Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds

Thomas Ristenpart*, Eran Tromer, Hovav Shacham, Stefan Savage

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Third-party cloud computing represents the promise of outsourcing as applied to computation. Services, such as Microsoft's Azure and Amazon's EC2, allow users to instantiate virtual machines (VMs) on demand and thus purchase precisely the capacity they require when they require it. In turn, the use of virtualization allows third-party cloud providers to maximize the utilization of their sunk capital costs by multiplexing many customer VMs across a shared physical infrastructure. However, in this paper, we show that this approach can also introduce new vulnerabilities. Using the Amazon EC2 service as a case study, we show that it is possible to map the internal cloud infrastructure, identify where a particular target VM is likely to reside, and then instantiate new VMs until one is placed co-resident with the target. We explore how such placement can then be used to mount cross-VM side-channel attacks to extract information from a target VM on the same machine.

Original languageEnglish
Title of host publicationCCS'09 - Proceedings of the 16th ACM Conference on Computer and Communications Security
Pages199-212
Number of pages14
DOIs
StatePublished - 2009
Externally publishedYes
Event16th ACM Conference on Computer and Communications Security, CCS'09 - Chicago, IL, United States
Duration: 9 Nov 200913 Nov 2009

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference16th ACM Conference on Computer and Communications Security, CCS'09
Country/TerritoryUnited States
CityChicago, IL
Period9/11/0913/11/09

Keywords

  • Cloud computing
  • Side channels
  • Virtual machine security

Fingerprint

Dive into the research topics of 'Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds'. Together they form a unique fingerprint.

Cite this