Preventing Virtual machine side channel attacks in cloud environment

advertisement
Rohit Kugaonkar
CMSC 601 Spring 2011
May 9th 2011
http://res.sys-con.com/story/dec09/1225058/Cloud%20security%20226.jpg

“Cloud computing is a model for enabling
ubiquitous, convenient, on-demand network
access to a shared pool of configurable
computing resources (e.g., networks, servers,
storage, applications, and services) that can be
rapidly provisioned and released with minimal
management effort or service provider
interaction”.
- The NIST Definition of Cloud Computing
http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-definition.pdf






On-Demand service
Pay only for actual
usage
Shared resources
Rapid elasticity
Virtualization
Advanced Security
"Cloud Security and Privacy'',O'Reilly

Insecure programming interfaces or APIs
Threat from inside employees
Data Protection
Identity and access management

Shared Technology issues




Hypervisor security

Cross-side channel attacks between VMs
http://vzxen.com/images/xen-hypervisor.png


Virtual machines share the physical memory,
CPU cycles, network buffers, DRAM of the
physical machine
Attack on Amazon EC2 web services:
Researchers from MIT and University of
California explained in their paper “Hey,You,
Get Off of My Cloud: Exploring Information
Leakage in Third-Party Compute Clouds”

Attacks takes place in two steps:
Placement of attacker virtual machine on the same
physical machine.
2. Exploiting the shared resources.
1.

CPU cache leakage attack



Measure load of the other virtual web server
Extract AES and RSA keys.
Keystrokes timing analysis

Extract user passwords from SSH terminal.





D. A. Osvik, A. Shamir, and E. Tromer, “Cache
attacks and countermeasures: the case of AES”.
D. Page, “Theoretical use of cache memory as a
cryptanalytic side-channel”.
D. Page, “Defending against cache-based sidechannel attacks”.
D. Page, “Partitioned cache architecture as a
side-channel defense mechanism”.
E. Tromer, D. A. Osvik, and A. Shamir,
"Efficient cache attacks on AES, and
countermeasures


Dawn Xiaodong Song, David Wagner, Xuqing
Tian, ``Timing Analysis of Keystrokes and Timing
Attacks on SSH'‘.
Cloud service providers:
“Securing Microsoft's Cloud Infrastructure",
Microsoft Global Foundation Services.
“Amazon Web Services: Overview of
Security Processes"




Dividing the security mechanism in 2
components.
Customized operating system image.
A light weight process running on each of the
virtual machines.
Collect security logs or any malicious behavior
from each of the virtual machines and send it
for analysis to dedicated machine.






Analysis part will be performed at dedicated
machine/s.
Analysis of the security logs in real time.
Looking for the same cache memory access
pattern!
Routing all the web server traffic through these
dedicated machines.
Real time fixing of any tampering on VMs.
Wiping out cache only when attack pattern is
detected by the dedicated machine.


Hypervisor security.
Security mechanism to protect against
keystroke based timing attacks.
http://blog.llnw.com/wp-content/uploads/2010/04/cloud-question.png








Thomas Ristenpart , Eran Tromer , Hovav Shacham and Stefan
Savage ``Hey, you, get off of my cloud: exploring information
leakage in third-party compute clouds’’.
Tim Mather, Subra Kumaraswamy, Shahed Latif, ``Cloud Security
and Privacy'',O'Reilly publication.
D. A. Osvik, A. Shamir, and E. Tromer, “Cache attacks and
countermeasures: the case of AES”,
D. Page, “Theoretical use of cache memory as a cryptanalytic
side-channel”,
D. Page, “Defending against cache-based side-channel attacks.
D. Page, “Partitioned cache architecture as a side-channel defense
mechanism”.
E. Tromer, D. A. Osvik, and A. Shamir, "Efficient cache attacks on
AES, and countermeasures“.
Dawn Xiaodong Song, David Wagner, Xuqing Tian, ``Timing
Analysis of Keystrokes and Timing Attacks on SSH”.
Download