cloudsec

cloudsec - Hey, You, Get Off of My Cloud: Exploring...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Thomas Ristenpart * Eran Tromer Hovav Shacham * Stefan Savage * * Dept. of Computer Science and Engineering Computer Science and Artificial Intelligence Laboratory University of California, San Diego, USA Massachusetts Institute of Technology, Cambridge, USA {tristenp,hovav,savage}@cs.ucsd.edu tromer@csail.mit.edu ABSTRACT Third-party cloud computing represents the promise of out- sourcing as applied to computation. Services, such as Mi- crosofts Azure and Amazons EC2, allow users to instanti- ate virtual machines (VMs) on demand and thus purchase precisely the capacity they require when they require it. In turn, the use of virtualization allows third-party cloud providers to maximize the utilization of their sunk capital costs by multiplexing many customer VMs across a shared physical infrastructure. However, in this paper, we show that this approach can also introduce new vulnerabilities. Using the Amazon EC2 service as a case study, we show that it is possible to map the internal cloud infrastructure, iden- tify where a particular target VM is likely to reside, and then instantiate new VMs until one is placed co-resident with the target. We explore how such placement can then be used to mount cross-VM side-channel attacks to extract information from a target VM on the same machine. Categories and Subject Descriptors K.6.5 [ Security and Protection ]: UNAUTHORIZED AC- CESS General Terms Security, Measurement, Experimentation Keywords Cloud computing, Virtual machine security, Side channels 1. INTRODUCTION It has become increasingly popular to talk of cloud com- puting as the next infrastructure for hosting data and de- ploying software and services. In addition to the plethora of technical approaches associated with the term, cloud com- puting is also used to refer to a new business model in which Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. CCS09, November 913, 2009, Chicago, Illinois, USA. Copyright 2009 ACM 978-1-60558-352-5/09/11 ...$10.00. core computing and software capabilities are outsourced on demand to shared third-party infrastructure. While this model, exemplified by Amazons Elastic Compute Cloud (EC2) [5], Microsofts Azure Service Platform [20], and Rack- spaces Mosso [27] provides a number of advantagesin- cluding economies of scale, dynamic provisioning, and low capital expendituresit also introduces a range of new risks....
View Full Document

Page1 / 14

cloudsec - Hey, You, Get Off of My Cloud: Exploring...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online