Abstract
In this work we focus on the problem of co-location as a first step of conducting Cross-VM attacks such as Prime and Probe or Flush+Reload in commercial clouds. We demonstrate and compare three co-location detection methods namely, cooperative Last-Level Cache (LLC) covert channel, software profiling on the LLC and memory bus locking. We conduct our experiments on three commercial clouds, Amazon EC2, Google Compute Engine and Microsoft Azure. Finally, we show that both cooperative and non-cooperative co-location to specific targets on cloud is still possible on major cloud services.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Note that if the physical machine is already filled with the maximum number of allowed instances, then co-location may not be possible at all. In this case a clever albeit costly strategy would be to first mount a denial of service attack causing the target instance to be replicated and then try co-locating with the replicas.
References
AWS IP Address Ranges. http://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
Microsoft Azure Sizes for virtual machines. https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-size-specs/
The OpenMP API specification for parallel programming
Amazon EC2 Instances (2016). http://aws.amazon.com/ec2/instance-types/
Google Compute Engine Instance Types (2016). https://cloud.google.com/compute/docs/machine-types
Bates, A., Mood, B., Pletcher, J., Pruse, H., Valafar, M., Butler, K.: On detecting co-resident cloud instances using network flow watermarking techniques. Int. J. Inf. Secur. 13(2), 171–189 (2014). http://dx.doi.org/10.1007/s10207-013-0210-0
Benger, N., van de Pol, J., Smart, N.P., Yarom, Y.: “Ooh Aah.. Just a Little Bit”: a small amount of side channel can go a long way. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 75–92. Springer, Heidelberg (2014)
Fardan, N.J.A., Paterson, K.G.: Lucky thirteen: breaking the TLS and DTLS record protocols. In: Security and Privacy, pp. 526–540 (2013)
Gaudin, S.: Public cloud market ready for ‘hypergrowth’ period. Computerworld Article, April 2014. http://www.computerworld.com/article/2488572/cloud-computing/public-cloud-market-ready-for-hypergrowth-period.html
Gülmezoglu, B., İnci, M.S., Apecechea, G.I., Eisenbarth, T., Sunar, B.: A faster and more realistic flush+reload attack on AES. In: COSADE, pp. 111–126 (2015)
Hund, R., Willems, C., Holz, T.: Practical timing side channel attacks against kernel space ASLR. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, pp. 191–205 (2013). http://dx.doi.org/10.1109/SP.2013.23
İnci, M.S., Gulmezoglu, B., Irazoqui, G., Eisenbarth, T., Sunar, B.: Seriously, get off my cloud! Cross-VM RSA key recovery in a public cloud. Technical report. http://eprint.iacr.org/
Irazoqui, G., İnci, M.S., Eisenbarth, T., Sunar, B.: Fine grain Cross-VM attacks on Xen and VMware. In: 2014 IEEE Fourth International Conference on Big Data and Cloud Computing (BdCloud), pp. 737–744, December 2014
Irazoqui, G., Eisenbarth, T., Sunar, B.: S$A: a shared cache attack that works across cores and defies VM sandboxing? And its application to AES. In: IEEE S&P (2015)
Irazoqui, G., İnci, M.S., Eisenbarth, T., Sunar, B.: Know thy neighbor: crypto library detection in cloud. In: Proceedings on Privacy Enhancing Technologies, vol. 1, no. 1, pp. 25–40 (2015)
Irazoqui, G., İnci, M.S., Eisenbarth, T., Sunar, B.: Lucky 13 Strikes Back. In: ASIA CCS 2015, pp. 85–96 (2015)
Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: IEEE S&P, pp. 605–622 (2015)
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: CCS 2009, pp. 199–212 (2009)
Suzaki, K., Iijima, K., Yagi, T., Artho, C.: Memory deduplication as a threat to the guest OS. In: Proceedings of the Fourth European Workshop on System Security, p. 1. ACM (2011)
Varadarajan, V., Zhang, Y., Ristenpart, T., Swift, M.: A placement vulnerability study in multi-tenant public clouds. In: 24th USENIX Security Symposium, USENIX Security 2015, Washington, D.C., pp. 913–928 (2015)
Xu, Z., Wang, H., Wu, Z.: A measurement study on co-residence threat inside the cloud. In: 24th USENIX Security, pp. 929–944 (2015)
Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: USENIX Security 2014, pp. 719–732 (2014)
Zhang, Y., Juels, A., Oprea, A., Reiter, M.K.: HomeAlone: co-residency detection in the cloud via side-channel analysis. In: IEEE S&P (2011)
Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: CCS 2012, pp. 305–316 (2012)
Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-tenant side-channel attacks in PaaS clouds. In: CCS, pp. 990–1003 (2014)
Acknowledgments
This work is supported by the National Science Foundation, under grants CNS-1318919 and CNS-1314770.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
İnci, M.S., Gulmezoglu, B., Eisenbarth, T., Sunar, B. (2016). Co-location Detection on the Cloud. In: Standaert, FX., Oswald, E. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2016. Lecture Notes in Computer Science(), vol 9689. Springer, Cham. https://doi.org/10.1007/978-3-319-43283-0_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-43283-0_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-43282-3
Online ISBN: 978-3-319-43283-0
eBook Packages: Computer ScienceComputer Science (R0)