StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...

Exploring Information Leakage in Third-Party Compute Clouds - Essay Example

Cite this document
Summary
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds In the article, Hey, You, Get Off of My Cloud, written by Thomas Ristenpart, Eran Tromer, Hovav Shacham and Stefan Savage, the risk of information leakage in the Compute Clouds were discussed; case studying Amazon’s EC2 services…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.4% of users find it useful
Exploring Information Leakage in Third-Party Compute Clouds
Read Text Preview

Extract of sample "Exploring Information Leakage in Third-Party Compute Clouds"

Download file to see previous pages

In the article, using EC2 service, a ‘map’ was created to understand the potential targets that may be located inside the cloud and also for instance creation parameters, which is needed to establish the co-residence of an adversarial instance. Creation of this type of Map can provide opportunities for the adversaries to place malicious VM on the same physical machine as a target. The authors provide extensive details on how to map the Cloud. According to them, the availability zones in the Cloud are likely to correspond to different internal IP address ranges, which also may be true for instance types as well.

Thus, when the adversary maps the use of the EC2 internal address space, it can help them to find out which “IP addresses corresponds to which creation parameters.” (Ristenpart et al.). In addition, EC2’s DNS service has the provision to map public IP address to private IP address. The map thus generated can be used by the adversary to deduce the instance type and availability zones of a target service, which sizably reduces the number of instances that needs to be tried, before a co-resident placement is successfully achieved.

The authors evaluate the above discussed two vulnerable sections by using two data sets. The first data set is the one which is created by categorizing the public EC2-based web servers using external probes like WHOIS queries, and then translating the responsive public IPs to internal IPs. The second set is created by initiating a number of EC2 instances of varying types, and then surveying the resulting IP address assigned. (Ristenpart et al.). To fully utilize this data, the authors presented a heuristic algorithm, which has the ability to label /24 prefixes with an estimate of the availability zone.

Thus, by using these options, a map of internal EC2 address space is outputted, which can allow adversaries to estimate the availability zone and instance type of any target. With outputted map, the adversary can attempt to achieve placement on the same physical machine, and so in the next section of the article, the authors discuss about the several co-residence checks. According to the authors, instances are said to be co-resident, if they have matching “Dom0 IP address, small packet round-trip times, or even numerically close internal IP addresses.

” (Ristenpart et al.). After providing this crucial piece of information, the authors focus on how adversaries can achieve co-residence in the same physical machine using the outputted map, by following two strategies, the brute-force strategy and the refined strategy. Under brute-force strategy, the attacker has to simply launch many instances over a relatively long period of time. In the case of refined strategy, the attacker has to target the recently-launched instances, as the Third Party providers particularly EC2 assign fresh instances to mainly the same small set of machines.

According to the authors, the later strategy has high chances of achieving co-residence, and they provide how this strategy “achieves co-residence with a specific (m1.small) instance almost half the time.” (Ristenpart et

...Download file to see next pages Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Exploring Information Leakage in Third-Party Compute Clouds Essay”, n.d.)
Retrieved de https://studentshare.org/information-technology/1437080-hey-you-get-off-of-my-cloud-exploring-information
(Exploring Information Leakage in Third-Party Compute Clouds Essay)
https://studentshare.org/information-technology/1437080-hey-you-get-off-of-my-cloud-exploring-information.
“Exploring Information Leakage in Third-Party Compute Clouds Essay”, n.d. https://studentshare.org/information-technology/1437080-hey-you-get-off-of-my-cloud-exploring-information.
  • Cited: 0 times

CHECK THESE SAMPLES OF Exploring Information Leakage in Third-Party Compute Clouds

Cloud Computing: Security Issues and Solutions

This article "Cloud Computing: Security Issues and Solutions" discusses the developments in the area of information technology that have offered wonderful opportunities to business organizations.... hellip; The up to date tools and technologies provided by the information technology helped businesses to computerize and organize their business operations and consequently improve their business performance.... So the secret data and information of an organization are stored on the servers of that third party....
13 Pages (3250 words) Article

An Important Indicator of the Role of International Tourism

Tourism and recreation sanctioned and advised by the United Nations, World Tourism Organization, World Travel and Tourism Council, and etcetera, is a necessary goal to accomplish in the furthering of the world's economic development.... While the cause and effect are both noble, it is easier said that done. … "The World Travel & Tourism Council (WTTC) today revealed its Blueprint for New Tourism, which issues a call to action for both government and the industry to make several long-term commitments to ensure the prosperity of Travel & Tourism - one of the world's largest industries, responsible for 200 million jobs and over 10% of global GDP" (Tarsh 2003). The relevance of this Blueprint for New Tourism is very significant in the struggle to boost tourism and recreation, which in effect boosts the jobs and economies of many nations across the globe....
10 Pages (2500 words) Essay

Logistics Management: Smart Car

This case study deals with the revolutionary supply chain concept of the SMART car, which made people sit up and take notice not just because of its size and features, but because it was a trendsetter in its production plant setup and manufacturing characteristics.... hellip; As the paper declares, originally the brainchild of Nicolas Hayek, the creator of Swatch, the Swiss watch manufacturer, and Mercedes-Benz, the idea was to produce a small car that was as ecologically sound as possible....
19 Pages (4750 words) Essay

Cloud Storage as a Means for the US Government to Store Data under Various Security Designations

Ergo the state needs to overhaul its information security infrastructure.... Assets of valueThere are various designations for information security in the United States under which different Assets of value in document and media content are filed so as to differentiate them based on the level of security-related information they contain.... One common designation is the Sensitive But Unclassified (SBU), this is a broad category that compromises of information with sub designations such as For official use only (FOUO) or Law enforcement Sensitive as and homeland security data among In addition the SBU also covers IRS inflation such as enforcement procedures, individual Tax records others (U....
14 Pages (3500 words) Case Study

The Role of Internet-Enabled Platforms for Entrepreneurial Firms

The essay "The Role of Internet-Enabled Platforms for Entrepreneurial Firms" highlights the implications of using internet-based services as well as other technological means for managing information resources in the business.... In the words of Mitchell et al rapid development in information and communications technology has brought upon the transformation of the business firms.... The paper highlights the implications of using internet-based services as well as other technological means for managing information resources in the business....
10 Pages (2500 words) Essay

Internet Security - Privacy in Context

hellip; The advance of innovations in telecommunication has resulted to increase in sharing of information via the internet (Nunziato, 2009).... This exchange of information involves clients, internet providers, and website owners at different levels.... he advance of innovations in telecommunication has resulted to increase in sharing of information via the internet (Nunziato, 2009).... This exchange of information involves clients, internet providers, and website owners at different levels....
11 Pages (2750 words) Essay

The Companys Vulnerability of Information Leakages in BioMed Devices

… The paper "The Company's Vulnerability of information Leakages in BioMed Devices" is a worthy example of a case study on information technology.... nbsp;It has come to attention that BioMed Company is under threat of information insecurity.... This is after some rumors about the information that leaked out from the company about BioMed Devices' electronic implantable communications new product design.... The paper "The Company's Vulnerability of information Leakages in BioMed Devices" is a worthy example of a case study on information technology....
12 Pages (3000 words) Case Study

The InnoSensors Technology Company

… The paper "information Security: InnoSensors Technology Company" is a worthy example of a case study on information technology.... nbsp;This research is about information security and specifically narrows down to the InnoSensors technology company that is about to launch a new health monitoring device and the aim of the research is to develop a security mechanism that is appropriate for the company.... The paper "information Security: InnoSensors Technology Company" is a worthy example of a case study on information technology....
12 Pages (3000 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us