Sift - An Efficient Method for Co-residency Detection on Amazon EC2

Kang Chen; Qingni Shen; Cong Li; Yang Luo; Yahui Yang; Zhonghai Wu

doi:10.5220/0005742004230431

Sift - An Efficient Method for Co-residency Detection on Amazon EC2

Kang Chen, Qingni Shen, Cong Li, Yang Luo, Yahui Yang, Zhonghai Wu

2016

Abstract

Cloud computing, an emerging computing and service paradigm, where the computing and storage capabilities are outsourced on demand, offers the advanced capabilities of sharing and multi-tenancy. But security has been a major barrier for its adoption to enterprise, as being placed with other tenants on the same physical machine (i.e. co-residency or co-location) poses a particular risk. Former research has shown how side channels in shared hardware may enable attackers to exfiltrate sensitive data across virtual machines (VMs). In view of such risks, tenants need to be able to verify physical isolation of their VMs. This paper presents Sift, an efficient and reliable approach for co-residency detection. Through a pre-filtration procedure, the time for co-residency detection could be significantly reduced. We describe the cloud scenarios envisaged for use of Sift and the accompanying threat model. A preliminary validation of Sift has been carried out in a local lab Xen virtualization experimental platform. Then, using the Amazon’s Elastic Compute Cloud (EC2) as the test platform, we evaluate its practicability in production cloud environment. It appears that Sift can confirm co-residency with a target VM instance in less than 5 seconds with an extremely low false rate.

Download

Paper Citation

in Harvard Style

Chen K., Shen Q., Li C., Luo Y., Yang Y. and Wu Z. (2016). Sift - An Efficient Method for Co-residency Detection on Amazon EC2 . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 423-431. DOI: 10.5220/0005742004230431

in Bibtex Style

@conference{icissp16,
author={Kang Chen and Qingni Shen and Cong Li and Yang Luo and Yahui Yang and Zhonghai Wu},
title={Sift - An Efficient Method for Co-residency Detection on Amazon EC2},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={423-431},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005742004230431},
isbn={978-989-758-167-0},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Sift - An Efficient Method for Co-residency Detection on Amazon EC2
SN - 978-989-758-167-0
AU - Chen K.
AU - Shen Q.
AU - Li C.
AU - Luo Y.
AU - Yang Y.
AU - Wu Z.
PY - 2016
SP - 423
EP - 431
DO - 10.5220/0005742004230431