Sift - An Efficient Method for Co-residency Detection on Amazon EC2

  title={Sift - An Efficient Method for Co-residency Detection on Amazon EC2},
  author={Kang Chen and Qingni Shen and Cong Li and Yang Luo and Yahui Yang and Zhonghai Wu},
Cloud computing, an emerging computing and service paradigm, where the computing and storage capabilities are outsourced on demand, offers the advanced capabilities of sharing and multi-tenancy. But security has been a major barrier for its adoption to enterprise, as being placed with other tenants on the same physical machine (i.e. co-residency or co-location) poses a particular risk. Former research has shown how side channels in shared hardware may enable attackers to exfiltrate sensitive… 

Figures and Tables from this paper

Modelling operations and security of cloud systems using Z-notation and Chinese Wall security policy
This article presents a formal cloud model using the constructs of Z-notation, which will enable users to safely host their services, as well as process sensitive data, on cloud.


Detecting co-residency with active traffic analysis techniques
Co-resident watermarking is presented, a traffic analysis attack that allows a malicious co-resident VM to inject a watermark signature into the network flow of a target instance, demonstrating the need for the careful design of hardware to be used in the cloud.
A Placement Vulnerability Study in Multi-Tenant Public Clouds
It is found that it is much easier and cheaper to achieve co-location in these three clouds when compared to a secure reference placement policy, and new co-residence tests and multiple customer accounts are used to launch VM instances under different strategies that seek to maximize the likelihood of co-Residency.
Virtual machine allocation policies against co-resident attacks in cloud computing
A new strategy is introduced that effectively decreases the probability of attackers achieving co-residence in virtual machines allocation policies and can be easily integrated into existing cloud platforms to mitigate the threat of co-resident attacks.
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
It is shown that it is possible to map the internal cloud infrastructure, identify where a particular target VM is likely to reside, and then instantiate new VMs until one is placed co-resident with the target, and how such placement can then be used to mount cross-VM side-channel attacks to extract information from a target VM on the same machine.
Whispers in the Hyper-space: High-speed Covert Channel Attacks in the Cloud
This paper presents a novel covert channel attack that is capable of high-bandwidth and reliable data transmission in the cloud, and designs and implements a robust communication protocol, and demonstrates realistic covert channel attacks on various virtualized ×86 systems.
Mitigating Multi-Tenancy Risks in IaaS Cloud Through Constraints-Driven Virtual Resource Scheduling
A prototype for virtual machine scheduling in OpenStack, a widely-used open-source cloud IaaS software, is implemented and its performance overhead, resource requirements to satisfy conflicts, and resource utilization are evaluated.
Resource-freeing attacks: improve your cloud performance (at your neighbor's expense)
This work explores in depth a particular example of an RFA, which can improve performance of synthetic benchmarks by up to 60% over not running the attack, and shows that by adding load to a co-resident victim, the attack speeds up a class of cache-bound workloads.
Preventing Cache-Based Side-Channel Attacks in a Cloud Environment
This paper investigates the usage of CPU-cache based side-channels in the cloud and how they compare to traditional side-channel attacks, and designs and implements two new cache-based side- channel mitigation techniques.
Cross-VM side channels and their use to extract private keys
This paper details the construction of an access-driven side-channel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer and demonstrates the attack in a lab setting by extracting an ElGamal decryption key from a victims using the most recent version of the libgcrypt cryptographic library.
A Server-Side Solution to Cache-Based Side-Channel Attacks in the Cloud
This paper investigates the current state of side-channel vulnerabilities involving the CPU cache, and identifies the shortcomings of traditional defenses in a Cloud environment, and develops a mitigation technique applicable for Cloud security.