Detecting Malicious Co-resident Virtual Machines Indulging in Load-Based Attacks

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8233)


Virtualization provides many benefits for Cloud environments, as it helps users obtain dedicated environments abstracted from the physical layer. However, it also introduces new vulnerabilities to the Cloud such as making it possible for malicious VMs to mount cross-VM attacks through cache based side channels. In this paper, we investigate load-based measurement attacks born specifically as a result of the virtualization in Cloud systems. We develop a framework to identify these attacks based on the observation that the events taking place during the attacks lead to an identifiable sequence of exceptions. We test the accuracy of our framework using the Microsoft Azure infrastructure.


Cloud Computing System Call Load Variation Cloud System Channel Noise 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Amazon Web Services,
  2. 2.
    Aviram, A., Hu, S., Ford, B., Gummadi, R.: Determinating timing channels in compute clouds. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW 2010, pp. 103–108. ACM (2010)Google Scholar
  3. 3.
    Chappell, D.: Windows Azure (2009),
  4. 4.
    Choi, T., Acharya, H.B., Gouda, M.G.: Is that you? Authentication in a network without identities. Int. J. Secur. Netw. 6(4), 181–190 (2011)CrossRefGoogle Scholar
  5. 5.
    Christodorescu, M., Sailer, R., Schales, D.L., Sgandurra, D., Zamboni, D.: Cloud security is not (just) virtualization security: a short paper. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, pp. 97–102. ACM (2009)Google Scholar
  6. 6.
    Cisco. Cloud Security: Choosing the right email security deployment (2010)Google Scholar
  7. 7.
    Cleemput, J.V., Coppens, B., De Sutter, B.: Compiler mitigations for time attacks on modern x86 processors. ACM Trans. Archit. Code Optim. 23, 1–23 (2012)CrossRefGoogle Scholar
  8. 8.
    Cochrane, N.: Security experts ponder the cost of cloud computing (2010),,security-experts-ponder-the-cost-of-cloud-computing.aspx
  9. 9.
    Hay, B., Nance, K., Bishop, M.: Storm clouds rising: Security challenges for iaas cloud computing. In: Hawaii International Conference on System Sciences, pp. 1–7 (2011)Google Scholar
  10. 10.
    Kandukuri, B.R., Paturi, V.R., Rakshit, A.: Cloud security issues. In: IEEE International Conference on Services Computing, pp. 517–520 (2009)Google Scholar
  11. 11.
    Kong, J., Aciicmez, O., Seifert, J.-P., Zhou, H.: Deconstructing new cache designs for thwarting software cache-based side channel attacks. In: Proceedings of the 2nd ACM Workshop on Computer Security Architectures, pp. 25–34. ACM (2008)Google Scholar
  12. 12.
    Kong, J., Aciicmez, O., Seifert, J.-P., Zhou, H.: Hardware-software integrated approaches to defend against software cache-based side channel attacks. In: High Performance Computer Architecture, pp. 393–404. IEEE (February 2009)Google Scholar
  13. 13.
    Okamura, K., Oyama, Y.: Load-based covert channels between xen virtual machines. In: Proceedings of the 2010 ACM Symposium on Applied Computing, SAC 2010, pp. 173–180. ACM (2010)Google Scholar
  14. 14.
    Ole: loadui: A uniquely cool approach to interactive distributed load testing. In: DevoXX - The Java Community Conference (2010)Google Scholar
  15. 15.
  16. 16.
    Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 199–212. ACM (2009)Google Scholar
  17. 17.
    Sun, P., Shen, Q., Chen, Y., Wu, Z., Zhang, C., Ruan, A., Gu, L.: Poster: LBMS: load balancing based on multilateral security in cloud. In: Proc. of the 18th ACM Conference on Computer and Communications Security, pp. 861–864. ACM (2011)Google Scholar
  18. 18.
    Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on aes, and countermeasures. J. Cryptol. 23(2), 37–71 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    VanTil, S.: Study on cloud computing security: Managing firewall risks (2011),
  20. 20.
    Wang, Q., Wang, C., Li, J., Ren, K., Lou, W.: Enabling public verifiability and data dynamics for storage security in cloud computing. In: ESORICS, pp. 355–370 (2009)Google Scholar
  21. 21.
    Wang, X., Jhi, Y.-C., Zhu, S., Liu, P.: Behavior based software theft detection. In: Proceedings of the 16th ACM Conference on Computer and Communications security, CCS 2009, pp. 280–290. ACM (2009)Google Scholar
  22. 22.
    Wang, Y., Wei, J.: Viaf: Verification-based integrity assurance framework for mapreduce. In: Proc. of the 2011 IEEE 4th International Conference on Cloud Computing, CLOUD 2011, pp. 300–307. IEEE Computer Society (2011)Google Scholar
  23. 23.
    Wei, J., Zhang, X., Ammons, G., Bala, V., Ning, P.: Managing security of virtual machine images in a cloud environment. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, pp. 91–96. ACM (2009)Google Scholar
  24. 24.
    Zander, S., Armitage, G., Branch, P.: A survey of covert channels and countermeasures in computer network protocols. Commun. Surveys Tuts. 9(3), 44–57 (2007)CrossRefGoogle Scholar
  25. 25.
    Zhang, Y., Juels, A., Oprea, A., Reiter, M.K.: Homealone: Co-residency detection in the cloud via side-channel analysis. In: Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP 2011, pp. 313–328. IEEE Computer Society (2011)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  1. 1.College of Information Sciences and TechnologyPennsylvania State UniversityUniversity ParkUSA

Personalised recommendations