Swiper: Exploiting Virtual Machine Vulnerability In Third-Party Clouds with Competition for I/O Resources

Swiper: Exploiting Virtual Machine Vulnerability
In Third-Party Clouds with Competition for I/O Resources

Abstract— Swiper: Exploiting Virtual Machine Vulnerability In Third-Party Clouds with Competition for I/O Resources. The emerging paradigm of cloud computing, e.g., Amazon Elastic Compute Cloud (EC2), promises a highly flexible yet robust environment for large-scale applications. Ideally, while multiple virtual machines (VM) share the same physical resources < Final Year Projects 2016 > e.g., CPUs, caches, DRAM, and I/O devices, each application should be allocated to an independently managed VM and isolated from one another. Unfortunately, the absence of physical isolation inevitably opens doors to a number of security threats. In this paper, we demonstrate in EC2 a new type of security vulnerability caused by competition between virtual I/O workloads – i.e., by leveraging the competition for shared resources, an adversary could intentionally slow down the execution of a targeted application in a VM that shares the same hardware. In particular, we focus on I/O resources such as hard-drive throughput and/or network bandwidth – which are critical for data-intensive applications.