1 / 19

Lecture 5: Cloud Security: what’s new?

Lecture 5: Cloud Security: what’s new?. Xiaowei Yang (Duke University). Recap. Exploring information leakage in third-party compute clouds Placement Determining co-residence Inferrence. Placement. Launching test instances

orsin
Download Presentation

Lecture 5: Cloud Security: what’s new?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 5: Cloud Security: what’s new? Xiaowei Yang (Duke University)

  2. Recap • Exploring information leakage in third-party compute clouds • Placement • Determining co-residence • Inferrence

  3. Placement • Launching test instances • Determining the correlation between instance placement and IP addresses • Launching many probe instances in the same availability zone

  4. Determining co-residence • Traceroute

  5. Cross-VM information leakage • Load measurement: Prime-Trigger-Probe • B: buffer of size b; s: cache line size • Prime: Read B at s-offset • Trigger: busy-loop until swapped out • Probe: measure the time it takes to read B again at s-offset • If it takes long  • If it does not take long 

  6. Load-based co-residence detection • Send http requests to a target VM • Do load measurement • High  • Low 

  7. Which one(s) shows co-resident?

  8. Estimating traffic rates • High traffic rates  high load

  9. Keystroke timing attack • Hypothesis • On an idle machine, • High load spike  keystroke input • Timing between high load spikes  timing between keystrokes • Timing between keystrokes  infers password

  10. Summary • Co-residence  information leak • Defending against it is hard

  11. What’s New About Cloud Computing Security?

  12. Overview • New threats • New research opportunities

  13. New threats • A more reliable alternative to botnets • If cloud computing is cheaper and more reliable than botnets, use cloud • Brute-forcer • Resource sharing and interference • Placement, inferrence • Reputation fate sharing • Spammers block other legitimate services • An FBI raid

  14. Novel elements • Protecting data and software is not enough  Activity pattern needs protection as well • Reputation attribution • A longer trust chain • Competitiveness business may co-locate

  15. Is mutual auditability a solution? • Provider audits customer’s activities • Customer audits what a provider provides •  enables attribution of blame

  16. New opportunities • Cloud providers should offer a choice of security primitives • Granularity of virtualizations • Physical machines, LANS, clouds, or datacenters • Mutual auditability • Provider audits customer’s activities • Customer audits what a provider provides •  enables attribution of blame • Studying cloud security vulnerabilities

  17. Next • Discovering VM dependencies using CPU utilization • Question to ponder: can this technique be used a security attack?

  18. Interesting techniques • Inference technique • Auto-regressive modeling: use past samples to predict future values • Compute distances of AR models • Models with similar coefficients are closer • K-mean clustering • Perturbation to improve inference accuracy

  19. Security attacks • Achieving co-residence • Do load measurements • Figure out service correlations • DoS all related services

More Related