As more and more businesses adopt Software-as-a-Service (SaaS) as part of their digital strategy, they face a choice between multi- or single-tenant cloud platforms.
Single-tenancy pairs a single business with a single software resource. The platform comes with greater security and more control over design and management of the platform.
However, multi-tenancy is a different story.
Its higher security vulnerabilities are why researchers, Christina Delimitrou of Cornell University and Christos Kozyrakis of Stanford University, created a cloud attack system called "Bolt" to test those vulnerabilities in hopes of giving developers ways to improve the design of future cloud systems, the details of which are revealed in their article "Uncovering the Security Implications of Cloud Multi-Tenancy with Bolt."
Although substantially cheaper because they offer multiple businesses access to one software resource, multi-tenant platforms are vulnerable to resource "interference," which can leak information about who is using an application and what they are using it for. In addition, they have multiple access points from which adversaries can extract data such as passwords and private keys.
Hackers have developed sneaky ways to break into multi-tenant platforms to steal confidential data without being detected by the cloud service provider.
"Once attackers obtain this information, they can launch severe, inexpensive, and hard-to-detect performance attacks against applications with which they are sharing resources," say Delimitrou and Kozyrakis
That's where Bolt comes in.
"We present Bolt, a practical system that accurately detects the type and characteristics of applications sharing a cloud platform based on the interference an adversary sees on shared resources," the authors say.
Delimitrou and Kozyrakis tested and validated Bolt in a controlled environment across their home turf of Stanford and Cornell University. They conducted a multi-user study using a shared Amazon Elastic Compute Cloud cluster with 200 servers.
Bolt correctly identified the characteristics of 385 out of 436 diverse workloads.
"Extracting this information enables a wide spectrum of previously impractical cloud attacks, including denial of service (DoS) attacks that increase tail latency by 140X, as well as resource freeing attacks (RFAs), and co-residency attacks," say the authors.
Every application uses resources in a certain way, leaving a signature. In a cloud environment, apps that share a machine also share resources.
Bolt uses an engineered program that observes the signatures of legitimate apps on cloud servers. It uses machine learning to gather signatures from a few resources enough to accurately identify the application. Overall, just by running right up next to your app, Bolt can figure out its details and hence launch an attack on it.
The specific denial-of-service attacks Bolt uses also rely on resource usage. If Bolt identifies your app, it knows which resources you are more dependent upon.
Then, Bolt launches an attack on the same machine that puts a lot of pressure on just that resource. Since the overall activity of the attacker is low—no pressure is applied to any other resource—the cloud providers are unlikely to detect the attack.
"While advanced isolation mechanisms such as cache partitioning lower detection accuracy, they are insufficient to eliminate these vulnerabilities altogether. To do so, one must either disallow core sharing or allow it only between threads of the same application, leading to significant inefficiencies and performance penalties," the authors say.
If Bolt knows enough detail about a program, it can launch a number of very specific security attacks against it.
For example, Bolt can try to exploit some bug in the Java or Scala frameworks that Spark—one of the most popular frameworks for big data analysis—relies upon.
However, Bolt does this in a subversive way: It quietly attacks only one system resource at a time, unlike conventional blitzkrieg denial-of-service attacks that flood a system so hard, it crashes.
It then ensures that the app slows down to unacceptable levels even though clients are paying for cloud resources that should be sufficient for good performance.
Delimitrou and Kozyrakis offer three takeaways from the Bolt study for cloud platform developers:
"As cloud systems scale in size, number, and complexity, the goals of performance, efficiency, and security often clash with one another. Leveraging practical data mining techniques to quickly and accurately uncover and resolve vulnerabilities or inefficiencies in large-scale systems is a promising approach to reconcile these often-conflicting objectives," the authors add.
Research related to cloud security in the Computer Society Digital Library:
About Lori Cameron
Lori Cameron is a Senior Writer for the IEEE Computer Society and currently writes regular features for Computer magazine, Computing Edge, and the Computing Now and Magazine Roundup websites. Contact her at l.cameron@computer.org. Follow her on LinkedIn.
