Abstract
Infrastructure Clouds offer large scale resources for rent, which are typically shared with other users--unless you are willing to pay a premium for single tenancy (if available). There is no guarantee that your instances will run on separate hosts, and this can cause a range of issues when your instances are co-locating on the same host including: mutual performance degradation, exposure to underlying host failures, and increased threat surface area for host compromise. Determining when your instances are co-located is useful then, as a user can implement policies for host separation. Co-location methods to date have typically focused on identifying co-location with another user's instance, as this is a prerequisite for targeted attacks on the Cloud. However, as providers update their environments these methods either no longer work, or have yet to be proven on the Public Cloud. Further, they are not suitable to the task of simply and quickly detecting co-location amongst a large number of instances. We propose a method suitable for Xen based Clouds which addresses this problem and demonstrate it on EC2--the largest Public Cloud Infrastructure.
Highlights
Infrastructure Clouds offer compute resources for rent on-demand, typically on a per hour basis [1]
Whilst targeted attacks themselves are not new, with Distributed Denial of Service (DDoS) and brute force SSH attacks commonplace on the public Internet, Clouds offer a new vector for them: it may be possible to place an instance on the same physical host as the target instance
Before such an attack can be carried out, the first requirement is that of detecting co-location, i.e. determining whether your instance is on the same host as the intended target—which is assumed to be owned by another user
Summary
Infrastructure Clouds offer compute resources for rent on-demand, typically on a per hour basis [1]. Whilst targeted attacks themselves are not new, with Distributed Denial of Service (DDoS) and brute force SSH attacks commonplace on the public Internet, Clouds offer a new vector for them: it may be possible to place an instance on the same physical host as the target instance Before such an attack can be carried out, the first requirement is that of detecting co-location, i.e. determining whether your instance is on the same host as the intended target—which is assumed to be owned by another user. Methods for identifying co-location with a targeted virtual machine, assumed to be owned by another user, include (1) simple network probes (2) watermarking network flows and (3) measuring shared cache usage. These techniques can be applied to detecting co-locating siblings.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
