Abstract: By deploying virtual machines (VMs) on shared infrastructure in the cloud, users gain flexibility, increase scalability, and decrease their operational costs compared to on-premise infrastructure. However, a cloud environment introduces new vulnerabilities, particularly from untrusted users sharing the same physical hardware. In 2009, Ristenpart et al. demonstrated that an attacker could place a VM on the same physical hardware and extract confidential information from a target using a side-channel attack. We replicated this seminal work on cloud cartography and network-based co-residency tests on Amazon Web Services (AWS) and OpenStack cloud infrastructures. Although the AWS Elastic Compute Cloud (EC2) cloud cartography remains similar to prior work, current mitigations deter the network-based co-residency tests. OpenStack's cloud cartography differs from AWS EC2's, and we found that OpenStack was vulnerable to one network-based co-residency test. Our results indicate that co-residency threats remain a concern more than a decade after their initial description.
Authors: Sanchay Gupta and Robert Miceli (Johns Hopkins University, USA); Joel Coffman (United States Air Force Academy & Johns Hopkins University, USA)
Email: sgupta72@jh.edu, rmiceli3@jh.edu, joel.coffman@jhu.edu