Scheduler Vulnerabilities and Coordinated Attacks in Cloud Computing

@article{Zhou2011SchedulerVA,
  title={Scheduler Vulnerabilities and Coordinated Attacks in Cloud Computing},
  author={Fangfei Zhou and Manishi Goel and Peter Desnoyers and Ravi Sundaram},
  journal={2011 IEEE 10th International Symposium on Network Computing and Applications},
  year={2011},
  pages={123-130}
}
Recently, cloud computing services such as Amazon EC2 have used virtualization to provide customers with virtual machines running on the provider's hardware, typically charging by wall clock time rather than resources consumed. Under this business model, manipulation of the scheduler may allow theft-of-service at the expense of other customers. We have discovered and implemented an attack scenario which when implemented on Amazon EC2 allowed virtual machines to consume more CPU time regardless… Expand
Scheduler vulnerabilities and coordinated attacks in cloud computing
TLDR
The attack itself provides a mechanism for detecting the co-placement of VMs, which in conjunction with appropriate algorithms can be utilized to reveal this mapping, and provides a novel analysis of the necessary conditions for such attacks, and describes scheduler modifications to eliminate the vulnerability. Expand
Time-Stealer: A Stealthy Threat for Virtualization Scheduler and Its Countermeasures
TLDR
Another alternative attack called Time-Stealer is found which can obtain up to 96.6% CPU cycles stealthily under some circumstances on XenServer6.0.2 platform by analyzing the source code thoroughly. Expand
New cloud architectures for the next generation internet
Cloud computing has ushered in a new paradigm with the availability of computing as a service, letting customers share the same physical infrastructure and purchase computing resources on demandExpand
Using Virtual Machine Allocation Policies to Defend against Co-Resident Attacks in Cloud Computing
TLDR
This paper defines security metrics for assessing the attack, designs a new policy that not only mitigates the threat of attack, but also satisfies the requirements for workload balance and low power consumption, and implements, test, and proves the effectiveness of the policy on the popular open-source platform OpenStack. Expand
Robust Coordination of Cloud-Internal Denial of Service Attacks
TLDR
A novel coordination protocol relying on broadcast primitives in memory-based covert channels for dynamic attack group membership and attack initiation based on a broadcast variant of the Jarecki-Kim-Tsudik (JKT) protocol is described. Expand
Unusual Behavior Analysis of Virtual Machine in Cloud Environment
TLDR
The proposed system identifies the virtual machine theft attack, which discusses about Spectral Analysis and Energy Calculation which avoids the attackers to stay in the Virtual Machine for a long Period and paying less amount for the service time providers. Expand
DoS Attacks on Your Memory in Cloud
TLDR
An effective, new defense against memory DoS attacks is designed, using a statistical metric to detect their existence and execution throttling to mitigate the attack damage, and implemented by a novel re-purposing of existing hardware performance counters and duty cycle modulation for security, rather than for improving performance or power consumption. Expand
Memory DoS Attacks in Multi-tenant Clouds: Severity and Mitigation
TLDR
An effective, new defense against memory DoS attacks is designed, using a statistical metric to detect their existence and execution throttling to mitigate the attack damage, and implemented by a novel re-purposing of existing hardware performance counters and duty cycle modulation for security, rather than for improving performance or power consumption. Expand
An identification and prevention of theft-of-service attack on cloud computing
  • Azeem Ahmad, N. Nasser, M. Anan
  • Computer Science
  • 2016 International Conference on Selected Topics in Mobile & Wireless Networking (MoWNeT)
  • 2016
TLDR
This paper investigated the limitations of Kernel Virtual Machine together with the QEMU emulator in private cloud and provided the solution, in term of an API based VM's power consumption that will identify and prevent theft-of-service attack. Expand
Cross-VM network attacks & their countermeasures within cloud computing environments
TLDR
This thesis presents a comprehensive method and empirical analysis on the advancement of co-location attacks in which a malicious VM can negatively affect the security and privacy of other co-located VMs as it breaches the security perimeter of the cloud model. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 42 REFERENCES
Scheduler vulnerabilities and coordinated attacks in cloud computing
TLDR
The attack itself provides a mechanism for detecting the co-placement of VMs, which in conjunction with appropriate algorithms can be utilized to reveal this mapping, and provides a novel analysis of the necessary conditions for such attacks, and describes scheduler modifications to eliminate the vulnerability. Expand
Xen and co.: communication-aware CPU scheduling for consolidated xen-based hosting platforms
TLDR
This work identifies a key shortcoming in existing virtual machine monitors (VMMs) that proves to be an obstacle in operating hosting platforms, such as Internet data centers, under conditions of high consolidation: CPU schedulers that are agnostic to the communication behavior of modern, multi-tier applications. Expand
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
TLDR
It is shown that it is possible to map the internal cloud infrastructure, identify where a particular target VM is likely to reside, and then instantiate new VMs until one is placed co-resident with the target, and how such placement can then be used to mount cross-VM side-channel attacks to extract information from a target VM on the same machine. Expand
Comparison of the three CPU schedulers in Xen
TLDR
This work uses the open source Xen virtual machine monitor to perform a comparative evaluation of three different CPU schedulers for virtual machines and analyzes the impact of the choice of scheduler and its parameters on application performance, and discusses challenges in estimating the application resource requirements in virtualized environments. Expand
Enforcing Performance Isolation Across Virtual Machines in Xen
TLDR
The design and evaluation of a set of primitives implemented in Xen to address performance isolation across virtual machines in Xen are presented and it is indicated that these mechanisms effectively enforce performance isolation for a variety of workloads and configurations. Expand
A comparison of software and hardware techniques for x86 virtualization
TLDR
It is found that the hardware support for Virtual Machine Monitors for x86 fails to provide an unambiguous performance advantage for two primary reasons: first, it offers no support for MMU virtualization; second, it fails to co-exist with existing software techniques for MM U virtualization. Expand
Diagnosing performance overheads in the xen virtual machine environment
TLDR
Xenoprof is presented, a system-wide statistical profiling toolkit implemented for the Xen virtual machine environment that will facilitate a better understanding of performance characteristics of Xen's mechanisms allowing the community to optimize the Xen implementation. Expand
Scheduling I/O in virtual machine monitors
TLDR
This paper is the first to study the impact of the VMM scheduler on performance using multiple guest domains concurrently running different types of applications, and offers insight into the key problems in VMM scheduling for I/O and motivates future innovation in this area. Expand
The Best Damn Server Virtualization Book Period: Including Vmware, Xen, and Microsoft Virtual Server
Server Sprawl and escalating IT costs have managers and system administrators scrambling to find ways to cut costs and reduce Total Cost of Ownership of their physical infrastructure. CombiningExpand
Improving Xen security through disaggregation
TLDR
This paper introduces the work to disaggregate the management virtual machine in a Xen-based system, and describes the implementation, which moves the domain builder, the most important privileged component, into a minimal trusted compartment. Expand
...
1
2
3
4
5
...