TY - GEN
T1 - Cloudoscopy
T2 - 2013 ACM Cloud Computing Security Workshop, CCSW 2013 - Co-located with the 20th ACM Conference on Computer and Communications Security, CCS 2013
AU - Herzberg, Amir
AU - Shulman, Haya
AU - Ullrich, Johanna
AU - Weippl, Edgar
PY - 2013
Y1 - 2013
N2 - We define and study cloudoscopy, i.e., exposing sensitive information about the location of (victim) cloud services and/or about the internal organisation of the cloud network, in spite of location-hiding efforts by cloud providers. A typical cloudoscopy attack is composed of a number of steps: first expose the internal IP address of a victim instance, then measure its hop-count distance from adversarial cloud instances, and finally test to find a specific instance which is close enough to the victim (e.g., co-resident) to allow (denial of service or side-channel) attacks. We refer to the three steps/modules involved in such cloudoscopy attack by the terms IP address deanonymisation, hop-count measuring, and co-residence testing. We present specific methods for these three cloudoscopy modules, and report on results of our experimental validation on popular cloud platform providers. Our techniques can be used for attacking (victim) servers, as well as for benign goals, e.g., optimisation of instances placement and communication, or comparing clouds and validating cloud-provider placement guarantees.
AB - We define and study cloudoscopy, i.e., exposing sensitive information about the location of (victim) cloud services and/or about the internal organisation of the cloud network, in spite of location-hiding efforts by cloud providers. A typical cloudoscopy attack is composed of a number of steps: first expose the internal IP address of a victim instance, then measure its hop-count distance from adversarial cloud instances, and finally test to find a specific instance which is close enough to the victim (e.g., co-resident) to allow (denial of service or side-channel) attacks. We refer to the three steps/modules involved in such cloudoscopy attack by the terms IP address deanonymisation, hop-count measuring, and co-residence testing. We present specific methods for these three cloudoscopy modules, and report on results of our experimental validation on popular cloud platform providers. Our techniques can be used for attacking (victim) servers, as well as for benign goals, e.g., optimisation of instances placement and communication, or comparing clouds and validating cloud-provider placement guarantees.
KW - cloud mapping
KW - cloud security
KW - cloud tomography
KW - low rate attacks
KW - socket overloading
UR - http://www.scopus.com/inward/record.url?scp=84889069721&partnerID=8YFLogxK
U2 - 10.1145/2517488.2517491
DO - 10.1145/2517488.2517491
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84889069721
SN - 9781450324908
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 113
EP - 122
BT - CCSW 2013 - Proceedings of the 2013 ACM Cloud Computing Security Workshop, Co-located with CCS 2013
Y2 - 8 November 2013 through 8 November 2013
ER -