Risks:
1. Customers must trust their cloud providers to respect the privacy of their data and the integrity of their computations.
2. Cloud infrastructures can also introduce non-obvious threats from other customers due to the subtleties of how physical resources can be transparently shared between virtual machines.
For 1, 無解。這是信用問題。信用問題不解決,什麼都不用談了。
For 2, require two main steps: placement and extraction.
Placement refers to the adversary arranging to place their malicious VM on the same physical machine as that of a target customer.
Extraction refers to extract confidential information via a cross-VM attack.
問題思考:
1. Can one determine where in the cloud infrastructure an instance is located?
2. Can one easily determine if two instances are co-resident on the same physical machine?
3. Can an adversary launch instances that will be co-resident with other user’s instances?
4. Can an adversary exploit cross-VM information leakage once co-resident?
結論:
1. Cloud providers may obfuscate both the internal structure of their services and the placement policy to complicate an adversary’s attempts to place a VM on the same physical machine as its target.
2. One may focus on the side-channel vulnerabilities themselves and employ
blinding techniques to minimize the information that can be leaked.
3. RightGrid architecture: RightGrid.
沒有留言:
張貼留言