Retrieved de https://studentshare.org/information-technology/1437080-hey-you-get-off-of-my-cloud-exploring-information
https://studentshare.org/information-technology/1437080-hey-you-get-off-of-my-cloud-exploring-information.
In the article, using EC2 service, a ‘map’ was created to understand the potential targets that may be located inside the cloud and also for instance creation parameters, which is needed to establish the co-residence of an adversarial instance. Creation of this type of Map can provide opportunities for the adversaries to place malicious VM on the same physical machine as a target. The authors provide extensive details on how to map the Cloud. According to them, the availability zones in the Cloud are likely to correspond to different internal IP address ranges, which also may be true for instance types as well.
Thus, when the adversary maps the use of the EC2 internal address space, it can help them to find out which “IP addresses corresponds to which creation parameters.” (Ristenpart et al.). In addition, EC2’s DNS service has the provision to map public IP address to private IP address. The map thus generated can be used by the adversary to deduce the instance type and availability zones of a target service, which sizably reduces the number of instances that needs to be tried, before a co-resident placement is successfully achieved.
The authors evaluate the above discussed two vulnerable sections by using two data sets. The first data set is the one which is created by categorizing the public EC2-based web servers using external probes like WHOIS queries, and then translating the responsive public IPs to internal IPs. The second set is created by initiating a number of EC2 instances of varying types, and then surveying the resulting IP address assigned. (Ristenpart et al.). To fully utilize this data, the authors presented a heuristic algorithm, which has the ability to label /24 prefixes with an estimate of the availability zone.
Thus, by using these options, a map of internal EC2 address space is outputted, which can allow adversaries to estimate the availability zone and instance type of any target. With outputted map, the adversary can attempt to achieve placement on the same physical machine, and so in the next section of the article, the authors discuss about the several co-residence checks. According to the authors, instances are said to be co-resident, if they have matching “Dom0 IP address, small packet round-trip times, or even numerically close internal IP addresses.
” (Ristenpart et al.). After providing this crucial piece of information, the authors focus on how adversaries can achieve co-residence in the same physical machine using the outputted map, by following two strategies, the brute-force strategy and the refined strategy. Under brute-force strategy, the attacker has to simply launch many instances over a relatively long period of time. In the case of refined strategy, the attacker has to target the recently-launched instances, as the Third Party providers particularly EC2 assign fresh instances to mainly the same small set of machines.
According to the authors, the later strategy has high chances of achieving co-residence, and they provide how this strategy “achieves co-residence with a specific (m1.small) instance almost half the time.” (Ristenpart et
...Download file to see next pages Read More