Hey You, Get Off My Cloud: Exploring information Leakage in third party compute clouds. T.Ristenpart , Eran Tromer , Hovav Shacham and Steven Savage ACM CCS 09 Presented by Shameek Bhattacharjee Fall 2011, Oct 27th. Introduction.
Hey You, Get Off My Cloud: Exploring information Leakage in third party compute clouds
T.Ristenpart, EranTromer, HovavShacham and Steven Savage
ACM CCS 09
Fall 2011, Oct 27th
Recipe of Information Leakage
- 3 availability zones.
- 5 types of instance.
Different availability zones likely to have different internal IP address range and is true for instance types.
Output : Map of internal EC2 address space that allows estimation of zone and type of a target ec2 server.
Instance types and accounts :
There are 100 instances launched from each account A & B with a gap of 39 hrs.
- Check2: small packet round-trip times, or
- Check: numerically close internal IP addresses – makes use of the manner in which it appears that internal IP is assigned in EC2.
verifying the Dom 0 of your own instance is :
Dom 0 is the first hop of your instance – for any route out.
For any instance not under control ,
Do TCP SYN trace route to it and inspecting the last hop.
Same Dom 0 will be shared by instances with a contiguous sequence of internal IPs.
Step1. A single account was never seen to have two instances simultaneously running on the same physical machine, so running n instances in parallel under a single account results in placement on n separate machines.
Sequential Locality: exists when two instances run sequentially (the first terminated before launching the second) are often assigned to the same machine.
Parallel Placement Locality: when two instances run at roughly same time from distinct accounts are often assigned same machine.
There is a bias in placement on machines with fewer instances already assigned.
How can attacker launch instances soon after the target VM is launched.
There is a history of works related to stealing of cryptographic secrets via cache based channels.
Not just data cache but any resource multiplexed between the attacker and victim forms a useful side channel, CPU branch predictors, CPU pipelines, DRAM memory bus.
Used memory bus contention.
Used hard disk based contention.
Covert channels provide evidence that vulnerable side channels exist.
Measuring cache usage
Measure the utilization of CPU cache.
Estimate current load; high load indicates activity in co resident instance
Done through a Prime+Trigger+Probe technique already published in [ 1 ]
- Buffer B ( size b bytes),
- Sleep briefly
- Prime: Read all the B to make sure it is cached.
- Trigger: Busy loop until the CPU’s cycles counter jumps by a large value
1000 load measures
Target web server
4 different traffic request rates
Jmeter emulates 20 users
Take average of four trials