Flux Research Group / School of Computing

I Heard It through the Firewall: Exploiting Cloud Management Services as an Information Leakage Channel

No PDF availalbe

Hyun-wook Baek, Eric Eide, Robert Ricci, and Jacobus (Kobus) Van der Merwe

Proceedings of the 8th ACM Symposium on Cloud Computing (SoCC) 2018.

Networking, Security, Cloud


Though there has been much study of information leakage channels exploiting shared hardware resources (memory, cache, and disk) in cloud environments, there has been less study of the exploitability of shared software resources. In this paper, we analyze the exploitability of the cloud networking services (which is shared among cloud tenants), and introduce a practical method for building information leakage channels by monitoring workloads on the cloud networking services through the virtual firewall. We also demonstrate the practicality of this attack by implementing two different covert channels in OpenStack as well as a new class of side channels that can eavesdrop on infrastructure-level events. By utilizing a Long Short-Term Memory (LSTM) neural network model, our side channel attack could detect infrastructure level VM creation/termination events with 93.3% accuracy.