Cloak & Co-locate: Adversarial Railroading of Resource Sharing-based Attacks on the Cloud
- 1 September 2021
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE) in 2021 International Symposium on Secure and Private Execution Environment Design (SEED)
Abstract
The heterogeneity of resources and the diversity of applications on the cloud motivated the need for resource provisioning systems (RPSs) to meet the users’ performance requirements while maximizing the resource utilization to achieve cost-efficiency. On the other hand, resource sharing-based attacks, such as side-channel, transient execution, rowhammer, and denial of service attacks, exploit shared resources to leak sensitive data or hurt the performance of a victim. Although mounting resource sharing-based attacks on the cloud is trivial once the attacker virtual machine (VM) is co-located with the victim VM, the co-location requirement with the victim limit the practicality of resource sharing-based attacks on the cloud. In this paper, we show that RPSs can be exploited to solve the co-location challenge of resource sharing-based attacks in the cloud. In particular, we propose a new attack, called Cloak & Co-locate, which utilize adversarial evasion attacks to force RPSs to co-locate attackers’ VMs with targeted victims’ VMs. Specifically, Cloak is a fake trace generator (FTG) that is wrapped around an adversary kernel in order to force RPSs to Co-locate it with a specific victim’s VM, while also evading from detection and migration by the RPS.Keywords
This publication has 34 references indexed in Scilit:
- HCloudPublished by Association for Computing Machinery (ACM) ,2016
- Cross-Tenant Side-Channel Attacks in PaaS CloudsPublished by Association for Computing Machinery (ACM) ,2014
- Mitigating Cross-VM Side Channel Attack on Multiple Tenants Cloud PlatformJournal of Computers, 2014
- iBench: Quantifying interference for datacenter applicationsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2013
- Evasion Attacks against Machine Learning at Test TimeLecture Notes in Computer Science, 2013
- VM Profile Based Optimized Network Attack Pattern Detection Scheme for DDOS Attacks in CloudCommunications in Computer and Information Science, 2013
- Cross-VM side channels and their use to extract private keysPublished by Association for Computing Machinery (ACM) ,2012
- Resource-freeing attacksPublished by Association for Computing Machinery (ACM) ,2012
- Comparing VM-Placement Algorithms for On-Demand CloudsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2011
- Runtime measurements in the cloudProceedings of the VLDB Endowment, 2010