Moving in next door: Network flooding as a side channel in cloud environments

Agarwal, Yatharth; Murale, Vishnu; Hennessey, Jason; Hogan, Kyle; Varia, Mayank

Moving in next door: Network flooding as a side channel in cloud environments

Files

cans-paper.pdf(288.87 KB)

Accepted manuscript

Date

2016-11

DOI

10.1007/978-3-319-48965-0_56

Authors

Agarwal, Yatharth

Murale, Vishnu

Hennessey, Jason

Hogan, Kyle

Varia, Mayank

URI

https://hdl.handle.net/2144/20634

Citation

Agarwal Y., Murale V., Hennessey J., Hogan K., Varia M. (2016) Moving in Next Door: Network Flooding as a Side Channel in Cloud Environments. In: Foresti S., Persiano G. (eds) Cryptology and Network Security. CANS 2016. Lecture Notes in Computer Science, vol 10052. Springer, Cham. doi: DOI: 10.1007/978-3-319-48965-0_56

Abstract

Co-locating multiple tenants' virtual machines (VMs) on the same host underpins public clouds' affordability, but sharing physical hardware also exposes consumer VMs to side channel attacks from adversarial co-residents. We demonstrate passive bandwidth measurement to perform traffic analysis attacks on co-located VMs. Our attacks do not assume a privileged position in the network or require any communication between adversarial and victim VMs. Using a single feature in the observed bandwidth data, our algorithm can identify which of 3 potential YouTube videos a co-resident VM streamed with 66% accuracy. We discuss defense from both a cloud provider's and a consumer's perspective, showing that effective defense is difficult to achieve without costly under-utilization on the part of the cloud provider or over-utilization on the part of the consumer.

Description

The final publication is available at http://link.springer.com/chapter/10.1007/978-3-319-48965-0_56

Collections

CAS: Computer Science: Scholarly Papers
BU Open Access Articles

Full item page