Addressing Issues of Cloud Resilience, Security and Performance through Simple Detection of Co-locating Sibling Virtual Machine Instances

John O'Loughlin, Lee Gillam

2015

Abstract

Most current Infrastructure Clouds are built on shared tenancy architectures, with resources shared amongst large numbers of customers. However, multi tenancy can lead to performance issues (so-called “noisy neighbours”) and also brings potential for serious security breaches such as hypervisor breakouts. Consequently, there has been a focus in the literature on identifying co-locating instances that are being affected by noisy neighbours or suggesting that such instances are vulnerable to attack. However, there is limited evidence of any such attacks in the wild. More beneficially, knowing that there is co-location amongst your own Virtual Machine instances (siblings) can help to avoid being your own worst enemy: avoiding your instances acting as your own noisy neighbours, building resilience through ensuring host-based redundancy, and/or reducing exposure to a single compromised host. In this paper, we propose and demonstrate a simple test to detect co-locating sibling instances on Xen-based Clouds, as could help address such needs, and evaluate its efficacy on Amazon’s EC2

References

  1. Armbrust, M. et al. (2009) “Above the clouds: a Berkely view of cloud computing”. Technical Report EECS2008-28, EECS Department, University of California, Berkeley.
  2. Intel, (2014) [Online]. Available at: www.intel.com/ content/dam/www/public/use/en/documents/whitepapers/intel-saa-performance-white-paper.pdf. [Accessed on 02/01/2015]
  3. Zhang, X. et al. (2013) CPÛ2: CPU performance isolation for shared compute clusters, Proc of EuroSys 2013, pp 379-391.
  4. Zhang, Y. et al. (2012) Cross-VM Side Channels and their use to Extract Private Keys, Proc of the 2012 ACM Conference on Computer and communications Security, pp305-316.
  5. Ristenpart, T. Tromer, E. Shacham, H. Savage, S. (2010) Hey you get off my Cloud, Proc of the 16th ACM Conference on Computer and communications Security, pp199-212.
  6. Bates, A. et al (2013) On Detecting Co-resident Cloud Instances using Network Flow Watermarking Techniques, International Journal of Information Security, Vol 13, Issue 2, pp 171-189.
  7. Lui, F. Ren, L. Bai, H. (2014) Mitigating Cross-VM Side Channel Attacks on Multiple Tenants Cloud Platform, Journal of Computers, Vol 9, No 4, pp1005-1013.
  8. Zhang, Y. Juels, A. Oprea, A. Reiter, M.K. (2011) Home Alone: Co residency detection in the cloud via side channel analysis, Proc 2011 IEEE Symposium on Security and Privacy, pp313-328.
  9. Xen, (no date) [Online]. Available at: www.xenproject.org [Accessed: 08/02/2015].
  10. Xenstore, (2014) [Online]. Available at: http://wiki.xen.org/wiki/XenStoreReference [Accessed: 08/02/2015].
  11. Dasgupta, A. (2004) The Matching, Birthday and Strong Birthday Problem: A Contemporary Review, Journal of Statistical Planning and Inference 130, pp377-389, 2004.
  12. Vanian, J., 2014. [Online]. Available at: https://gigaom. com/2014/11/12/amazon-details-how-it-doesnetworking-in-its-data-centers/ [Accessed: 08/02/2015].
  13. Osterman, S., et al. (2010) A performance analysis of EC2 cloud computing services for scientific computing, Cloud Computing, Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, vol 34, pp115-131.
  14. Iosup, A. Nezih, Y. and Dick, E. (2011) On the performance variability of production cloud services. In Cluster, Cloud and Grid Computing (CCGrid), 2011.
  15. Farley, B. et al. (2012) “More for your money: exploiting performance heterogeneity in Public Clouds”, in Proc. of the Third ACM Symposium on Cloud Computing, article no. 20.
  16. Zhuang, H. Liu, X. Ou, Z. Arberer, A. (2013) “Impact of Instance Seeking Strategies on Resource Allocation in Cloud Data Centres”, in Proc. Of the IEEE Sixth International Conference on Cloud Computing, pp27- 34.
Download


Paper Citation


in Harvard Style

O'Loughlin J. and Gillam L. (2015). Addressing Issues of Cloud Resilience, Security and Performance through Simple Detection of Co-locating Sibling Virtual Machine Instances . In Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-104-5, pages 60-67. DOI: 10.5220/0005485000600067


in Bibtex Style

@conference{closer15,
author={John O'Loughlin and Lee Gillam},
title={Addressing Issues of Cloud Resilience, Security and Performance through Simple Detection of Co-locating Sibling Virtual Machine Instances},
booktitle={Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2015},
pages={60-67},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005485000600067},
isbn={978-989-758-104-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - Addressing Issues of Cloud Resilience, Security and Performance through Simple Detection of Co-locating Sibling Virtual Machine Instances
SN - 978-989-758-104-5
AU - O'Loughlin J.
AU - Gillam L.
PY - 2015
SP - 60
EP - 67
DO - 10.5220/0005485000600067