Cloudoscopy: Services Discovery and Topology Mapping

A. Herzberg, H. Shulman, J. Ullrich, E. Weippl:
"Cloudoscopy: Services Discovery and Topology Mapping";
Vortrag: cloud computing security workshop CCSW 2013, Berlin; 08.11.2013; in:"Fifth ACM cloud computing security workshop (CCSW 2013)", 1 (2013), ISBN: 978-1-4503-2477-9; S. 113 - 122.

[ Publication Database ]

Abstract:


We de ne and study cloudoscopy, i.e., exposing sensitive
information about the location of (victim) cloud services
and/or about the internal organisation of the cloud network,
in spite of location-hiding e orts by cloud providers.
A typical cloudoscopy attack is composed of a number of
steps: rst expose the internal IP address of a victim instance,
then measure its hop-count distance from adversarial
cloud instances, and nally test to nd a speci c instance
which is close enough to the victim (e.g., co-resident) to allow
(denial of service or side-channel) attacks. We refer to
the three steps/modules involved in such cloudoscopy attack
by the terms IP address deanonymisation, hop-count
measuring, and co-residence testing.
We present speci c methods for these three cloudoscopy
modules, and report on results of our experimental validation
on popular cloud platform providers. Our techniques
can be used for attacking (victim) servers, as well as for
benign goals, e.g., optimisation of instances placement and
communication, or comparing clouds and validating cloudprovider
placement guarantees.