All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Bolt: Detect and attack co-resident VMs on the cloud
Recent paper from Cornell & Stanford describes how a VM could detect individual applications on another co-resident VM and potentially attack it. The technique used is to increase the intensity of a micro-benchmark
until shared-resource contention is detected, and then compare against a database of "signatures" of known applications. Total running time about 2 to 5 seconds. The examples used in the paper detect changes in the scheduler (least-loaded) and L1 cache.
Section 5 in the paper describes a list of attacks:
- Internal DoS attack: Target the weakest link, eg., L1 instruction cache for Memcached, while keeping its own resource utilization low, making the attacker hard to detect.
- Resource Freeing attack: More complex version of DoS where attacking a critical resource causes it to free up other resources.
- VM co-residency detection: Search the cloud for a specific (competitor) VM by spawning a bunch of attackers/adversaries.
Section 6 describes some security counter-measures that cloud providers can use to reduce such attacks.
Link to original paper and slides https://www.semanticscholar.org/paper/Bolt-I-Know-What-You-Did-Last-Summer-In-The-Cloud-Delimitrou-Kozyrakis/2e320c986c2e5cbac990093f083a6e91eb812079
A writeup on the paper: https://blog.acolyer.org/2017/05/24/bolt-i-know-what-you-did-last-summer-in-the-cloud/
Comments
Oh dear... I hate Information Technology. I want by bongo back.
Your tax dollars at work.
Both of these are privately funded.
Ha!
Tons of tax money flowing into all Tier 1 Research institutions (I know Stanford is one...not sure about Cornell but presumably). Google shows that about 20% of Stanford's entire budget is "sponsored research".
A sliver of that is private industry...most is tax money.
Most of the "sponsored research" money is gov/DOD grants. So yeah, tax money :P
Now I'm sad because I went to Berkeley and Stanford for a bit and never saw any tax money at all. I could have purchased clowns, drugs, and tentacles with a grant.
Yeah, if I'd gone to Berkeley I'd be pretty sad too...but there's counseling out there.
Currently not going to Berkeley, but any State college in California is a mess right now, honestly wishing I was in another state, but I'm already several years invested in my education.
Gender studies + Climate change -> Apply for a grant -> Boom! Enjoy your clowns, drugs and tentacles. Easy-peasy.
Especially since I'm paying for my own education, I'd rather see it as an investment, and not a waste of money studying a worthless major.
California's cheap uni program is legendary...but California sucks. Lived there for three years and hated it. I visit the Bay Area periodically and hate it. Everything's expensive, everything's wacky, overcrowded, high crime, bad traffic, extreme taxation, did I mention extreme taxation, also taxes are high...I could go on...
When I went to U-Michigan, the Womens' Studies Building was on my walk back from work. Nearly every day I stopped there and took a dump...not because I have anything against Women's Studies, but rather because the men's room there was always spic-and-span clean and had not been used since the janitors cleaned it overnight. It was like my own private public toilet, because I never in my entire time there met a male Womens' Studies student. Or professor for that matter.
Honestly, I'm looking to get out as soon as I get my degree. Unfortunately, I'm sure you're also quite aware of the lack of class availability in California's state uni program. The moment I've graduated and find a decent paying job offer outside of this state, I'm packing and living in a more comfortable, less-taxing, and less socially inept state.
@raindog308 Wecome to Toronto. Where taxes are high, and the return on health care is little.
I wasn't...that's interesting. How can they justify any shortage, given that the price of education has outpaced inflation by like 1,000% over the last 20 years.
Higher ed is just a student loan bubble...it's so obvious: you make money cheap, it flows into the system, and suddenly every university triples their staff.
But, uh, anyway...back to bolt...freakin' mods derailing threads...