Dynamic Frequency-Based Fingerprinting Attacks against Modern Sandbox Environments
- URL: http://arxiv.org/abs/2404.10715v3
- Date: Thu, 23 May 2024 18:17:43 GMT
- Title: Dynamic Frequency-Based Fingerprinting Attacks against Modern Sandbox Environments
- Authors: Debopriya Roy Dipta, Thore Tiemann, Berk Gulmezoglu, Eduard Marin, Thomas Eisenbarth,
- Abstract summary: We investigate the possibility of fingerprinting containers through CPU frequency reporting sensors in Intel and AMD CPUs.
We demonstrate that Docker images exhibit a unique frequency signature, enabling the distinction of different containers with up to 84.5% accuracy.
Our empirical results show that these attacks can also be carried out successfully against all of these sandboxes in less than 40 seconds.
- Score: 7.753621963239778
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The cloud computing landscape has evolved significantly in recent years, embracing various sandboxes to meet the diverse demands of modern cloud applications. These sandboxes encompass container-based technologies like Docker and gVisor, microVM-based solutions like Firecracker, and security-centric sandboxes relying on Trusted Execution Environments (TEEs) such as Intel SGX and AMD SEV. However, the practice of placing multiple tenants on shared physical hardware raises security and privacy concerns, most notably side-channel attacks. In this paper, we investigate the possibility of fingerprinting containers through CPU frequency reporting sensors in Intel and AMD CPUs. One key enabler of our attack is that the current CPU frequency information can be accessed by user-space attackers. We demonstrate that Docker images exhibit a unique frequency signature, enabling the distinction of different containers with up to 84.5% accuracy even when multiple containers are running simultaneously in different cores. Additionally, we assess the effectiveness of our attack when performed against several sandboxes deployed in cloud environments, including Google's gVisor, AWS' Firecracker, and TEE-based platforms like Gramine (utilizing Intel SGX) and AMD SEV. Our empirical results show that these attacks can also be carried out successfully against all of these sandboxes in less than 40 seconds, with an accuracy of over 70% in all cases. Finally, we propose a noise injection-based countermeasure to mitigate the proposed attack on cloud environments.
Related papers
- Security Testbed for Preempting Attacks against Supercomputing Infrastructure [1.9097277955963794]
This paper describes a security testbed embedded in live traffic of a supercomputer at the National Center for Supercomputing Applications.
The objective is to demonstrate attack textitpreemption, i.e., stopping system compromise and data breaches at petascale supercomputers.
arXiv Detail & Related papers (2024-09-15T03:42:47Z) - Last-Level Cache Side-Channel Attacks Are Feasible in the Modern Public Cloud (Extended Version) [16.594665501866675]
We present an end-to-end, cross-tenant attack on a vulnerable ECDSA implementation in the public F-based algorithm for Google Cloud Run environment.
We introduce several new techniques to improve every step of the attack.
Overall, we extract a median value of 81% of the secret ECDSA nonce bits from a victim container in 19 seconds on average.
arXiv Detail & Related papers (2024-05-21T03:05:29Z) - WeSee: Using Malicious #VC Interrupts to Break AMD SEV-SNP [2.8436446946726557]
AMD SEV-SNP offers VM-level trusted execution environments (TEEs) to protect sensitive cloud workloads.
WeSee attack injects malicious #VC into a victim VM's CPU to compromise the security guarantees of AMD SEV-SNP.
Case-studies demonstrate that WeSee can leak sensitive VM information (kTLS keys for NGINX), corrupt kernel data (firewall rules), and inject arbitrary code.
arXiv Detail & Related papers (2024-04-04T15:30:13Z) - Heckler: Breaking Confidential VMs with Malicious Interrupts [2.650561978417805]
Heckler is a new attack wherein the hypervisor injects malicious non-timer interrupts to break the confidentiality and integrity of CVMs.
With AMD SEV-SNP and Intel TDX, we demonstrate Heckler on OpenSSH and to bypass authentication.
arXiv Detail & Related papers (2024-04-04T11:37:59Z) - Microarchitectural Security of AWS Firecracker VMM for Serverless Cloud Platforms [9.345368209757495]
Firecracker is a virtual machine manager built by Amazon Web Services (AWS) for serverless cloud platforms.
We show that AWS overstates the security inherent to the Firecracker VMM and provides incomplete guidance for properly securing cloud systems that use Firecracker.
arXiv Detail & Related papers (2023-11-27T16:46:03Z) - Putting a Padlock on Lambda -- Integrating vTPMs into AWS Firecracker [49.1574468325115]
Software services place implicit trust in the cloud provider, without an explicit trust relationship.
There is currently no cloud provider that exposes Trusted Platform Module capabilities.
We improve trust by integrating a virtual TPM device into the Firecracker, originally developed by Amazon Web Services.
arXiv Detail & Related papers (2023-10-05T13:13:55Z) - Overload: Latency Attacks on Object Detection for Edge Devices [47.9744734181236]
This paper investigates latency attacks on deep learning applications.
Unlike common adversarial attacks for misclassification, the goal of latency attacks is to increase the inference time.
We use object detection to demonstrate how such kind of attacks work.
arXiv Detail & Related papers (2023-04-11T17:24:31Z) - VSA: Learning Varied-Size Window Attention in Vision Transformers [76.35955924137986]
We propose textbfVaried-textbfSize Window textbfAttention (VSA) to learn adaptive window configurations from data.
Based on the tokens within each default window, VSA employs a window regression module to predict the size and location of the target window.
arXiv Detail & Related papers (2022-04-18T17:56:07Z) - Check Your Other Door! Establishing Backdoor Attacks in the Frequency
Domain [80.24811082454367]
We show the advantages of utilizing the frequency domain for establishing undetectable and powerful backdoor attacks.
We also show two possible defences that succeed against frequency-based backdoor attacks and possible ways for the attacker to bypass them.
arXiv Detail & Related papers (2021-09-12T12:44:52Z) - Adversarial EXEmples: A Survey and Experimental Evaluation of Practical
Attacks on Machine Learning for Windows Malware Detection [67.53296659361598]
adversarial EXEmples can bypass machine learning-based detection by perturbing relatively few input bytes.
We develop a unifying framework that does not only encompass and generalize previous attacks against machine-learning models, but also includes three novel attacks.
These attacks, named Full DOS, Extend and Shift, inject the adversarial payload by respectively manipulating the DOS header, extending it, and shifting the content of the first section.
arXiv Detail & Related papers (2020-08-17T07:16:57Z) - FCOS: A simple and strong anchor-free object detector [111.87691210818194]
We propose a fully convolutional one-stage object detector (FCOS) to solve object detection in a per-pixel prediction fashion.
Almost all state-of-the-art object detectors such as RetinaNet, SSD, YOLOv3, and Faster R-CNN rely on pre-defined anchor boxes.
In contrast, our proposed detector FCOS is anchor box free, as well as proposal free.
arXiv Detail & Related papers (2020-06-14T01:03:39Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.