A Comprehensive Study of Co-residence Threat in Multi-tenant Public PaaS Clouds

Public Platform-as-a-Service (PaaS) clouds are always multi-tenant. Applications from different tenants may reside on the same physical machine, which introduces the risk of sharing physical resources with a potentially malicious application. This gives the malicious application the chance to extrac...

Full description

Saved in:
Bibliographic Details
Published inInformation and Communications Security Vol. 9977; pp. 361 - 375
Main Authors Zhang, Weijuan, Jia, Xiaoqi, Wang, Chang, Zhang, Shengzhi, Huang, Qingjia, Wang, Mingsheng, Liu, Peng
Format Book Chapter
LanguageEnglish
Published Switzerland Springer International Publishing AG 2016
Springer International Publishing
SeriesLecture Notes in Computer Science
Subjects
Co-residence threat
Co-resident
Memory bus
Multi-tenant
PaaS cloud
Online AccessGet full text
ISBN3319500104
9783319500102
ISSN0302-9743
1611-3349
DOI10.1007/978-3-319-50011-9_28

Cover

More Information
Summary:Public Platform-as-a-Service (PaaS) clouds are always multi-tenant. Applications from different tenants may reside on the same physical machine, which introduces the risk of sharing physical resources with a potentially malicious application. This gives the malicious application the chance to extract secret information of other tenants via side-channels. Though large numbers of researchers focus on the information extraction, there are few studies on the co-residence threat in public clouds, especially PaaS clouds. In this paper, we in detail studied the co-residence threat of public PaaS clouds. Firstly, we investigate the characteristics of different PaaS clouds and implement a memory bus based covert-channel detection method that works for various PaaS cloud platforms. Secondly, we study three popular PaaS clouds Amazon Elastic Beanstalk, IBM Bluemix and OpenShift, to identify the co-residence threat in their placement policies. We evaluate several placement variables (e.g., application type, number of the instances, time launched, data center region, etc.) to study their influence on achieving co-residence. The results show that all the three PaaS clouds are vulnerable to the co-residence threat and the application type plays an important role in achieving co-residence on container-based PaaS clouds. At last, we present an efficient launch strategy to achieve co-residence with the victim on public PaaS clouds.
ISBN:3319500104
9783319500102
ISSN:0302-9743
1611-3349
DOI:10.1007/978-3-319-50011-9_28