I Heard It through the Firewall: Exploiting Cloud Management Services as an Information Leakage Channel
Pages 361 - 373
Abstract
Though there has been much study of information leakage channels exploiting shared hardware resources (memory, cache, and disk) in cloud environments, there has been less study of the exploitability of shared software resources. In this paper, we analyze the exploitability of cloud networking services (which are shared among cloud tenants) and introduce a practical method for building information leakage channels by monitoring workloads on the cloud networking services through the virtual firewall. We also demonstrate the practicality of this attack by implementing two different covert channels in OpenStack as well as a new class of side channels that can eavesdrop on infrastructure-level events. By utilizing a Long Short-Term Memory (LSTM) neural network model, our side channel attack could detect infrastructure level VM creation/termination events with 93.3% accuracy.
References
[1]
Amazon Web Services. 2018. AWS CloudTrail. Retrieved Aug. 24, 2018 from https://aws.amazon.com/cloudtrail/
[2]
Amazon Web Services. 2018. AWS Marketplace. Retrieved Aug. 24, 2018 from https://aws.amazon.com/marketplace
[3]
Pablo Neira Ayuso. 2006. Netfilter's connection tracking system.; login: 31, 3 (June 2006), 34--39. https://www.usenix.org/publications/login/june-2006-volume-31-number-3/netfilters-connection-tracking-system
[4]
Hyunwook Baek, Eric Eide, Robert Ricci, and Jacobus Van der Merwe. 2018. Monitoring the Update Time of Virtual Firewalls in the Cloud. Technical Report UUCS-18-005. University of Utah. http://www.cs.utah.edu/docs/techreports/2018/pdf/UUCS-18-005.pdf
[5]
Hyunwook Baek, Abhinav Srivastava, and Jacobus Van der Merwe. 2017. CloudSight: A Tenant-Oriented Transparency Framework for Cross-Layer Cloud Troubleshooting. In Proc. CCGRID. 268--273.
[6]
Adam Bates, Benjamin Mood, Joe Pletcher, Hannah Pruse, Masoud Valafar, and Kevin Butler. 2012. Detecting Co-Residency with Active Traffic Analysis Techniques. In Proc. CCSW. 1--12.
[7]
Tathagata Das, Yuan Zhong, Ion Stoica, and Scott Shenker. 2014. Adaptive Stream Processing using Dynamic Batch Sizing. In Proc. SoCC. 1--13.
[8]
Thomas Erl. 2005. Service-Oriented Architecture: Concepts, Technology, and Design. Pearson Education India.
[9]
Flux Research Group. 2018. D430: The Emulab Dell R430 (aka "d430") machines. Retrieved Aug. 24, 2018 from https://wiki.emulab.net/wiki/d430
[10]
Flux Research Group. 2018. D710: The "d710" Nodes. Retrieved Aug. 24, 2018 from https://wiki.emulab.net/wiki/d710
[11]
Alex Graves and Jürgen Schmidhuber. 2005. Framewise phoneme classification with bidirectional LSTM and other neural network architectures. Neural Networks 18, 5-6 (July-Aug. 2005), 602--610.
[12]
Sepp Hochreiter and Jürgen Schmidhuber. 1997. Long Short-Term Memory. Neural Computation 9, 8 (Nov. 1997), 1735--1780.
[13]
Zhiheng Huang, Wei Xu, and Kai Yu. 2015. Bidirectional LSTM-CRF Models for Sequence Tagging. CoRR abs/1508.01991 (2015), 10. http://arxiv.org/abs/1508.01991
[14]
Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B. Lee. 2015. Last-Level Cache Side-Channel Attacks are Practical. In Proc. IEEE S&P. 605--622.
[15]
Jonathan Mace, Peter Bodik, Rodrigo Fonseca, and Madanlal Musuvathi. 2015. Retro: Targeted Resource Management in Multi-tenant Distributed Systems. In Proc. NSDI. 589--603. https://www.usenix.org/conference/nsdi15/technical-sessions/presentation/mace
[16]
Microsoft. 2017. Azure Marketplace. Retrieved Aug. 24, 2018 from https://azuremarketplace.microsoft.com/en-us
[17]
Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. In Proc. CCS. 199--212.
[18]
Lalith Suresh, Peter Bodik, Ishai Menache, Marco Canini, and Florin Ciucu. 2017. Distributed Resource Management Across Process Boundaries. In Proc. SoCC. 611--623.
[19]
Ilya Sutskever, Oriol Vinyals, and Quoc V. Le. 2014. Sequence to Sequence Learning with Neural Networks. In Advances in Neural Information Processing Systems 27, Zoubin Ghahramani, Max Welling, Corinna Cortes, Neil D. Lawrence, and Kilian Q. Weinberger (Eds.). Curran Associates, Inc., 3104--3112. https://papers.nips.cc/paper/5346-sequence-to-sequence-learning-with-neural-networks
[20]
Venkatanathan Varadarajan, Thawan Kooburat, Benjamin Farley, Thomas Ristenpart, and Michael M. Swift. 2012. Resource-Freeing Attacks: Improve Your Cloud Performance (at Your Neighbor's Expense). In Proc. CCS. 281--292.
[21]
Venkatanathan Varadarajan, Yinqian Zhang, Thomas Ristenpart, and Michael Swift. 2015. A Placement Vulnerability Study in Multi-Tenant Public Clouds. In Proc. USENIX Security. 913--928. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/varadarajan
[22]
Zhenghong Wang and Ruby B Lee. 2006. Covert and Side Channels Due to Processor Architecture. In Proc. ACSAC. 473--482.
[23]
Brian White, Jay Lepreau, Leigh Stoller, Robert Ricci, Shashi Guruprasad, Mac Newbold, Mike Hibler, Chad Barb, and Abhijeet Joglekar. 2002. An Integrated Experimental Environment for Distributed Systems and Networks. In Proc. OSDI. 255--270. https://www.usenix.org/legacy/event/osdi02/tech/white.html
[24]
Zhenyu Wu, Zhang Xu, and Haining Wang. 2012. Whispers in the Hyper-space: High-speed Covert Channel Attacks in the Cloud. In Proc. USENIX Security. 159--173. https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/wu
[25]
Yunjing Xu, Michael Bailey, Farnam Jahanian, Kaustubh Joshi, Matti Hiltunen, and Richard Schlichting. 2011. An Exploration of L2 Cache Covert Channels in Virtualized Environments. In Proc. CCSW. 29--40.
[26]
Zhang Xu, Haining Wang, and Zhenyu Wu. 2015. A Measurement Study on Co-residence Threat Inside the Cloud. In Proc. USENIX Security. 929--944. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/xu
[27]
Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In Proc. USENIX Security. 719--732. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/yarom
[28]
Yinqian Zhang, Ari Juels, Alina Oprea, and Michael K. Reiter. 2011. HomeAlone: Co-Residency Detection in the Cloud via Side-Channel Analysis. In Proc. IEEE S&P. 313--328.
[29]
Yinqian Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. 2012. Cross-VM Side Channels and Their Use to Extract Private Keys. In Proc. CCS. 305--316.
Index Terms
- I Heard It through the Firewall: Exploiting Cloud Management Services as an Information Leakage Channel
Recommendations
An Orchestration Framework for a Global Multi-Cloud
AICCC '18: Proceedings of the 2018 Artificial Intelligence and Cloud Computing ConferenceOrchestration management in a global multi-cloud environment encounters many challenges, such as the centralized management of global cloud computing and application resources, more diverse cloud platforms and APIs, differentiated service catalogs. ...
Virtual network function embedding in real cloud environments
Future network architectures will be completely reshaped by the emerging Network Function Virtualization (NFV) paradigm, and telco operators will likely deploy flexible infrastructures based on the cloud, offering programmable connectivity services and ...
Hybrid Clouds Move to the Forefront
Companies are increasingly turning to hybrid clouds, which offer the benefits of both public and private clouds in an integrated system.
Comments
Information & Contributors
Information
Published In
October 2018
546 pages
ISBN:9781450360111
DOI:10.1145/3267809
Copyright © 2018 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 11 October 2018
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
Conference
Acceptance Rates
Overall Acceptance Rate 169 of 722 submissions, 23%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 413Total Downloads
- Downloads (Last 12 months)57
- Downloads (Last 6 weeks)7
Reflects downloads up to 09 Aug 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in