255 Hits in 4.6 sec

On detecting co-resident cloud instances using network flow watermarking techniques

Adam Bates, Benjamin Mood, Joe Pletcher, Hannah Pruse, Masoud Valafar, Kevin Butler
2013 International Journal of Information Security  
This paper presents coresident watermarking, a traffic analysis attack that allows a malicious co-resident VM to inject a watermark signature into the network flow of a target instance.  ...  We go on to consider the detectability of co-resident watermarking, extending our scheme to create a subtler watermarking attack by imitating legitimate cloud customer behavior.  ...  Through our use of Futuregrid, this material is based upon work supported in part by the National Science Foundation Under Grant No. 0910812 to Indiana University for "FutureGrid: An Experimental, High-Performance  ... 
doi:10.1007/s10207-013-0210-0 fatcat:xzpe7dvlwvf5bit53mngls3vpi

Detecting co-residency with active traffic analysis techniques

Adam Bates, Benjamin Mood, Joe Pletcher, Hannah Pruse, Masoud Valafar, Kevin Butler
2012 Proceedings of the 2012 ACM Workshop on Cloud computing security workshop - CCSW '12  
This paper presents co-resident watermarking, a traffic analysis attack that allows a malicious co-resident VM to inject a watermark signature into the network flow of a target instance.  ...  This watermark can be used to exfiltrate and broadcast co-residency data from the physical machine, compromising isolation without reliance on internal side channels.  ...  Through our use of Futuregrid, this material is based upon work supported in part by the National Science Foundation under Grant No. 0910812 to Indiana University for "FutureGrid: An Experimental, High-Performance  ... 
doi:10.1145/2381913.2381915 dblp:conf/ccs/BatesMPPVB12 fatcat:2fdzbumsbrcptjoldapjnbua6i

On Detection of Network-Based Co-residence Verification Attacks in SDN-Driven Clouds [chapter]

Mikhail Zolotukhin, Elena Ivannikova, Timo Hämäläinen
2017 Lecture Notes in Computer Science  
In this study, we concentrate on timely detection of intentional co-residence attempts in cloud environments that utilize software-defined networking.  ...  The detection results obtained show us that the co-residence verification attack can be detected with the methods that are usually employed for botnet analysis.  ...  Co-residence Verification Detection As can be seen from the attack vector description, the malicious cloud customer requires to spawn a large number of virtual instances on the cloud.  ... 
doi:10.1007/978-3-319-67380-6_22 fatcat:b3ejd5bos5fmrl4v26vlew3flq

Co-location Detection on the Cloud [chapter]

Mehmet Sinan İnci, Berk Gulmezoglu, Thomas Eisenbarth, Berk Sunar
2016 Lecture Notes in Computer Science  
Finally, we show that both cooperative and non-cooperative co-location to specific targets on cloud is still possible on major cloud services.  ...  We demonstrate and compare three co-location detection methods namely, cooperative Last-Level Cache (LLC) covert channel, software profiling on the LLC and memory bus locking.  ...  Furthermore, the technique was not tested in commercial clouds. Shortly later, Bates et al. [6] demonstrated that a malicious VM can inject a watermark in the network flow of a potential victim.  ... 
doi:10.1007/978-3-319-43283-0_2 fatcat:yebd452h35bcpmo63aqbklvdqm

On the Properties of Non-Media Digital Watermarking: A Review of State of the Art Techniques

Arezou Soltani Panah, Ron Van Schyndel, Timos Sellis, Elisa Bertino
2016 IEEE Access  
Over the last 25 years, there has been much work on multimedia digital watermarking. In this domain, the primary limitation to watermark strength has been in its visibility.  ...  Since by definition, the intended receiver should be able to detect the watermark, we have to redefine invisibility in an acceptable way that is often application-specific and thus cannot be easily generalized  ...  For this purpose, a malicious user is able to embed a watermark into the network flow of a target instance and broadcast co-residency data from that physical machine in order to compromise co-residence  ... 
doi:10.1109/access.2016.2570812 fatcat:2xxteahvprepzekaqqbbyey7hi

Sift - An Efficient Method for Co-residency Detection on Amazon EC2

Kang Chen, Qingni Shen, Cong Li, Yang Luo, Yahui Yang, Zhonghai Wu
2016 Proceedings of the 2nd International Conference on Information Systems Security and Privacy  
This paper presents Sift, an efficient and reliable approach for co-residency detection. Through a prefiltration procedure, the time for co-residency detection could be significantly reduced.  ...  It appears that Sift can confirm co-residency with a target VM instance in less than 5 seconds with an extremely low false rate.  ...  ., (2012) proposed the coresidency watermark technique based on the network packet delay problem of co-resident VMs.  ... 
doi:10.5220/0005742004230431 dblp:conf/icissp/ChenSLLYW16 fatcat:beuu6rejsbea7epmcqh53msh3y

A Survey of Timing Channels and Countermeasures

Arnab Kumar Biswas, Dipak Ghosal, Shishir Nagaraja
2017 ACM Computing Surveys  
flow watermarking.  ...  Based on the analysis of the current literature we articulate potential future research directions both in the design and applications of timing channels and their detection and prevention techniques.  ...  Different categories of network flow watermarking techniques.  ... 
doi:10.1145/3023872 fatcat:bj7jt5qwtbet3lzp5yghle4c3m

Data exfiltration: A review of external attack vectors and countermeasures

Faheem Ullah, Matthew Edwards, Rajiv Ramdhany, Ruzanna Chitchyan, M. Ali Babar, Awais Rashid
2018 Journal of Network and Computer Applications  
Conclusion: This review has revealed that (a) most of the state of the art is focussed on preventive and detective countermeasures and significant research is required on developing investigative countermeasures  ...  These countermeasures aim to detect, prevent, or investigate exfiltration of sensitive or private data.  ...  When co-residency is local, for example, an agent shares the same machine with legitimate sensitive-data-processing programs; memoryscanning techniques can be used to scrape data.  ... 
doi:10.1016/j.jnca.2017.10.016 fatcat:fweg67tparct5owb3r4qrpgvxq

SH-SecNet: An Enhanced Secure Network Architecture for the Diagnosis of Security Threats in a Smart Home

Saurabh Singh, Pradip Kumar Sharma, Jong Hyuk Park
2017 Sustainability  
In our architecture, we use the Multivariate Correlation Analysis (MCA) technique to analyze the network flow packet in the network layer, as this classifies the network traffic by extracting the correlation  ...  Thus, security is still a primary concern in the smart home network. This has motivated us to conduct research on smart home network security issues and provide an efficient, secure solution.  ...  The MCA technique is applied to detect the DoS attack in the home network using triangle area map generation.  ... 
doi:10.3390/su9040513 fatcat:biorfpraeregrohrj62dlywr3e

Security of Cloud FPGAs: A Survey [article]

Chenglu Jin, Vasudev Gohil, Ramesh Karri, Jeyavijayan Rajendran
2020 arXiv   pre-print
Integrating Field Programmable Gate Arrays (FPGAs) with cloud computing instances is a rapidly emerging trend on commercial cloud computing platforms such as Amazon Web Services (AWS), Huawei cloud, and  ...  Cloud FPGAs allow cloud users to build hardware accelerators to speed up the computation in the cloud.  ...  IP watermarking is a technique that adds special modules into a hardware design (IP core). It should be difficult for an attacker to detect and remove the embedded watermarks.  ... 
arXiv:2005.04867v1 fatcat:yr2habmipvfnbn64yvczvapi34

MIGRATE: Towards a Lightweight Moving-Target Defense Against Cloud Side-Channels

Mohamed Azab, Mohamed Eltoweissy
2016 2016 IEEE Security and Privacy Workshops (SPW)  
To minimize the probability of attacker-victim co-residency on the same host. Eliminating the stable co-residency issue eliminates most of the side-channel attacks that face such a platform.  ...  Except for the impractical, resource inefficient, and costly single tenant solutions, co-residency will always be an issue to cloud service providers.  ...  Ahmed Neil from Mansoura University Information and Network Department, for his help through the course of this wok.  ... 
doi:10.1109/spw.2016.28 dblp:conf/sp/AzabE16 fatcat:gftwdmno3vbhznwenku7mr7ede


Christian Priebe, Divya Muthukumaran, Dan O' Keeffe, David Eyers, Brian Shand, Ruediger Kapitza, Peter Pietzuch
2014 Proceedings of the 6th edition of the ACM Workshop on Cloud Computing Security - CCSW '14  
It exploits the incentive of tenants to co-operate with each other to detect accidental data leakage.  ...  Using an implementation of CSN deployed on the OpenShift and AppScale PaaS platforms, we show that it can discover misconfigurations and bugs with a negligible performance impact.  ...  Its tagbased approach to monitoring data flows is related to information flow control techniques, encryption and digital watermarking. We now survey this related work in more detail.  ... 
doi:10.1145/2664168.2664174 dblp:conf/ccs/PriebeMKESKP14 fatcat:4bxpwlrybrdfflp3awm4bahol4

Privacy in Sensor-Driven Human Data Collection: A Guide for Practitioners [article]

Arkadiusz Stopczynski, Riccardo Pietri, Alex Pentland, David Lazer, Sune Lehmann
2014 arXiv   pre-print
This development has been partially driven by individuals posting and storing data about themselves and friends using online social networks or collecting their data for self-tracking purposes (quantified-self  ...  Although focused on data collection in an academic context, we believe that many of the challenges and solutions we identify are also relevant and useful for other domains where massive data collection  ...  It can detect if a dataset collected for one experiment is leaked to another co-resident cloud tenant.  ... 
arXiv:1403.5299v1 fatcat:4l5pk7l66jcobdmxjb7a3hpdtu

Secure Cloud Infrastructure: A Survey on Issues, Current Solutions, and Open Challenges

Yara Alghofaili, Albatul Albattah, Noura Alrajeh, Murad A. Rassam, Bander Ali Saleh Al-rimy
2021 Applied Sciences  
This paper presents a comprehensive survey of the security issues at different cloud infrastructure levels (e.g., application, network, host, and data).  ...  Based on the exploration of the current challenges, some cloud features such as flexibility, elasticity and the multi-tenancy are found to pose new challenges at each infrastructure level.  ...  SMOOP assessed cloud security from four perspectives: hypervisor vulnerabilities, networking, co-residence, and VM vulnerabilities.  ... 
doi:10.3390/app11199005 fatcat:zxxcwgbscffnzakdrqrqicegq4

Leveraging Side-channel Information for Disassembly and Security

Jungmin Park, Fahim Rahman, Apostol Vassilev, Domenic Forte, Mark Tehranipoor
2019 ACM Journal on Emerging Technologies in Computing Systems  
Due to limited hardware resources for embedded devices and difficulty in wide-coverage and on-time software updates, software-only cyber defense techniques, such as traditional anti-virus and malware detectors  ...  Monitoring devices using side channel leakage information, e.g. power supply variation and electromagnetic (EM) radiation, is a promising avenue that promotes multiple directions in security and trust  ...  A key application resides in IP/IC fingerprinting and watermarking.  ... 
pmid:32863796 pmcid:PMC7450766 fatcat:hefsx3i2hzdulhaxcj5wcvjbfm
« Previous Showing results 1 — 15 out of 255 results