Leveraging Network Flow Watermarking for Co-residency Detection in the Cloud

Project Details

Project Lead
Masoud Valafar 
Project Manager
Masoud Valafar 
Supporting Experts
Univeristy of Oregon, Computer and Information Science  
Computer Science (401) 
11.07 Computer Science 


Third party cloud computing allows for organizations to outsource their computation.Leveraging economies of scale, cloud providers are able to instantiate virtual machines (VMs) of various capacities such that clients pay only for the computing power that they need. Although virtualization is the cornerstone of the developing compute cloud industry, it also presents a variety of security challenges. Chief among these is the issue of co-residency; sensitive data for one customer shares physical resources with instances of other, potentially malicious, customers. Various methods of detecting and exploiting co-residency have been discovered, often involving the abuse of imperfect virtualization. In this project, we study vulnerabilities of virtualization in separating resources allocated to different instances. Specifically, we focus on the network interface card and investigate how network flows affect each others. Furthermore, we analyze our techniques in mitigating this affect and improving resource isolation in cloud instances. Our methodology will not compromise the privacy or usability of other users in any way. We are concerned exclusively with the two instances that we hope to launch on your service.

Intellectual Merit

Our work is primarily based on the nature of virtualization middleware. Most virtualization systems rely on the use of a hypervisor to mediate and virtualize access to underlying physical resources. Our investigation of virtual network modules requires that we conduct an evaluation of a variety of hypervisors under different network conditions. Another related area is network flow watermarking. Watermarking injects intentional and meaningful packet delay into a target network flow. The intent is for this pattern of delay to persist through a network route. Later in the path, the watermark can be read in order to compromise a user's anonymity. Demonstrations of network flow watermarking have been able to detect stepping stone (relay) attacks as well as break anonymity services such as Tor. We are investigating the extent to which watermarking is possible from the position of a co-resident virtual machine.

Broader Impacts

A new form of industry, cloud computing, rests entirely on the trust that physical resources can be safely multiplexed and shared between unknown and untrusted parties. Previous work has demonstrated that this trust is occasionally misplaced. The continued viability of this business model requires a thorough vulnerability analysis that includes the investigation of side channels and the possible reduction of attack surface. For our work in particular, we intend to challenge the assumption that "terrestrial" computing hardware can be used to create a secure cloud infrastructure. In doing so we hope to promote the use of virtualization-aware devices and create a safer and more secure cloud computing model.

Scale of Use

A few VMs for an experiment.