Cloud Confidentiality The confidentiality of the cloud, or a system, can be guaranteed only under the condition that it is able to prevent unauthorized access. Zhifeng et al. (2013) states that within cloud environments, confidentiality implies that a customer’s data and computation tasks are to be kept confidential from both the cloud provider and other customers. Confidentiality remains as one of the greatest concerns with regard to cloud computing. This is largely due to the fact that customers outsource their data and computation tasks on cloud servers, which are controlled and managed by potentially untrustworthy cloud providers [1.x].
A. Threats to Cloud Computing Confidentiality
1) Cross-VM Attack via Side Channels: This form of
…show more content…
This step begins with attempting to determine the location of a target and to obtain some evidence of possible co-residence (multi-tenancy). The first part of locating the target can be accomplished by simple network tools. In the case of Amazon EC2, the existence of many machines used for its cloud system to be numerous, thus mapping its systems may save time in confirming co-residency. Mapping the provider consists of using TCP connect probes, which simply try to connect on a port such as 80, followed by a wget to confirm the existence of an instance. After confirming a number of in-use cloud addresses, confirming the existence of co-residence simply involves creating VM’s and testing whether or not they are located on the same machine as one identified by the mapping. For this, network tools such as ping or traceroute can be utilized. When a VM sends traffic out, its first hop is likely the physical machine and with this the IP address obtained and can be used as a comparison against obtained active IP addresses. Other methods include using the round-trip time of a packet, or numerically close internal IP addresses. This method of co-residency check is also used to obtain the result of having the malicious VM on the same physical machine as the target, by brute-force.
Once placement is confirmed, the next step is extraction of information via side channels. Due to the physical resources of the system being shared as part of