Modern day commercial clouds are subject to various forms of infrastructural abuse. Whether it is SaaS, PaaS or IaaS model, attackers and cybercriminals are exploiting clouds to service their needs and using them as a platform to launch attacks and conduct illegal practices. Resultantly, instances where clouds are the source of a malicious or damaging activity have recently spiked. Unlike externally-sourced attacks on clouds, abuse arising from 'within' presents new challenges. This thesis highlights the emerging problem of cloud abuse and attempts to address these challenges. In particular, we argue for a new approach to cloud security that mitigates abuse proactively before the damage is done. Current defense mechanisms are ill-suited as they are primarily designed to mitigate incoming attacks, where the cloud is the target of the attack. Outbound traffic and resource usage is seldom scrutinized for malicious and illegal activities. Furthermore, in-VM security software, such as anti-viruses and intrusion detection systems fail to provide adequate protection as they can be bypassed (using polymorphism, stealth etc.),hidden from (as in virtualization-aware rootkits) or altogether turned off (by getting root access). To make matters worse, hackers have invented automated mechanisms that exploit the freemium business model, allowing them to engineer large pools of resources by combining together the free tier supply. Potentially infinite storage banks and cryptocurrency mining farms with huge distributed footprints have been exposed on top of complimentary services offered by various Cloud Service Providers (CSPs). This has incentivized hackers further, as they can launch lucrative attacks, such as DDoS attacks and spamming, free of cost.Providers struggle to detect this abuse as they lack the necessary tools and infrastructure for proactive detection and mitigation. Currently, all parties (users and providers) are made aware of the abuse when the damage has already been done and different losses have been incurred either by the user or, as in most cases, the provider. These issues highlight the need for new security mechanisms specifically designed to target attacks originating from within the cloud.Hence, in this thesis, we present the design and implementation of an infrastructure that can prove to be useful in proactively thwarting a diverse range of cloud abuse. From break-ins and cryptocurrency mining to DDoS attacks and covert/side channels, the presented infrastructure has the potential to mitigate malicious activity across the spectrum with high accuracy and low overheads without compromising scalability or modularity. We argue that clouds need systems that can react to various forms of abuse by deploying VM-oblivious defenses and minimize co-residency between tenants by making deployments more mobile. Specifically, we present the design of monitors leveraging the lower layers of the cloud-stack, such as the hardware and hypervisor. Furthermore, we also provide meaningful strategies to dynamically reposition entire deployments to minimize the sharing of infrastructure between co-resident tenants. The systems discussed herein add to the security toolbox available to providers and assist them in detecting and mitigating resource abuse in its early stages.
PDF
download
878987797
028-85220240
