Hey, You, Get Off of My Cloud:
Exploring Information Leakage in Third-Party Compute Clouds
Third-party cloud computing represents the promise of outsourcing as
applied to computation. Services, such as Microsoft's Azure and
Amazon's EC2, allow users to instantiate virtual machines (VMs) on
demand and thus purchase precisely the capacity they require when they
require it. In turn, the use of virtualization allows third-party
cloud providers to maximize the utilization of their sunk capital
costs by multiplexing many customer VMs across a shared physical
infrastructure. However, in this paper, we show that this approach
can also introduce new vulnerabilities. Using the Amazon EC2 service
as a case study, we show that it is possible to map the internal cloud
infrastructure, identify where a particular target VM is likely to
reside, and then instantiate new VMs until one is placed co-resident
with the target. We explore how such placement can then be used to
mount cross-VM side-channel attacks to extract information from a
target VM on the same machine.
Paper: [PDF]
To appear in the proceedings of the ACM Conference on Computer and Communications Security, 2009.