Co-location-resistant clouds

Yossi Azar; Seny Kamara; Ishai Menache; Mariana Raykovau; Bruce Shepherdu

doi:10.1145/2664168.2664179

Co-location-resistant clouds

Yossi Azar, Seny Kamara, Ishai Menache, Mariana Raykovau, Bruce Shepherdu

School of Computer Science

Tel Aviv University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

We consider the problem of designing multi-tenant public infrastructure clouds resistant to cross-VM attacks without relying on single-tenancy or on assumptions about the cloud's servers. In a cross-VM attack (which have been demonstrated recently in Amazon EC2) an adversary launches malicious virtual machines (VM) that perform side-channel attacks against co-located VMs in order to recover their contents. We propose a formal model in which to design and analyze secure VM placement algorithms, which are online vector bin packing algorithms that simultaneously satisfy certain optimization constraints and notions of security. We introduce and formalize several notions of security, establishing formal connections between them. We also introduce a new notion of efficiency for online bin packing algorithms that better captures their cost in the setting of cloud computing. Finally, we propose a secure placement algorithm that achieves our strong notions of security when used with a new cryptographic mechanism we refer to as a shared deployment scheme.

Original language	English
Title of host publication	CCSW 2014 - Proceedings of the 2014 ACM Cloud Computing Security Workshop, Co-located with CCS 2014
Publisher	Association for Computing Machinery
Pages	9-20
Number of pages	12
Edition	November
ISBN (Print)	9781450332392
DOIs	https://doi.org/10.1145/2664168.2664179
State	Published - 7 Nov 2014
Event	6th ACM Cloud Computing Security Workshop, CCSW 2014, Held in Conjunction with the 2014 ACM Computer and Communication Security, CCS 2014 - Scottsdale, United States Duration: 7 Nov 2014 → …

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
Number	November
Volume	2014-November

Conference

Conference	6th ACM Cloud Computing Security Workshop, CCSW 2014, Held in Conjunction with the 2014 ACM Computer and Communication Security, CCS 2014
Country/Territory	United States
City	Scottsdale
Period	7/11/14 → …

Keywords

Bin packing
Cloud computing
Co-location attacks
Co-location resistance
Cross-VM attacks
Cryptography
Isolation

All Science Journal Classification (ASJC) codes

Software
Computer Networks and Communications

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1145/2664168.2664179

Cite this

Azar, Y., Kamara, S., Menache, I., Raykovau, M., & Shepherdu, B. (2014). Co-location-resistant clouds. In CCSW 2014 - Proceedings of the 2014 ACM Cloud Computing Security Workshop, Co-located with CCS 2014 (November ed., pp. 9-20). (Proceedings of the ACM Conference on Computer and Communications Security; Vol. 2014-November, No. November). Association for Computing Machinery. https://doi.org/10.1145/2664168.2664179

@inproceedings{394f295abcaf4465a3b2164a16b66748,

title = "Co-location-resistant clouds",

abstract = "We consider the problem of designing multi-tenant public infrastructure clouds resistant to cross-VM attacks without relying on single-tenancy or on assumptions about the cloud's servers. In a cross-VM attack (which have been demonstrated recently in Amazon EC2) an adversary launches malicious virtual machines (VM) that perform side-channel attacks against co-located VMs in order to recover their contents. We propose a formal model in which to design and analyze secure VM placement algorithms, which are online vector bin packing algorithms that simultaneously satisfy certain optimization constraints and notions of security. We introduce and formalize several notions of security, establishing formal connections between them. We also introduce a new notion of efficiency for online bin packing algorithms that better captures their cost in the setting of cloud computing. Finally, we propose a secure placement algorithm that achieves our strong notions of security when used with a new cryptographic mechanism we refer to as a shared deployment scheme.",

keywords = "Bin packing, Cloud computing, Co-location attacks, Co-location resistance, Cross-VM attacks, Cryptography, Isolation",

author = "Yossi Azar and Seny Kamara and Ishai Menache and Mariana Raykovau and Bruce Shepherdu",

note = "Publisher Copyright: Copyright {\textcopyright} 2014 by the Association for Computing Machinery, Inc. (ACM).; 6th ACM Cloud Computing Security Workshop, CCSW 2014, Held in Conjunction with the 2014 ACM Computer and Communication Security, CCS 2014 ; Conference date: 07-11-2014",

year = "2014",

month = nov,

day = "7",

doi = "10.1145/2664168.2664179",

language = "الإنجليزيّة",

isbn = "9781450332392",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

number = "November",

pages = "9--20",

booktitle = "CCSW 2014 - Proceedings of the 2014 ACM Cloud Computing Security Workshop, Co-located with CCS 2014",

address = "الولايات المتّحدة",

edition = "November",

}

Azar, Y, Kamara, S, Menache, I, Raykovau, M & Shepherdu, B 2014, Co-location-resistant clouds. in CCSW 2014 - Proceedings of the 2014 ACM Cloud Computing Security Workshop, Co-located with CCS 2014. November edn, Proceedings of the ACM Conference on Computer and Communications Security, no. November, vol. 2014-November, Association for Computing Machinery, pp. 9-20, 6th ACM Cloud Computing Security Workshop, CCSW 2014, Held in Conjunction with the 2014 ACM Computer and Communication Security, CCS 2014, Scottsdale, United States, 7/11/14. https://doi.org/10.1145/2664168.2664179

Co-location-resistant clouds. / Azar, Yossi; Kamara, Seny; Menache, Ishai et al.
CCSW 2014 - Proceedings of the 2014 ACM Cloud Computing Security Workshop, Co-located with CCS 2014. November. ed. Association for Computing Machinery, 2014. p. 9-20 (Proceedings of the ACM Conference on Computer and Communications Security; Vol. 2014-November, No. November).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Co-location-resistant clouds

AU - Azar, Yossi

AU - Kamara, Seny

AU - Menache, Ishai

AU - Raykovau, Mariana

AU - Shepherdu, Bruce

PY - 2014/11/7

Y1 - 2014/11/7

N2 - We consider the problem of designing multi-tenant public infrastructure clouds resistant to cross-VM attacks without relying on single-tenancy or on assumptions about the cloud's servers. In a cross-VM attack (which have been demonstrated recently in Amazon EC2) an adversary launches malicious virtual machines (VM) that perform side-channel attacks against co-located VMs in order to recover their contents. We propose a formal model in which to design and analyze secure VM placement algorithms, which are online vector bin packing algorithms that simultaneously satisfy certain optimization constraints and notions of security. We introduce and formalize several notions of security, establishing formal connections between them. We also introduce a new notion of efficiency for online bin packing algorithms that better captures their cost in the setting of cloud computing. Finally, we propose a secure placement algorithm that achieves our strong notions of security when used with a new cryptographic mechanism we refer to as a shared deployment scheme.

AB - We consider the problem of designing multi-tenant public infrastructure clouds resistant to cross-VM attacks without relying on single-tenancy or on assumptions about the cloud's servers. In a cross-VM attack (which have been demonstrated recently in Amazon EC2) an adversary launches malicious virtual machines (VM) that perform side-channel attacks against co-located VMs in order to recover their contents. We propose a formal model in which to design and analyze secure VM placement algorithms, which are online vector bin packing algorithms that simultaneously satisfy certain optimization constraints and notions of security. We introduce and formalize several notions of security, establishing formal connections between them. We also introduce a new notion of efficiency for online bin packing algorithms that better captures their cost in the setting of cloud computing. Finally, we propose a secure placement algorithm that achieves our strong notions of security when used with a new cryptographic mechanism we refer to as a shared deployment scheme.

KW - Bin packing

KW - Cloud computing

KW - Co-location attacks

KW - Co-location resistance

KW - Cross-VM attacks

KW - Cryptography

KW - Isolation

UR - http://www.scopus.com/inward/record.url?scp=84937709982&partnerID=8YFLogxK

U2 - 10.1145/2664168.2664179

DO - 10.1145/2664168.2664179

M3 - منشور من مؤتمر

SN - 9781450332392

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 9

EP - 20

BT - CCSW 2014 - Proceedings of the 2014 ACM Cloud Computing Security Workshop, Co-located with CCS 2014

PB - Association for Computing Machinery

T2 - 6th ACM Cloud Computing Security Workshop, CCSW 2014, Held in Conjunction with the 2014 ACM Computer and Communication Security, CCS 2014

Y2 - 7 November 2014

ER -

Co-location-resistant clouds

Abstract

Publication series

Conference

Keywords

All Science Journal Classification (ASJC) codes

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this