DoS attacks on your memory in the cloud

Tianwei Zhang, Yinqian Zhang, Ruby B. Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

42 Scopus citations

Abstract

In cloud computing, network Denial of Service (DoS) at- tacks are well studied and defenses have been implemented, but severe DoS attacks on a victim's working memory by a single hostile VM are not well understood. Memory DoS attacks are Denial of Service (or Degradation of Service) at- tacks caused by contention for hardware memory resources on a cloud server. Despite the strong memory isolation tech- niques for virtual machines (VMs) enforced by the software virtualization layer in cloud servers, the underlying hard- ware memory layers are still shared by the VMs and can be exploited by a clever attacker in a hostile VM co-located on the same server as the victim VM, denying the victim the working memory he needs. We first show quantitatively the severity of contention on different memory resources. We then show that a malicious cloud customer can mount low- cost attacks to cause severe performance degradation for a Hadoop distributed application, and 38× delay in response time for an E-commerce website in the Amazon EC2 cloud. Then, we design an effective, new defense against these memory DoS attacks, using a statistical metric to detect their existence and execution throttling to mitigate the at- tack damage. We achieve this by a novel re-purposing of existing hardware performance counters and duty cycle mod- ulation for security, rather than for improving performance or power consumption. We implement a full prototype on the OpenStack cloud system. Our evaluations show that this defense system can effectively defeat memory DoS attacks with negligible performance overhead.

Original languageEnglish (US)
Title of host publicationASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery, Inc
Pages253-265
Number of pages13
ISBN (Electronic)9781450349444
DOIs
StatePublished - Apr 2 2017
Event2017 ACM Asia Conference on Computer and Communications Security, ASIA CCS 2017 - Abu Dhabi, United Arab Emirates
Duration: Apr 2 2017Apr 6 2017

Publication series

NameASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security

Other

Other2017 ACM Asia Conference on Computer and Communications Security, ASIA CCS 2017
Country/TerritoryUnited Arab Emirates
CityAbu Dhabi
Period4/2/174/6/17

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Information Systems
  • Computer Networks and Communications
  • Software

Fingerprint

Dive into the research topics of 'DoS attacks on your memory in the cloud'. Together they form a unique fingerprint.

Cite this