Cross-Tenant Side-Channel Attacks in PaaS Clouds
作者: Yinqian Zhang , Ari Juels , Michael K. Reiter , Thomas Ristenpart
关键词:
摘要: We present a new attack framework for conducting cache-based side-channel attacks and demonstrate this in between tenants on commercial Platform-as-a-Service (PaaS) clouds. Our uses the FLUSH-RELOAD of Gullasch et al. as primitive, extends work by leveraging it within an automaton-driven strategy tracing victim's execution. leverage our first to confirm co-location then extract secrets across tenant boundaries. specifically collect potentially sensitive application data (e.g., number items shopping cart), hijack user accounts, break SAML single sign-on. To best knowledge, are granular, cross-tenant, successfully demonstrated state-of-the-art clouds, PaaS or otherwise.
core.ac.uk
acm.org 
arijuels.com 参考文章(31)
William J. Bolosky, Michael L. Scott, False sharing and its effect on shared memory performance Sedms'93 USENIX Systems on USENIX Experiences with Distributed and Multiprocessor Systems - Volume 4. pp. 3- 3 ,(1993)
Aggelos Kiayias, George Argyros, I forgot your password: randomness attacks against PHP applications usenix security symposium. pp. 6- 6 ,(2012)
Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, Berk Sunar, Wait a Minute! A fast, Cross-VM Attack on AES recent advances in intrusion detection. pp. 299- 319 ,(2014) , 10.1007/978-3-319-11379-1_15
Tibor Jager, Sebastian Schinzel, Juraj Somorovsky, Bleichenbacher’s Attack Strikes again: Breaking PKCS#1 v1.5 in XML Encryption Computer Security – ESORICS 2012. pp. 752- 769 ,(2012) , 10.1007/978-3-642-33167-1_43
Yuval Yarom, Katrina Falkner, None, FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack usenix security symposium. pp. 719- 732 ,(2014)
Dag Arne Osvik, Adi Shamir, Eran Tromer, Cache attacks and countermeasures: the case of AES the cryptographers track at the rsa conference. pp. 1- 20 ,(2006) , 10.1007/11605805_1
Laurent Mauborgne, Jan Reineke, Boris Köpf, Dominik Feld, Goran Doychev, CacheAudit: a tool for the static analysis of cache side channels usenix security symposium. pp. 431- 446 ,(2013)
Michael Neve, Jean-Pierre Seifert, Advances on access-driven cache attacks on AES international conference on selected areas in cryptography. pp. 147- 162 ,(2006) , 10.1007/978-3-540-74462-7_11
Romain Bardou, Riccardo Focardi, Yusuke Kawamoto, Lorenzo Simionato, Graham Steel, Joe-Kai Tsay, Efficient Padding Oracle Attacks on Cryptographic Hardware international cryptology conference. ,vol. 2012, pp. 608- 625 ,(2012) , 10.1007/978-3-642-32009-5_36
David Molnar, Matt Piotrowski, David Schultz, David Wagner, The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks Information Security and Cryptology - ICISC 2005. pp. 156- 168 ,(2006) , 10.1007/11734727_14