Security II

Download Report

Transcript Security II 

Lecture 5: Cloud Security:
what’s new?
Xiaowei Yang (Duke University)
Recap
• Exploring information leakage in thirdparty compute clouds
– Placement
– Determining co-residence
– Inferrence
Placement
• Launching test instances
• Determining the correlation between
instance placement and IP addresses
• Launching many probe instances in the
same availability zone
Determining co-residence
• Traceroute
Cross-VM information leakage
• Load measurement: Prime-Trigger-Probe
– B: buffer of size b; s: cache line size
1. Prime: Read B at s-offset
2. Trigger: busy-loop until swapped out
3. Probe: measure the time it takes to read
B again at s-offset
– If it takes long 
– If it does not take long 
Load-based co-residence
detection
• Send http requests to a target VM
• Do load measurement
– High 
– Low 
Which one(s) shows co-resident?
Estimating traffic rates
• High traffic rates  high load
Keystroke timing attack
• Hypothesis
– On an idle machine,
• High load spike  keystroke input
• Timing between high load spikes  timing
between keystrokes
• Timing between keystrokes  infers password
Summary
• Co-residence  information leak
• Defending against it is hard
WHAT’S NEW ABOUT CLOUD
COMPUTING SECURITY?
Overview
• New threats
• New research opportunities
New threats
• A more reliable alternative to botnets
– If cloud computing is cheaper and more
reliable than botnets, use cloud
• Brute-forcer
• Resource sharing and interference
– Placement, inferrence
• Reputation fate sharing
– Spammers block other legitimate services
– An FBI raid
Novel elements
• Protecting data and software is not enough
 Activity pattern needs protection as
well
• Reputation attribution
• A longer trust chain
• Competitiveness business may co-locate
Is mutual auditability a solution?
• Provider audits customer’s activities
• Customer audits what a provider
provides
•  enables attribution of blame
New opportunities
• Cloud providers should offer a choice of
security primitives
– Granularity of virtualizations
• Physical machines, LANS, clouds, or datacenters
• Mutual auditability
– Provider audits customer’s activities
– Customer audits what a provider provides
–  enables attribution of blame
• Studying cloud security vulnerabilities
Next
• Discovering VM dependencies using CPU
utilization
– Question to ponder: can this technique be
used a security attack?
Interesting techniques
• Inference technique
– Auto-regressive modeling: use past samples
to predict future values
– Compute distances of AR models
• Models with similar coefficients are closer
– K-mean clustering
• Perturbation to improve inference
accuracy
Security attacks
•
•
•
•
Achieving co-residence
Do load measurements
Figure out service correlations
DoS all related services