Skip to main content

Cross-tenant side-channel attacks in PaaS clouds

Publication ,  Conference
Zhang, Y; Juels, A; Reiter, MK; Ristenpart, T
Published in: Proceedings of the ACM Conference on Computer and Communications Security
November 3, 2014

We present a new attack framework for conducting cache- based side-channel attacks and demonstrate this framework in attacks between tenants on commercial Platform-as-a-Service (PaaS) clouds. Our framework uses the Flush- Reload attack of Gullasch et al. as a primitive, and ex- tends this work by leveraging it within an automaton-driven strategy for tracing a victim's execution. We leverage our framework first to confirm co-location of tenants and then to extract secrets across tenant boundaries. We specifically demonstrate attacks to collect potentially sensitive application data (e.g., the number of items in a shopping cart), to hijack user accounts, and to break SAML single sign-on. To the best of our knowledge, our attacks are the first granular, cross-tenant, side-channel attacks successfully demonstrated on state-of-the-art commercial clouds, PaaS or otherwise. Copyright is held by the author/owner(s).

Duke Scholars

Published In

Proceedings of the ACM Conference on Computer and Communications Security

DOI

ISSN

1543-7221

Publication Date

November 3, 2014

Start / End Page

990 / 1003
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Zhang, Y., Juels, A., Reiter, M. K., & Ristenpart, T. (2014). Cross-tenant side-channel attacks in PaaS clouds. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 990–1003). https://doi.org/10.1145/2660267.2660356
Zhang, Y., A. Juels, M. K. Reiter, and T. Ristenpart. “Cross-tenant side-channel attacks in PaaS clouds.” In Proceedings of the ACM Conference on Computer and Communications Security, 990–1003, 2014. https://doi.org/10.1145/2660267.2660356.
Zhang Y, Juels A, Reiter MK, Ristenpart T. Cross-tenant side-channel attacks in PaaS clouds. In: Proceedings of the ACM Conference on Computer and Communications Security. 2014. p. 990–1003.
Zhang, Y., et al. “Cross-tenant side-channel attacks in PaaS clouds.” Proceedings of the ACM Conference on Computer and Communications Security, 2014, pp. 990–1003. Scopus, doi:10.1145/2660267.2660356.
Zhang Y, Juels A, Reiter MK, Ristenpart T. Cross-tenant side-channel attacks in PaaS clouds. Proceedings of the ACM Conference on Computer and Communications Security. 2014. p. 990–1003.

Published In

Proceedings of the ACM Conference on Computer and Communications Security

DOI

ISSN

1543-7221

Publication Date

November 3, 2014

Start / End Page

990 / 1003