SlideShare uma empresa Scribd logo

How to detect side channel attacks in cloud infrastructures

Transferir como PPTX, PDF
Pasquale Puzio
Pasquale Puzio

http://www.secludit.com We integrated Elastic Detector, which is SecludIT's product, with OSSIM in order to detect side-channel attacks occurring in cloud infrastructures. Elastic Detector takes care of solving the cloud elasticity issue, collecting security-relevant logs and forwarding (rsyslog) them to OSSIM where the correlation takes place (thanks to our plugin). DEMO showed at the RaSIEM workshop (ARES conference) in Regensburg, Germany.

TecnologiaNegócios
1 de 29
Elastic SIEM to detect side-channel attacks in Cloud Infrastructures Pasquale Puzio SecludIT & EURECOM pasquale@secludit.com Joint work with: Refik Molva (EURECOM) Sergio Loureiro (SecludIT) University of Regensburg, Germany September 4th
Agenda • Cloud Computing and new security challenges • Elasticity and Elastic Detector • Multi-tenancy and side-channel attacks • Co-residency checks • Solution to detect side-channel attacks • DEMO 2
Cloud Computing • Not just virtualization • On demand provisioning • Pay-per-use • Elasticity & Multi-tenancy • Infrastructure as a Service (IaaS): virtual machines & storage • Platform as a Service (PaaS): IaaS + dev environment • Software as a Service (SaaS): on-demand software 3
IaaS: Infrastructure as a Service • Users manage their own infrastructure through a web browser or API • IaaS cloud providers supply resources from large data centers • Virtual machines, storage, firewalls, load balancers, IP addresses, VLANs, software bundles, etc. • Users install operating-system images on the cloud infrastructure 4
New advantage of IaaS: Elasticity 5
Solution to Elasticity: Elastic Detector • Security must be global, automatic and constant: ELASTIC • Continuous analysis at every level: firewalls, servers, applications and data • Periodic analysis of servers by isolating and analyzing clones • EVA: Elastic Vulnerability Assessment 6
7
New security challenge of IaaS: Multi-tenancy CLOUD PROVIDER VIRTUAL MACHINES VIRTUAL MACHINES TENANT 1 TENANT 2 TENANT 3 8
Side-Channel Attacks in IaaS • An attacker takes advantage of a shared physical component in order to steal information from the victim • Any co-resident user can perpetrate a side-channel attack • Hypervisors enforce logical isolation, but it is not sufficient 9 CLOUD PROVIDER VIRTUAL MACHINES VICTIM ATTACKER
Access-driven Side-channel Attacks • The co-resident attacker observes the activity of the processor cache to steal an ElGamal decryption key from a victim using the libgcrypt library. • How it works: – PRIME: fill the processor cache; – IDLE: wait for a pseudo-random interval. During this interval the victim is supposed to access the cache and change the content of some blocks; – PROBE: resume the execution and refill the cache. Measure the delay to learn the activity of the victim. • Measurements will be analyzed to infer the encryption key. • Measurements are converted to basic operations. • The attacker obtains a relatively small set of encryption keys which can be used to perform a brute-force attack. Yinqian Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. 2012. Cross-VM side channels and their use to extract private keys. In Proceedings of the 2012 ACM conference on Computer and communications security (CCS '12). ACM, New York, NY, USA, 305-316. DOI=10.1145/2382196.2382230 http://doi.acm.org/10.1145/2382196.2382230 10
Access-driven Side-channel Attacks 11 CLOUD PROVIDER VIRTUAL MACHINES VICTIM ATTACKER ATTACKER 1 FILL 2 WAIT 4 REFILL VICTIM … 3 EXECUTE … 1 4 3
Our Work: Side-channel Attack Detection • We developed a Python script which uses AWS APIs in order to launch and terminate a set of virtual machines in a given region • This is exactly what an attacker would do • We detect the attack before it is performed: best for security 12 Placement Co- residency check Side- channel Attack Log collection Correlation
Our Work: Side-channel Attack Detection 13 Placement Co- residency check Side- channel Attack Log collection Correlation
Co-residency Check on Amazon EC2 3 simple checks to determine co-residency: • matching Dom0 IP address • small packet round-trip times • numerically close internal IP addresses (e.g. within 7). The Dom0 IP co-residency check has an effective false positive rate of zero. TCP SYN traceroute to determine victim’s Dom0 IP. Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security (CCS '09). ACM, New York, NY, USA, 199-212. DOI=10.1145/1653662.1653687 http://doi.acm.org/10.1145/1653662.1653687 14
Co-residency Check on Amazon EC2 15
Solution Architecture 16
OSSIM • Open source tool for SIEM by Alien Vault • OSSIM provides several features such as event collection, normalization, and correlation. • Widely adopted (more than 195.000 users in 175 countries) • Easily expandable with custom plugins 17
Integration between Elastic Detector and OSSIM CLOUD PROVIDER VIRTUAL MACHINES VIRTUAL MACHINES ATTACKER’S VMs VICTIM’S VM USERS’ VMs Instance created … Instance terminated 18
Our Work: Side-channel Attack Detection 19 Placement Co- residency check Side- channel Attack Log collection Correlation
Our Work: Side-channel Attack Detection 20 Placement Co- residency check Side- channel Attack Log collection Correlation
Our Work: Plugin for Parsing Remote Logs • Nagios logs forwarded to OSSIM need to be parsed and converted to events • Logs are filtered by defining a regular expression for each event LOG: Aug 19 15:51:32 debian-secludit nagios3: SERVICE NOTIFICATION: event@551;72-us-east-1;722;notify-service-by-cloutomate;Found new Instance: i-f0ad689c REGULAR EXPRESSION: ^(?P<date>w{3}sd{1,2}sdd:dd:dd)sdebian- secluditsnagios3:sSERVICEsNOTIFICATION:sevent@d{3};(?P<account>d {2,3})-(?P<region>w{2}-w{4,9}-d);d{3};notify-service-by- cloutomate;FoundsnewsInstance:s(?P<instanceid>i-[a-z,0-9]{8})$ 21 Account Region Instance id
Our Work: Side-channel Attack Detection 22 Placement Co- residency check Side- channel Attack Log collection Correlation
Our Work: Side-channel Attack Detection • Logs have been delivered to OSSIM and converted to events • We now have to define a correlation rule to detect the side-channel attack 23
Our Work: Results 24
DEMO • 10 t1.micro virtual machines on Amazon EC2 • Virtual machines are launched in a very short time • All virtual machines are terminated after 5 minutes (after the co-residency check) 25
DEMO Enjoy!
About SecludIT • Founded by security experts together with EURECOM, a French research institute in telecom and network security, SecludIT has developed Elastic Security, a set of products and services specifically designed to help cloud infrastructure providers and users to safely migrate to the cloud. • SecludIT has become a recognized industry player, one of the Cloud Security Alliance founders and active member, co-author of security best practices V2.1 https://cloudsecurityalliance.org/research/security-guidance/#_v2. SecludIT is a technology partner of Amazon Web Services, HP Cloud, VMware and Eucalyptus. • Website: http://www.secludit.com • Blog: http://www.elastic-security.com 27
THANK YOU Questions?
OSSIM: Correlation directives 29

Recomendados

Detecting virtual machine co residency in cloud computing with active traffic...
Detecting virtual machine co residency in cloud computing with active traffic...Detecting virtual machine co residency in cloud computing with active traffic...
Detecting virtual machine co residency in cloud computing with active traffic...James A. Savage
 
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisApplied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisOW2
 
Cisco Cloud Networking Workshop
Cisco Cloud Networking Workshop Cisco Cloud Networking Workshop
Cisco Cloud Networking Workshop Cisco Canada
 
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...Altoros
 
XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...
XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...
XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...The Linux Foundation
 
Docker and kernel security
Docker and kernel securityDocker and kernel security
Docker and kernel securitysmart_bit
 
LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...
LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...
LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...The Linux Foundation
 
From Zero to Hero: Continuous Container Security in 4 Simple Steps
From Zero to Hero: Continuous Container Security in 4 Simple StepsFrom Zero to Hero: Continuous Container Security in 4 Simple Steps
From Zero to Hero: Continuous Container Security in 4 Simple StepsDevOps.com
 

Recomendados

Detecting virtual machine co residency in cloud computing with active traffic...
Detecting virtual machine co residency in cloud computing with active traffic...Detecting virtual machine co residency in cloud computing with active traffic...
Detecting virtual machine co residency in cloud computing with active traffic...James A. Savage
 
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisApplied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisOW2
 
Cisco Cloud Networking Workshop
Cisco Cloud Networking Workshop Cisco Cloud Networking Workshop
Cisco Cloud Networking Workshop Cisco Canada
 
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...Altoros
 
XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...
XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...
XPDDS17: Hypervisor-Based Security: Bringing Virtualized Exceptions Into the ...The Linux Foundation
 
Docker and kernel security
Docker and kernel securityDocker and kernel security
Docker and kernel securitysmart_bit
 
LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...
LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...
LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...The Linux Foundation
 
From Zero to Hero: Continuous Container Security in 4 Simple Steps
From Zero to Hero: Continuous Container Security in 4 Simple StepsFrom Zero to Hero: Continuous Container Security in 4 Simple Steps
From Zero to Hero: Continuous Container Security in 4 Simple StepsDevOps.com
 
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
 
CyberSEED: Virtual Machine Introspection to Detect and Protect
CyberSEED: Virtual Machine Introspection to Detect and ProtectCyberSEED: Virtual Machine Introspection to Detect and Protect
CyberSEED: Virtual Machine Introspection to Detect and ProtectTamas K Lengyel
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld
 
Cloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCarlos Andrés García
 
Microservices: A Security Nightmare?
Microservices: A Security Nightmare?Microservices: A Security Nightmare?
Microservices: A Security Nightmare?Container Solutions
 
XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016The Linux Foundation
 
Metrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMetrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMadhuri Yechuri
 
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Winston Morton
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
 
The Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXThe Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXScott Lowe
 
Microservices in Unikernels
Microservices in UnikernelsMicroservices in Unikernels
Microservices in UnikernelsMadhuri Yechuri
 
Using NetScaler Insight to Troubleshoot Network and Server Performance Issues
Using NetScaler Insight to Troubleshoot Network and Server Performance IssuesUsing NetScaler Insight to Troubleshoot Network and Server Performance Issues
Using NetScaler Insight to Troubleshoot Network and Server Performance IssuesDavid McGeough
 
Unikernels and Cloud Computing
Unikernels and Cloud ComputingUnikernels and Cloud Computing
Unikernels and Cloud ComputingSKORDEMIR
 
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...BlueHat Security Conference
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat Security Conference
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSXScott Lowe
 
Csw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnologyCsw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnologyCanSecWest
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
 
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...The Linux Foundation
 
Sécurité du Stockage Cloud
Sécurité du Stockage CloudSécurité du Stockage Cloud
Sécurité du Stockage CloudPasquale Puzio
 
Side Channel Analysis: Practice and a Bit of Theory
Side Channel Analysis: Practice and a Bit of TheorySide Channel Analysis: Practice and a Bit of Theory
Side Channel Analysis: Practice and a Bit of TheoryPositive Hack Days
 

Mais conteúdo relacionado

Mais procurados

Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
 
CyberSEED: Virtual Machine Introspection to Detect and Protect
CyberSEED: Virtual Machine Introspection to Detect and ProtectCyberSEED: Virtual Machine Introspection to Detect and Protect
CyberSEED: Virtual Machine Introspection to Detect and ProtectTamas K Lengyel
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld
 
Cloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCarlos Andrés García
 
Microservices: A Security Nightmare?
Microservices: A Security Nightmare?Microservices: A Security Nightmare?
Microservices: A Security Nightmare?Container Solutions
 
XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016The Linux Foundation
 
Metrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMetrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMadhuri Yechuri
 
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Winston Morton
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
 
The Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXThe Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXScott Lowe
 
Microservices in Unikernels
Microservices in UnikernelsMicroservices in Unikernels
Microservices in UnikernelsMadhuri Yechuri
 
Using NetScaler Insight to Troubleshoot Network and Server Performance Issues
Using NetScaler Insight to Troubleshoot Network and Server Performance IssuesUsing NetScaler Insight to Troubleshoot Network and Server Performance Issues
Using NetScaler Insight to Troubleshoot Network and Server Performance IssuesDavid McGeough
 
Unikernels and Cloud Computing
Unikernels and Cloud ComputingUnikernels and Cloud Computing
Unikernels and Cloud ComputingSKORDEMIR
 
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...BlueHat Security Conference
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat Security Conference
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSXScott Lowe
 
Csw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnologyCsw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnologyCanSecWest
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
 
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...The Linux Foundation
 

Mais procurados (20)

Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
 
CyberSEED: Virtual Machine Introspection to Detect and Protect
CyberSEED: Virtual Machine Introspection to Detect and ProtectCyberSEED: Virtual Machine Introspection to Detect and Protect
CyberSEED: Virtual Machine Introspection to Detect and Protect
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSX
 
Cloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New Reality
 
Microservices: A Security Nightmare?
Microservices: A Security Nightmare?Microservices: A Security Nightmare?
Microservices: A Security Nightmare?
 
XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016
 
Metrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMetrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernels
 
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
 
The Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXThe Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSX
 
Microservices in Unikernels
Microservices in UnikernelsMicroservices in Unikernels
Microservices in Unikernels
 
Using NetScaler Insight to Troubleshoot Network and Server Performance Issues
Using NetScaler Insight to Troubleshoot Network and Server Performance IssuesUsing NetScaler Insight to Troubleshoot Network and Server Performance Issues
Using NetScaler Insight to Troubleshoot Network and Server Performance Issues
 
Unikernels and Cloud Computing
Unikernels and Cloud ComputingUnikernels and Cloud Computing
Unikernels and Cloud Computing
 
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep dive
 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSX
 
Csw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnologyCsw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnology
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX
 
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
 

Destaque

Sécurité du Stockage Cloud
Sécurité du Stockage CloudSécurité du Stockage Cloud
Sécurité du Stockage CloudPasquale Puzio
 
Side Channel Analysis: Practice and a Bit of Theory
Side Channel Analysis: Practice and a Bit of TheorySide Channel Analysis: Practice and a Bit of Theory
Side Channel Analysis: Practice and a Bit of TheoryPositive Hack Days
 
[DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage
[DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage[DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage
[DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud StoragePasquale Puzio
 
Timing attacks have never been so practical: Advance cross site search attacks
Timing attacks have never been so practical: Advance cross site search attacksTiming attacks have never been so practical: Advance cross site search attacks
Timing attacks have never been so practical: Advance cross site search attacksPriyanka Aash
 
Tech Talks @NSU: Side Channel Attacks
Tech Talks @NSU: Side Channel AttacksTech Talks @NSU: Side Channel Attacks
Tech Talks @NSU: Side Channel AttacksTech Talks @NSU
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1Lancope, Inc.
 
LF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and FuturesLF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and FuturesThe Linux Foundation
 

Destaque (10)

Sécurité du Stockage Cloud
Sécurité du Stockage CloudSécurité du Stockage Cloud
Sécurité du Stockage Cloud
 
Side Channel Analysis: Practice and a Bit of Theory
Side Channel Analysis: Practice and a Bit of TheorySide Channel Analysis: Practice and a Bit of Theory
Side Channel Analysis: Practice and a Bit of Theory
 
[DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage
[DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage[DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage
[DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage
 
Timing attacks have never been so practical: Advance cross site search attacks
Timing attacks have never been so practical: Advance cross site search attacksTiming attacks have never been so practical: Advance cross site search attacks
Timing attacks have never been so practical: Advance cross site search attacks
 
Tech Talks @NSU: Side Channel Attacks
Tech Talks @NSU: Side Channel AttacksTech Talks @NSU: Side Channel Attacks
Tech Talks @NSU: Side Channel Attacks
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1
 
Chapter 7 Use Case Model
Chapter 7 Use Case ModelChapter 7 Use Case Model
Chapter 7 Use Case Model
 
Rsa Algorithm
Rsa AlgorithmRsa Algorithm
Rsa Algorithm
 
LF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and FuturesLF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and Futures
 
Performance Tuning Xen
Performance Tuning XenPerformance Tuning Xen
Performance Tuning Xen
 

Semelhante a How to detect side channel attacks in cloud infrastructures

Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliveryBlack Duck by Synopsys
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliveryTim Mackey
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
 
Using Ansible Tower to implement security policies and telemetry streaming fo...
Using Ansible Tower to implement security policies and telemetry streaming fo...Using Ansible Tower to implement security policies and telemetry streaming fo...
Using Ansible Tower to implement security policies and telemetry streaming fo...Joel W. King
 
Automating Network Firewall Rule Creation using Powershell and CI/CD
Automating Network Firewall Rule Creation using Powershell and CI/CDAutomating Network Firewall Rule Creation using Powershell and CI/CD
Automating Network Firewall Rule Creation using Powershell and CI/CDNills Franssens
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...Amazon Web Services
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementTim Mackey
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementBlack Duck by Synopsys
 
Introduction to Cloud Security.pptx
Introduction to Cloud Security.pptxIntroduction to Cloud Security.pptx
Introduction to Cloud Security.pptxssuser0fc2211
 
Securing Microservices in Containerized Environments
Securing Microservices in Containerized Environments Securing Microservices in Containerized Environments
Securing Microservices in Containerized Environments DevOps.com
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
Executive Briefing: The Why, What, and Where of Containers
Executive Briefing: The Why, What, and Where of ContainersExecutive Briefing: The Why, What, and Where of Containers
Executive Briefing: The Why, What, and Where of ContainersNVISIA
 
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...OpenWhisk
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Black Duck by Synopsys
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Tim Mackey
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
 
Empower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMEmpower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMElasticsearch
 
Cloud-Native Security
Cloud-Native SecurityCloud-Native Security
Cloud-Native SecurityVMware Tanzu
 
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...Patrick Chanezon
 

Semelhante a How to detect side channel attacks in cloud infrastructures (20)

Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
Using Ansible Tower to implement security policies and telemetry streaming fo...
Using Ansible Tower to implement security policies and telemetry streaming fo...Using Ansible Tower to implement security policies and telemetry streaming fo...
Using Ansible Tower to implement security policies and telemetry streaming fo...
 
Automating Network Firewall Rule Creation using Powershell and CI/CD
Automating Network Firewall Rule Creation using Powershell and CI/CDAutomating Network Firewall Rule Creation using Powershell and CI/CD
Automating Network Firewall Rule Creation using Powershell and CI/CD
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
 
Introduction to Cloud Security.pptx
Introduction to Cloud Security.pptxIntroduction to Cloud Security.pptx
Introduction to Cloud Security.pptx
 
Securing Microservices in Containerized Environments
Securing Microservices in Containerized Environments Securing Microservices in Containerized Environments
Securing Microservices in Containerized Environments
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
Executive Briefing: The Why, What, and Where of Containers
Executive Briefing: The Why, What, and Where of ContainersExecutive Briefing: The Why, What, and Where of Containers
Executive Briefing: The Why, What, and Where of Containers
 
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
 
Empower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMEmpower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEM
 
Seminar
SeminarSeminar
Seminar
 
Cloud-Native Security
Cloud-Native SecurityCloud-Native Security
Cloud-Native Security
 
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...
 

Último

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Último (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

How to detect side channel attacks in cloud infrastructures

  • 1. Elastic SIEM to detect side-channel attacks in Cloud Infrastructures Pasquale Puzio SecludIT & EURECOM pasquale@secludit.com Joint work with: Refik Molva (EURECOM) Sergio Loureiro (SecludIT) University of Regensburg, Germany September 4th
  • 2. Agenda • Cloud Computing and new security challenges • Elasticity and Elastic Detector • Multi-tenancy and side-channel attacks • Co-residency checks • Solution to detect side-channel attacks • DEMO 2
  • 3. Cloud Computing • Not just virtualization • On demand provisioning • Pay-per-use • Elasticity & Multi-tenancy • Infrastructure as a Service (IaaS): virtual machines & storage • Platform as a Service (PaaS): IaaS + dev environment • Software as a Service (SaaS): on-demand software 3
  • 4. IaaS: Infrastructure as a Service • Users manage their own infrastructure through a web browser or API • IaaS cloud providers supply resources from large data centers • Virtual machines, storage, firewalls, load balancers, IP addresses, VLANs, software bundles, etc. • Users install operating-system images on the cloud infrastructure 4
  • 5. New advantage of IaaS: Elasticity 5
  • 6. Solution to Elasticity: Elastic Detector • Security must be global, automatic and constant: ELASTIC • Continuous analysis at every level: firewalls, servers, applications and data • Periodic analysis of servers by isolating and analyzing clones • EVA: Elastic Vulnerability Assessment 6
  • 7. 7
  • 8. New security challenge of IaaS: Multi-tenancy CLOUD PROVIDER VIRTUAL MACHINES VIRTUAL MACHINES TENANT 1 TENANT 2 TENANT 3 8
  • 9. Side-Channel Attacks in IaaS • An attacker takes advantage of a shared physical component in order to steal information from the victim • Any co-resident user can perpetrate a side-channel attack • Hypervisors enforce logical isolation, but it is not sufficient 9 CLOUD PROVIDER VIRTUAL MACHINES VICTIM ATTACKER
  • 10. Access-driven Side-channel Attacks • The co-resident attacker observes the activity of the processor cache to steal an ElGamal decryption key from a victim using the libgcrypt library. • How it works: – PRIME: fill the processor cache; – IDLE: wait for a pseudo-random interval. During this interval the victim is supposed to access the cache and change the content of some blocks; – PROBE: resume the execution and refill the cache. Measure the delay to learn the activity of the victim. • Measurements will be analyzed to infer the encryption key. • Measurements are converted to basic operations. • The attacker obtains a relatively small set of encryption keys which can be used to perform a brute-force attack. Yinqian Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. 2012. Cross-VM side channels and their use to extract private keys. In Proceedings of the 2012 ACM conference on Computer and communications security (CCS '12). ACM, New York, NY, USA, 305-316. DOI=10.1145/2382196.2382230 http://doi.acm.org/10.1145/2382196.2382230 10
  • 11. Access-driven Side-channel Attacks 11 CLOUD PROVIDER VIRTUAL MACHINES VICTIM ATTACKER ATTACKER 1 FILL 2 WAIT 4 REFILL VICTIM … 3 EXECUTE … 1 4 3
  • 12. Our Work: Side-channel Attack Detection • We developed a Python script which uses AWS APIs in order to launch and terminate a set of virtual machines in a given region • This is exactly what an attacker would do • We detect the attack before it is performed: best for security 12 Placement Co- residency check Side- channel Attack Log collection Correlation
  • 13. Our Work: Side-channel Attack Detection 13 Placement Co- residency check Side- channel Attack Log collection Correlation
  • 14. Co-residency Check on Amazon EC2 3 simple checks to determine co-residency: • matching Dom0 IP address • small packet round-trip times • numerically close internal IP addresses (e.g. within 7). The Dom0 IP co-residency check has an effective false positive rate of zero. TCP SYN traceroute to determine victim’s Dom0 IP. Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security (CCS '09). ACM, New York, NY, USA, 199-212. DOI=10.1145/1653662.1653687 http://doi.acm.org/10.1145/1653662.1653687 14
  • 15. Co-residency Check on Amazon EC2 15
  • 17. OSSIM • Open source tool for SIEM by Alien Vault • OSSIM provides several features such as event collection, normalization, and correlation. • Widely adopted (more than 195.000 users in 175 countries) • Easily expandable with custom plugins 17
  • 18. Integration between Elastic Detector and OSSIM CLOUD PROVIDER VIRTUAL MACHINES VIRTUAL MACHINES ATTACKER’S VMs VICTIM’S VM USERS’ VMs Instance created … Instance terminated 18
  • 19. Our Work: Side-channel Attack Detection 19 Placement Co- residency check Side- channel Attack Log collection Correlation
  • 20. Our Work: Side-channel Attack Detection 20 Placement Co- residency check Side- channel Attack Log collection Correlation
  • 21. Our Work: Plugin for Parsing Remote Logs • Nagios logs forwarded to OSSIM need to be parsed and converted to events • Logs are filtered by defining a regular expression for each event LOG: Aug 19 15:51:32 debian-secludit nagios3: SERVICE NOTIFICATION: event@551;72-us-east-1;722;notify-service-by-cloutomate;Found new Instance: i-f0ad689c REGULAR EXPRESSION: ^(?P<date>w{3}sd{1,2}sdd:dd:dd)sdebian- secluditsnagios3:sSERVICEsNOTIFICATION:sevent@d{3};(?P<account>d {2,3})-(?P<region>w{2}-w{4,9}-d);d{3};notify-service-by- cloutomate;FoundsnewsInstance:s(?P<instanceid>i-[a-z,0-9]{8})$ 21 Account Region Instance id
  • 22. Our Work: Side-channel Attack Detection 22 Placement Co- residency check Side- channel Attack Log collection Correlation
  • 23. Our Work: Side-channel Attack Detection • Logs have been delivered to OSSIM and converted to events • We now have to define a correlation rule to detect the side-channel attack 23
  • 25. DEMO • 10 t1.micro virtual machines on Amazon EC2 • Virtual machines are launched in a very short time • All virtual machines are terminated after 5 minutes (after the co-residency check) 25
  • 27. About SecludIT • Founded by security experts together with EURECOM, a French research institute in telecom and network security, SecludIT has developed Elastic Security, a set of products and services specifically designed to help cloud infrastructure providers and users to safely migrate to the cloud. • SecludIT has become a recognized industry player, one of the Cloud Security Alliance founders and active member, co-author of security best practices V2.1 https://cloudsecurityalliance.org/research/security-guidance/#_v2. SecludIT is a technology partner of Amazon Web Services, HP Cloud, VMware and Eucalyptus. • Website: http://www.secludit.com • Blog: http://www.elastic-security.com 27

Notas do Editor

  1. First of all we have to remember that virtualization is part of Cloud Computing but Cloud Computing is not just virtualization.What makes Cloud Computing interesting is the ability of providing resources on demand and adapting the configuration to current needs.One of the most important benefits is elasticity, which means that we can easily scale up/down and change the configuration very fast.
  2. A side-channel attack can also be used to make competitor’s services unavailable (DoS)