Swiper: Exploiting Virtual Machine Vulnerability in Third-Party Clouds with Competition for I/O Resources

Chiang, Ron C.; Rajasekaran, Sundaresan; Zhang, Nan; Huang, H. Howie

doi:10.1109/tpds.2014.2325564

Cited by 26 publications

(19 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These methods are called NoHype and HyperWall. NoHype architecture is an architecture that eliminates the hypervisor and fragile part in traditional virtualization architecture [5] while HyperWall provides security assurance to the guest user and generate security trust assurance during the VM's lifetime. The NoHype architecture as shown in Figure 3 removes the hypervisor in the computer architecture, rendering the attacks on the system pointless as there is nothing to attack.…”

Section: Previous Workmentioning

confidence: 99%

A Deep Study on Security Vulnerabilities in Virtualization at Cloud Computing

Khan¹,

War²

2017

IJCA

View full text Add to dashboard Cite

Virtualization is the process of creating a virtual representation of architecture. It has advantages on five components; sharing, isolation, aggregation, dynamics, and ease of management. However, issues that rise due to the nature of virtualization, especially security issues has skyrocketed. To counter this, a number of solutions has been presented in multiple literature. In this paper, a new solution to improve the security of the system is proposed. In addition, the flaws of the current implemented system are discussed, and the advantages of the proposed system over the current implemented system are listed out.

show abstract

Section: Previous Workmentioning

confidence: 99%

A Deep Study on Security Vulnerabilities in Virtualization at Cloud Computing

Khan¹,

War²

2017

IJCA

View full text Add to dashboard Cite

show abstract

“…There are mainly four kinds of method for co-residency detection. The first bases on the network information [3], analysis network parameters to determine whether virtual machines are co-resident or not; the second bases on I/O resource competition [8], analysis the mutation of throughput load; the third bases on Co-Residency Watermarking [9], analysis time interval distribution of received network packet which are watermarked or non-watermarked; the fourth is use of L2 Cache Home Alone [10], analysis of the use of Cache.…”

Section: Virtual Machine Co-resident Detectionmentioning

confidence: 99%

“…To decreasing the cost of attack, attackers will also revoke VMs after completion co-residency detection. Through analysis detecting behavior conducted by Xiaolin Gui et al in actual cloud environment, combining articles [3,8,9,10,13], we preliminary got eight possible attributes in coresidency detection threats, as shown in Figure 2. The measurement object is the virtual machine co-residency detection threats, set measurement attribute set S t , and S t = {S t1 , S t2 , S t3 , S t4 , S t5 , S t6 , S t7 , S t8 , }.…”

Section: Evaluation Attributementioning

confidence: 99%

A Measurement Method of Threat for Co-Residency Detection Based On Cloud Model

Du¹,

Rao²,

Xian³

et al. 2017

dtcse

View full text Add to dashboard Cite

Abstract. Ideally, each VM should be deployed independently and isolated form one another while multiple virtual machines share the same physical resource. Unfortunately, the absence of physical isolation inevitably give opportunities to number of security threats. in this paper, A cloud modelbased method for measuring potential threat of virtual machine co-residency detection is proposed to solve the problem, which is caused by co-residency malicious VM, that malicious users steal private message and slow down others' performance. Based on the analysis of co-residency detection behavior characteristics, we utilized the method's advantage in the uncertain conversion of multi-attribute decision and the evaluation of fuzziness and randomness. The method comprehensively considers the threat attributes of co-residency detecting, and gives full play to the advantages of the cloud model, which provides an important basis for the research and application of the detection and defense of the virtual machine in the cloud environment. IntroductionAt present, cloud security is the inevitable focus when cloud business and academia talking about the development and application of cloud computing. According to the actual operation required, multiple virtual resources may be bound to the same physical resource in the mainstream of cloud computing service platform, which rent physical resource to multi tenants in the model of virtual resources [1]. Theoretically, any two virtual machine are and completely separate independent, but because of the physical dependencies between virtual machines, these virtual machines are not completely independent [5], that is physical basis condition for virtual machine coresident potential threats. Along with the development of cloud computing technology and commercial applications, public cloud resources has been low-priced, malicious users can attack coresident virtual machine or others in cloud platform in low cost. Malicious users can attack the virtual machine and application of other users through the same physical resource sharing of physical resources that result in potential security threats, destruction of data confidentiality and resource availability in the cloud platform [2]. The virtual machine with such threat as shown in Figure 1.

show abstract

“…Other research focuses on performance interference effects in paravirtualized environments. This includes research on the impact of schedulers on network performance [6], [7], Amazon EC2 performance interference [8], and improving CPU time sharing by accounting for time consumed in the driver domain [12]. Because SR-IOV setups are specifically designed to allow I/O requests bypassing the hypervisor, no privileged component like the hypervisor or driver domain can be used for monitoring.…”

Section: Related Workmentioning

confidence: 99%

“…Previous studies analyzed performance interference effects caused by different types of shared resources, like CPU cores, the CPU's memory subsystem, disk-I/O [5] and network-I/O [6]- [8]. Some studies also address multiple resources [9]- [11].…”

Section: Introductionmentioning

confidence: 99%

A Hardware/Software Approach for Mitigating Performance Interference Effects in Virtualized Environments Using SR-IOV

Richter

Herber

Wallentowitz

et al. 2015

2015 IEEE 8th International Conference on Cloud Computing

View full text Add to dashboard Cite

Abstract-Single Root I/O Virtualization (SR-IOV) is an extension to the PCI Express (PCIe) standard that allows virtual machines (VMs) to directly access shared I/O devices without host involvement. This enabled SR-IOV to become the best-performing solution for virtual I/O to date, which lead to its commercial adoption, e.g., in the Amazon EC2. On the downside, a malicious VM can exploit the direct access to an SR-IOV device by flooding it with PCIe packets. This results in a congestion on the PCIe interconnect, which leads to performance interference effects between the malicious VM, concurrent VMs and even the host.In this paper, we present a hardware/software approach that detects and mitigates such Denial-of-Service (DoS) attacks. On the hardware side, we propose monitoring extensions within SR-IOV devices that distinguish legal device use from malicious device use by observing the rate of incoming PCIe transactions at VM granularity. Malicious VMs are reported to the host via interrupts. On the software side, performance interference effects can then be mitigated by dynamically adjusting the host's scheduling of the malicious VM or even shutting it down.We implement a prototype with a commercial off-theshelf SR-IOV Ethernet controller and an FPGA board. On it, we demonstrate that appropriate scheduling of malicious VMs successfully mitigates interference effects for three cloudrelevant benchmarks. For example, Memcached is restored to 99.4% of baseline performance (compared to 61.8% without our extensions). In contrast to QoS features proposed in the PCIe 3.0 standard, our solution is more flexible. Additionally, it can be realized as an add-on to existing misuse detection hardware like the Intel Malicious Driver Detection (MDD).

show abstract

Swiper: Exploiting Virtual Machine Vulnerability in Third-Party Clouds with Competition for I/O Resources

Cited by 26 publications

References 21 publications

A Deep Study on Security Vulnerabilities in Virtualization at Cloud Computing

A Deep Study on Security Vulnerabilities in Virtualization at Cloud Computing

A Measurement Method of Threat for Co-Residency Detection Based On Cloud Model

A Hardware/Software Approach for Mitigating Performance Interference Effects in Virtualized Environments Using SR-IOV

Contact Info

Product

Resources

About