Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Diagnosing performance overheads in the xen virtual machine environment
Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments
Computer Architecture, Fourth Edition: A Quantitative Approach
Computer Architecture, Fourth Edition: A Quantitative Approach
Optimizing network virtualization in Xen
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
Characterization of network processing overheads in Xen
VTDC '06 Proceedings of the 2nd International Workshop on Virtualization Technology in Distributed Computing
Concurrent Direct Network Access for Virtual Machine Monitors
HPCA '07 Proceedings of the 2007 IEEE 13th International Symposium on High Performance Computer Architecture
Scheduling I/O in virtual machine monitors
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Characterization & analysis of a server consolidation benchmark
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Protection strategies for direct access to virtualized I/O devices
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Bridging the gap between software and hardware techniques for I/O virtualization
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Profiling and modeling resource usage of virtualized applications
Proceedings of the 9th ACM/IFIP/USENIX International Conference on Middleware
Achieving 10 Gb/s using safe and transparent network interface virtualization
Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Enforcing performance isolation across virtual machines in Xen
Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware
Application Performance Isolation in Virtualization
CLOUD '09 Proceedings of the 2009 IEEE International Conference on Cloud Computing
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Proceedings of the 16th ACM conference on Computer and communications security
Q-clouds: managing performance interference effects for QoS-aware clouds
Proceedings of the 5th European conference on Computer systems
Performance Measurements and Analysis of Network I/O Applications in Virtualized Cloud
CLOUD '10 Proceedings of the 2010 IEEE 3rd International Conference on Cloud Computing
A new form of DOS attack in a cloud and its avoidance mechanism
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
mClock: handling throughput variability for hypervisor IO scheduling
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
CloudScale: elastic resource scaling for multi-tenant cloud systems
Proceedings of the 2nd ACM Symposium on Cloud Computing
Proceedings of the 2nd ACM Symposium on Cloud Computing
Opportunistic flooding to improve TCP transmit performance in virtualized clouds
Proceedings of the 2nd ACM Symposium on Cloud Computing
SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms
Proceedings of the 18th ACM conference on Computer and communications security
Eliminating the hypervisor attack surface for a more secure cloud
Proceedings of the 18th ACM conference on Computer and communications security
EyeQ: practical network performance isolation for the multi-tenant cloud
HotCloud'12 Proceedings of the 4th USENIX conference on Hot Topics in Cloud Ccomputing
Hi-index | 0.00 |
In a consolidated virtualized environment, multiple virtual machines (VMs) are hosted atop a shared physical substrate. They share the underlying hardware resources as well as the software virtualization components. Thus, one VM can generate performance interference to another co-resident VM. This work explores the adverse impact of performance interference from a security perspective. We present a new class of attacks, namely the cascade attacks, in which an adversary seeks to generate performance interference using a malicious VM. One distinct property of the cascade attacks is that when the malicious VM exhausts one type of hardware resources, it will bring "cascading" interference to another type of hardware resources. We present four different implementations of cascade attacks and evaluate their effectiveness atop the Xen virtualization platform. We show that a victim VM can see significant performance degradation (e.g., throughput drops in network and disk I/Os) due to the cascade attacks.