nmap, hping, wget for network probing
  • Nmap is a security scanner used to discover hosts
    and services on a computer network, thus creating
    a "map" of the network.
  • hping is a packet generator and analyzer for the
    TCP/IP protocol.
  • Wget is a computer program that retrieves content
    from web servers.

By using such tools, we can understand VM
placement in the EC2 system and provide evidence
of co-residence.
11
  • Finding Different availability zones correspond
    to different internal IP address ranges

12
Finding same instance type within the same
zone similar IP regions
13
Task 2 Determining co-residence
  • Check to determine if a given VM is placed in the
    same physical machine as another VM
  • Instances are likely co-resident if they have
  • (1) matching Dom0 IP address,
  • (2) small packet round-trip times, or
  • (3) numerically close internal IP addresses
    (e.g. within 7).

14
Task 3 Making a probe VM co-resident with
target VM
  • Brute force scheme
  • Idea figure out targets availability zone and
    type
  • Launch many probe instances in the same area
  • Success rate 8.4, but on large target set

15
Task 3 Making a probe VM co-resident with
target VM
  • Smarter strategy utilize locality
  • Idea VM instances launched right after target
    are likely to be co-resident with the target
  • Success rate 40!

16
Task 3 Making a probe VM co-resident with
target VM
Window of opportunity is quite large, measured in
days
17
Task 4 Gather leaked information
  • Now that the VM is co-resident with target, what
    can it do?
  • Gather information via side channels
  • Perform DoS

18
Task 4.1 Gathering information
  • Measure latency of cache loads
  • Use that to determine
  • Co-residence
  • Traffic rates
  • Keystroke timing

19
Credits
  • Slides based on work of

Ragib Hasan Johns Hopkins University
20
Mitigation strategies 1 Mapping
  • Use a randomized scheme to allocate IP addresses
  • Block some tools (nmap, traceroute)

21
Mitigation strategies 2 Co-residence checks
  • Prevent traceroute (i.e., prevent identification
    of dom0)

22
Mitigation strategies 3 Co-location
  • Not allow co-residence at all
  • Beneficial for cloud user
  • Not efficient for cloud provider

23
Mitigation strategies 4 Information leakage
  • Prevent cache load attacks?

24
Discussion
  • How is the problem different from other attacks?
  • Whats so special about clouds?
About PowerShow.com