A Cross-Virtual Machine Network Channel Attack via Mirroring and TAP Impersonation

Atif Saeed; Peter Garraghan; Barney Craggs; Dirk van der Linden; Awais Rashid; Syed Asad Hussain

doi:10.1109/CLOUD.2018.00084

A Cross-Virtual Machine Network Channel Attack via Mirroring and TAP Impersonation

Atif Saeed, Peter Garraghan, Barney Craggs, Dirk van der Linden, Awais Rashid, Syed Asad Hussain

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

7 Citations (Scopus)

354 Downloads (Pure)

Abstract

Data privacy and security is a leading concern for providers and customers of cloud computing, where Virtual Machines (VMs) can co-reside within the same underlying physical machine. Side channel attacks within multi-tenant virtualized cloud environments are an established problem, where attackers are able to monitor and exfiltrate data from co-resident VMs. Virtualization services have attempted to mitigate such attacks by preventing VM-to-VM interference on shared hardware by providing logical resource isolation between co-located VMs via an internal virtual network. However, such approaches are also insecure, with attackers capable of performing network channel attacks which bypass mitigation strategies using vectors such as ARP Spoofing, TCP/IP steganography, and DNS poisoning. In this paper we identify a new vulnerability within the internal cloud virtual network, showing that through a combination of TAP impersonation and mirroring, a malicious VM can successfully redirect and monitor network traffic of VMs co-located within the same physical machine. We demonstrate the feasibility of this attack in a prominent cloud platform - OpenStack - under various security requirements and system conditions, and propose countermeasures for mitigation.

Original language	English
Title of host publication	2018 IEEE 11th International Conference on Cloud Computing (CLOUD 2018)
Subtitle of host publication	Proceedings of a meeting held 2-7 July 2018, San Francisco, California, USA
Place of Publication	San Francisco
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Pages	606-613
Number of pages	8
ISBN (Electronic)	9781538672358
ISBN (Print)	9781538672365
DOIs	https://doi.org/10.1109/CLOUD.2018.00084
Publication status	Published - 10 Sept 2018

Publication series

Name
ISSN (Electronic)	2159-6190

Research Groups and Themes

Cyber Security

Keywords

Attack
Cyber Security
Virtual Machine
VM

Access to Document

10.1109/CLOUD.2018.00084

Full-text PDF (accepted author manuscript)
This is the author accepted manuscript (AAM). The final published version (version of record) is available online via IEEE at https://ieeexplore.ieee.org/document/8457853 . Please refer to any applicable terms of use of the publisher.
Accepted author manuscript, 6.68 MB

Handle.net

Persistent link

Dr Barnaby Craggs
- barney.craggsbristol.acuk
- School of Computer Science - Lecturer
- IT Services - Chief Information Security Officer
Person: Academic , Professional and Administrative

Cite this

Saeed, A., Garraghan, P., Craggs, B., van der Linden, D., Rashid, A., & Hussain, S. A. (2018). A Cross-Virtual Machine Network Channel Attack via Mirroring and TAP Impersonation. In 2018 IEEE 11th International Conference on Cloud Computing (CLOUD 2018): Proceedings of a meeting held 2-7 July 2018, San Francisco, California, USA (pp. 606-613). Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/CLOUD.2018.00084

Saeed, Atif ; Garraghan, Peter ; Craggs, Barney et al. / A Cross-Virtual Machine Network Channel Attack via Mirroring and TAP Impersonation. 2018 IEEE 11th International Conference on Cloud Computing (CLOUD 2018): Proceedings of a meeting held 2-7 July 2018, San Francisco, California, USA. San Francisco : Institute of Electrical and Electronics Engineers (IEEE), 2018. pp. 606-613

@inproceedings{e2de0faa6971406686d5b13998b4bec4,

title = "A Cross-Virtual Machine Network Channel Attack via Mirroring and TAP Impersonation",

abstract = "Data privacy and security is a leading concern for providers and customers of cloud computing, where Virtual Machines (VMs) can co-reside within the same underlying physical machine. Side channel attacks within multi-tenant virtualized cloud environments are an established problem, where attackers are able to monitor and exfiltrate data from co-resident VMs. Virtualization services have attempted to mitigate such attacks by preventing VM-to-VM interference on shared hardware by providing logical resource isolation between co-located VMs via an internal virtual network. However, such approaches are also insecure, with attackers capable of performing network channel attacks which bypass mitigation strategies using vectors such as ARP Spoofing, TCP/IP steganography, and DNS poisoning. In this paper we identify a new vulnerability within the internal cloud virtual network, showing that through a combination of TAP impersonation and mirroring, a malicious VM can successfully redirect and monitor network traffic of VMs co-located within the same physical machine. We demonstrate the feasibility of this attack in a prominent cloud platform - OpenStack - under various security requirements and system conditions, and propose countermeasures for mitigation.",

keywords = "Attack, Cyber Security, Virtual Machine, VM",

author = "Atif Saeed and Peter Garraghan and Barney Craggs and \{van der Linden\}, Dirk and Awais Rashid and Hussain, \{Syed Asad\}",

year = "2018",

month = sep,

day = "10",

doi = "10.1109/CLOUD.2018.00084",

language = "English",

isbn = "9781538672365",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

pages = "606--613",

booktitle = "2018 IEEE 11th International Conference on Cloud Computing (CLOUD 2018)",

address = "United States",

}

Saeed, A, Garraghan, P, Craggs, B, van der Linden, D, Rashid, A & Hussain, SA 2018, A Cross-Virtual Machine Network Channel Attack via Mirroring and TAP Impersonation. in 2018 IEEE 11th International Conference on Cloud Computing (CLOUD 2018): Proceedings of a meeting held 2-7 July 2018, San Francisco, California, USA. Institute of Electrical and Electronics Engineers (IEEE), San Francisco, pp. 606-613. https://doi.org/10.1109/CLOUD.2018.00084

A Cross-Virtual Machine Network Channel Attack via Mirroring and TAP Impersonation. / Saeed, Atif; Garraghan, Peter; Craggs, Barney et al.
2018 IEEE 11th International Conference on Cloud Computing (CLOUD 2018): Proceedings of a meeting held 2-7 July 2018, San Francisco, California, USA. San Francisco: Institute of Electrical and Electronics Engineers (IEEE), 2018. p. 606-613.

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

TY - GEN

T1 - A Cross-Virtual Machine Network Channel Attack via Mirroring and TAP Impersonation

AU - Saeed, Atif

AU - Garraghan, Peter

AU - Craggs, Barney

AU - van der Linden, Dirk

AU - Rashid, Awais

AU - Hussain, Syed Asad

PY - 2018/9/10

Y1 - 2018/9/10

N2 - Data privacy and security is a leading concern for providers and customers of cloud computing, where Virtual Machines (VMs) can co-reside within the same underlying physical machine. Side channel attacks within multi-tenant virtualized cloud environments are an established problem, where attackers are able to monitor and exfiltrate data from co-resident VMs. Virtualization services have attempted to mitigate such attacks by preventing VM-to-VM interference on shared hardware by providing logical resource isolation between co-located VMs via an internal virtual network. However, such approaches are also insecure, with attackers capable of performing network channel attacks which bypass mitigation strategies using vectors such as ARP Spoofing, TCP/IP steganography, and DNS poisoning. In this paper we identify a new vulnerability within the internal cloud virtual network, showing that through a combination of TAP impersonation and mirroring, a malicious VM can successfully redirect and monitor network traffic of VMs co-located within the same physical machine. We demonstrate the feasibility of this attack in a prominent cloud platform - OpenStack - under various security requirements and system conditions, and propose countermeasures for mitigation.

AB - Data privacy and security is a leading concern for providers and customers of cloud computing, where Virtual Machines (VMs) can co-reside within the same underlying physical machine. Side channel attacks within multi-tenant virtualized cloud environments are an established problem, where attackers are able to monitor and exfiltrate data from co-resident VMs. Virtualization services have attempted to mitigate such attacks by preventing VM-to-VM interference on shared hardware by providing logical resource isolation between co-located VMs via an internal virtual network. However, such approaches are also insecure, with attackers capable of performing network channel attacks which bypass mitigation strategies using vectors such as ARP Spoofing, TCP/IP steganography, and DNS poisoning. In this paper we identify a new vulnerability within the internal cloud virtual network, showing that through a combination of TAP impersonation and mirroring, a malicious VM can successfully redirect and monitor network traffic of VMs co-located within the same physical machine. We demonstrate the feasibility of this attack in a prominent cloud platform - OpenStack - under various security requirements and system conditions, and propose countermeasures for mitigation.

KW - Attack

KW - Cyber Security

KW - Virtual Machine

KW - VM

U2 - 10.1109/CLOUD.2018.00084

DO - 10.1109/CLOUD.2018.00084

M3 - Conference Contribution (Conference Proceeding)

SN - 9781538672365

SP - 606

EP - 613

BT - 2018 IEEE 11th International Conference on Cloud Computing (CLOUD 2018)

PB - Institute of Electrical and Electronics Engineers (IEEE)

CY - San Francisco

ER -

Saeed A, Garraghan P, Craggs B, van der Linden D, Rashid A, Hussain SA. A Cross-Virtual Machine Network Channel Attack via Mirroring and TAP Impersonation. In 2018 IEEE 11th International Conference on Cloud Computing (CLOUD 2018): Proceedings of a meeting held 2-7 July 2018, San Francisco, California, USA. San Francisco: Institute of Electrical and Electronics Engineers (IEEE). 2018. p. 606-613 doi: 10.1109/CLOUD.2018.00084

A Cross-Virtual Machine Network Channel Attack via Mirroring and TAP Impersonation

Abstract

Publication series

Research Groups and Themes

Keywords

Access to Document

Handle.net

Fingerprint

Profiles

Dr Barnaby Craggs

Cite this