Sift an efficient method for co-residency detection on amazon EC2 | |
Chen, Kang ; Shen, Qingni ; Li, Cong ; Luo, Yang ; Yang, Yahui ; Wu, Zhonghai | |
2016 | |
英文摘要 | Cloud computing, an emerging computing and service paradigm, where the computing and storage capabilities are outsourced on demand, offers the advanced capabilities of sharing and multi-Tenancy. But security has been a major barrier for its adoption to enterprise, as being placed with other tenants on the same physical machine (i.e. co-residency or co-location) poses a particular risk. Former research has shown how side channels in shared hardware may enable attackers to exfiltrate sensitive data acrob virtual machines (VMs). In view of such risks, tenants need to be able to verify physical isolation of their VMs. This paper presents Sift, an efficient and reliable approach for co-residency detection. Through a prefiltration procedure, the time for co-residency detection could be significantly reduced. We describe the cloud scenarios envisaged for use of Sift and the accompanying threat model. A preliminary validation of Sift has been carried out in a local lab Xen virtualization experimental platform. Then, using the Amazon's Elastic Compute Cloud (EC2) as the test platform, we evaluate its practicability in production cloud environment. It appears that Sift can confirm co-residency with a target VM instance in leb than 5 seconds with an extremely low false rate. Copyright ? 2016 by SCITEPRESS - Science and Technology Publications, Lda.; EI; 423-431 |
语种 | 英语 |
出处 | 2nd International Conference on Information Systems Security and Privacy, ICISSP 2016 |
内容类型 | 其他 |
源URL | [http://ir.pku.edu.cn/handle/20.500.11897/436374] |
专题 | 软件与微电子学院 |
推荐引用方式 GB/T 7714 | Chen, Kang,Shen, Qingni,Li, Cong,et al. Sift an efficient method for co-residency detection on amazon EC2. 2016-01-01. |
个性服务 |
查看访问统计 |
相关权益政策 |
暂无数据 |
收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论