Moving in next door: Network flooding as a side channel in cloud environments
Agarwal, Yatharth; Murale, Vishnu; Hennessey, Jason; Hogan, Kyle; Varia, Mayank
Co-locating multiple tenants' virtual machines (VMs) on the same host underpins public clouds' affordability, but sharing physical hardware also exposes consumer VMs to side channel attacks from adversarial co-residents. We demonstrate passive bandwidth measurement to perform traffic analysis attacks on co-located VMs. Our attacks do not assume a privileged position in the network or require any communication between adversarial and victim VMs. Using a single feature in the observed bandwidth data, our algorithm can identify which of 3 potential YouTube videos a co-resident VM streamed with 66% accuracy. We discuss defense from both a cloud provider's and a consumer's perspective, showing that effective defense is difficult to achieve without costly under-utilization on the part of the cloud provider or over-utilization on the part of the consumer.
The final publication is available at http://link.springer.com/chapter/10.1007/978-3-319-48965-0_56
↧