Co-location Detection on the Cloud

  • Mehmet Sinan İnciEmail author
  • Berk Gulmezoglu
  • Thomas Eisenbarth
  • Berk Sunar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9689)


In this work we focus on the problem of co-location as a first step of conducting Cross-VM attacks such as Prime and Probe or Flush+Reload in commercial clouds. We demonstrate and compare three co-location detection methods namely, cooperative Last-Level Cache (LLC) covert channel, software profiling on the LLC and memory bus locking. We conduct our experiments on three commercial clouds, Amazon EC2, Google Compute Engine and Microsoft Azure. Finally, we show that both cooperative and non-cooperative co-location to specific targets on cloud is still possible on major cloud services.


Co-location on the cloud Software profiling Cache covert channel Performance degradation attacks Memory bus locking 



This work is supported by the National Science Foundation, under grants CNS-1318919 and CNS-1314770.


  1. 1.
  2. 2.
  3. 3.
    The OpenMP API specification for parallel programmingGoogle Scholar
  4. 4.
    Amazon EC2 Instances (2016).
  5. 5.
    Google Compute Engine Instance Types (2016).
  6. 6.
    Bates, A., Mood, B., Pletcher, J., Pruse, H., Valafar, M., Butler, K.: On detecting co-resident cloud instances using network flow watermarking techniques. Int. J. Inf. Secur. 13(2), 171–189 (2014). CrossRefGoogle Scholar
  7. 7.
    Benger, N., van de Pol, J., Smart, N.P., Yarom, Y.: “Ooh Aah.. Just a Little Bit”: a small amount of side channel can go a long way. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 75–92. Springer, Heidelberg (2014)Google Scholar
  8. 8.
    Fardan, N.J.A., Paterson, K.G.: Lucky thirteen: breaking the TLS and DTLS record protocols. In: Security and Privacy, pp. 526–540 (2013)Google Scholar
  9. 9.
    Gaudin, S.: Public cloud market ready for ‘hypergrowth’ period. Computerworld Article, April 2014.
  10. 10.
    Gülmezoglu, B., İnci, M.S., Apecechea, G.I., Eisenbarth, T., Sunar, B.: A faster and more realistic flush+reload attack on AES. In: COSADE, pp. 111–126 (2015)Google Scholar
  11. 11.
    Hund, R., Willems, C., Holz, T.: Practical timing side channel attacks against kernel space ASLR. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, pp. 191–205 (2013).
  12. 12.
    İnci, M.S., Gulmezoglu, B., Irazoqui, G., Eisenbarth, T., Sunar, B.: Seriously, get off my cloud! Cross-VM RSA key recovery in a public cloud. Technical report.
  13. 13.
    Irazoqui, G., İnci, M.S., Eisenbarth, T., Sunar, B.: Fine grain Cross-VM attacks on Xen and VMware. In: 2014 IEEE Fourth International Conference on Big Data and Cloud Computing (BdCloud), pp. 737–744, December 2014Google Scholar
  14. 14.
    Irazoqui, G., Eisenbarth, T., Sunar, B.: S$A: a shared cache attack that works across cores and defies VM sandboxing? And its application to AES. In: IEEE S&P (2015)Google Scholar
  15. 15.
    Irazoqui, G., İnci, M.S., Eisenbarth, T., Sunar, B.: Know thy neighbor: crypto library detection in cloud. In: Proceedings on Privacy Enhancing Technologies, vol. 1, no. 1, pp. 25–40 (2015)Google Scholar
  16. 16.
    Irazoqui, G., İnci, M.S., Eisenbarth, T., Sunar, B.: Lucky 13 Strikes Back. In: ASIA CCS 2015, pp. 85–96 (2015)Google Scholar
  17. 17.
    Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: IEEE S&P, pp. 605–622 (2015)Google Scholar
  18. 18.
    Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: CCS 2009, pp. 199–212 (2009)Google Scholar
  19. 19.
    Suzaki, K., Iijima, K., Yagi, T., Artho, C.: Memory deduplication as a threat to the guest OS. In: Proceedings of the Fourth European Workshop on System Security, p. 1. ACM (2011)Google Scholar
  20. 20.
    Varadarajan, V., Zhang, Y., Ristenpart, T., Swift, M.: A placement vulnerability study in multi-tenant public clouds. In: 24th USENIX Security Symposium, USENIX Security 2015, Washington, D.C., pp. 913–928 (2015)Google Scholar
  21. 21.
    Xu, Z., Wang, H., Wu, Z.: A measurement study on co-residence threat inside the cloud. In: 24th USENIX Security, pp. 929–944 (2015)Google Scholar
  22. 22.
    Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: USENIX Security 2014, pp. 719–732 (2014)Google Scholar
  23. 23.
    Zhang, Y., Juels, A., Oprea, A., Reiter, M.K.: HomeAlone: co-residency detection in the cloud via side-channel analysis. In: IEEE S&P (2011)Google Scholar
  24. 24.
    Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: CCS 2012, pp. 305–316 (2012)Google Scholar
  25. 25.
    Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-tenant side-channel attacks in PaaS clouds. In: CCS, pp. 990–1003 (2014)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Mehmet Sinan İnci
    • 1
    Email author
  • Berk Gulmezoglu
    • 1
  • Thomas Eisenbarth
    • 1
  • Berk Sunar
    • 1
  1. 1.Worcester Polytechnic InstituteWorcesterUSA

Personalised recommendations