Skip directly to content

Minimize RSR Award Detail

Research Spending & Results

Award Detail

Awardee:WORCESTER POLYTECHNIC INSTITUTE
Doing Business As Name:Worcester Polytechnic Institute
PD/PI:
  • Berk Sunar
  • (508) 831-5494
  • sunar@wpi.edu
Co-PD(s)/co-PI(s):
  • Thomas Eisenbarth
Award Date:08/15/2013
Estimated Total Award Amount: $ 499,963
Funds Obligated to Date: $ 499,963
  • FY 2013=$499,963
Start Date:09/01/2013
End Date:02/28/2017
Transaction Type:Grant
Agency:NSF
Awarding Agency Code:4900
Funding Agency Code:4900
CFDA Number:47.070
Primary Program Source:040100 NSF RESEARCH & RELATED ACTIVIT
Award Title or Description:TWC TTP: Small: RAIN: Analyzing Information Leakage in the Cloud
Federal Award ID Number:1318919
DUNS ID:041508581
Parent DUNS ID:041508581
Program:Secure &Trustworthy Cyberspace
Program Officer:
  • Nina Amla
  • (703) 292-7991
  • namla@nsf.gov

Awardee Location

Street:100 INSTITUTE RD
City:WORCESTER
State:MA
ZIP:01609-2247
County:Worcester
Country:US
Awardee Cong. District:02

Primary Place of Performance

Organization Name:Worcester Polytechnic Institute
Street:100 Institute Road
City:Worcester
State:MA
ZIP:01609-2280
County:Worcester
Country:US
Cong. District:02

Abstract at Time of Award

Cloud computing is growing at exponential rates due to its great benefits to virtually all companies relying on IT systems. The biggest concern preventing further cloud adoption is data security and privacy. The main security principle in the design of cloud servers has been virtual isolation which ignores information leakage through subtle channels shared by the processes running on the same physical hardware. The goal of this project is to explore side-channel leakage on virtualized machines that form the cloud. By utilizing a cloud testbed, this project explores interactions of the underlying hardware, virtualization platforms, and cryptographic software. A better understanding of side-channel leakages is aiding the design of effective countermeasures. To facilitate effective transition to practice the project is taking a pragmatic approach by focusing on commonly used cryptographic software libraries which lie at the heart of virtually any security solution. To address identified weaknesses in existing crypto libraries, countermeasures in the form of patches will be released, ensuring the security of cloud servers. The project resolves weaknesses in cryptographic software by issuing updates with immediate benefits to virtually all cloud customers. The impact is further amplified by the continuing rapid growth of cloud adoption. By understanding the vulnerabilities in virtualized systems, the project raises awareness in the software security community. By integration of results into existing curricula, the project aids training future cybersecurity experts at the undergraduate and graduate levels.

Publications Produced as a Result of this Research

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

G Irazoqui, T Eisenbarth, B Sunar "Cross processor cache attacks" Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, v., 2016, p..

MS Inci, B Gulmezoglu, T Eisenbarth, B Sunar "Co-location detection on the Cloud" 7th International Workshop on Constructive Side-Channel Analysis and Secure Design COSADE 2016, v., 2016, p..

Mehmet Sinan Inci, Berk Gülmezoglu, Gorka Irazoqui, Thomas Eisenbarth, Berk Sunar "Cache Attacks Enable Bulk Key Recovery on the Cloud" Cryptographic Hardware and Embedded Systems - CHES 2016 - 18th International Conference, Springer LNCS, v.9813, 2016, p.368. doi:10.1007/978-3-662-53140-2_18 

Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, and Berk Sunar "Efficient, Adversarial Neighbor Discovery using Logical Channels on Microsoft Azure" Annual Computer Security Applications Conference - ACSAC 2016, v., 2016, p.436. doi:10.1145/2991079.2991113 

Berk Gulmezoglu, Mehmet Inci, Gorka Irazoki, Thomas Eisenbarth, Berk Sunar "Cross-VM Cache Attacks on AES" IEEE Transactions on Multi-Scale Computing Systems, v.2, 2016, p.211. doi:10.1109/TMSCS.2016.2550438 

Gorka Irazoqui, Mehmet Sinan IncI, Thomas Eisenbarth, Berk Sunar "Know Thy Neighbor: Crypto Library Detection in Cloud" Proceedings on Privacy Enhancing Technologies, v.1, 2015, p.25. doi:10.1515/popets-2015-0003 


Project Outcomes Report

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

In this project, we analyzed the security risks and vulnerabilities associated with the virtualized and public cloud systems.

Firstly, we started with the simple scenarios to show that our techniques work in lab environments. After achieving a high success rate in the testbed the project explored cloud servers used commonly by the public investigating potential vulnerabilities ranging from shared hardware resources like CPUs, caches or memory to shared network routers. It was shown that there are many ways to find leakages in the public systems and they could be used by attackers to exploit the privacy of public users. In addition, the results proved that while the public cloud systems present many opportunities and advantages, they should be used with caution. Security sensitive information should be stored and processed in single-tenant cloud instances where only one customer resides on a single physical server. While being the more costly option, using single tenant instances reduces the attack surface for side-channel attacks and provides a more secure overall system.

Secondly, it is evident that cryptographic libraries need a thorough inspection and rewrite to be side-channel protected. As shown in publications, while some of these libraries are updated to resist side-channel attacks, there is still a great deal of potential vulnerabilities that can be exploited in the near future. More importantly, application developers should be prompted to update the cryptographic libraries in their products for these patches to be in effect.

Finally, through a large number if publications, the work has shown the risks and vulnerabilities in cloud systems. The findings were shared along with proposed solutions with both vendors and academic community.

 


Last Modified: 04/28/2017
Modified by: Berk Sunar

For specific questions or comments about this information including the NSF Project Outcomes Report, contact us.