Hey, You, Get Off of My Cloud:Exploring Information Leakage inThird-Party Compute CloudsThomas Ristenpart∗Eran Tromer†Hovav Shacham∗Stefan Savage∗∗Dept. of Computer Science and Engineering†Computer Science and Artificial Intelligence LaboratoryUniversity of California, San Diego, USA Massachusetts Institute of Technology, Cambridge, USA{tristenp,hovav,savage}@cs.ucsd.edu [email protected] cloud computing represents the promise of out-sourcing as applied to computation. Services, such as Mi-crosoft’s Azure and Amazon’s EC2, allow users to instanti-ate virtual machines (VMs) on demand and thus purchaseprecisely the capacity they require when they require it.In turn, the use of virtualization allows third-party cloudproviders to maximize the utilization of their sunk capitalcosts by multiplexing many customer VMs across a sharedphysical infrastructure. However, in this paper, we showthat this approach can also introduce new vulnerabilities.Using the Amazon EC2 service as a case study, we show thatit is possible to map the internal cloud infrastructure, iden-tify where a particular target VM is likely to reside, and theninstantiate new VMs until one is placed co-resident with thetarget. We explore how such placement can then be used tomount cross-VM side-channel attacks to extract informationfrom a target VM on the same machine.Categories and Subject DescriptorsK.6.5 [Security and Protection]: UNAUTHORIZED AC-CESSGeneral TermsSecurity, Measurement, ExperimentationKeywordsCloud computing, Virtual machine security, Side channels1. INTRODUCTIONIt has become increasingly popular to talk of “cloud com-puting” as the next infrastructure for hosting data and de-ploying software and services. In addition to the plethora oftechnical approaches associated with the term, cloud com-puting is also used to refer to a new business model in whichPermission to make digital or hard copies of all or part of this work forpersonal or classroom use is granted without fee provided that copies arenot made or distributed for profit or commercial advantage and that copiesbear this notice and the full citation on the first page. To copy otherwise, torepublish, to post on servers or to redistribute to lists, requires prior specificpermission and/or a fee.CCS’09, November 9–13, 2009, Chicago, Illinois, USA.Copyright 2009 ACM 978-1-60558-352-5/09/11 ...$10.00.core computing and software capabilities are outsourced ondemand to shared third-party infrastructure. While thismodel, exemplified by Amazon’s Elastic Compute Cloud(EC2) [5], Microsoft’s Azure Service Platform [20], and Rack-space’s Mosso [27] provides a number of advantages — in-cluding economies of scale, dynamic provisioning, and lowcapital expenditures — it also introduces a range of new risks.Some of these risks are self-evident and relate to the newtrust relationship between customer and cloud provider. Forexample, customers must trust their cloud providers to re-spect the privacy of their data and the integrity of theircomputations. However, cloud infrastructures can also in-troduce non-obvious threats from other customers due tothe subtleties of how physical resources can be transparentlyshared between virtual machines (VMs).In particular, to maximize efficiency multiple VMs maybe simultaneously assigned to execute on the same physi-cal server. Moreover, many cloud providers allow “multi-tenancy” — multiplexing the virtual machines of disjointcustomers upon the same physical hardware. Thus it is con-ceivable that a customer’s VM could be assigned to the samephysical server as their adversary. This in turn, engendersa new threat — that the adversary might penetrate the iso-lation between VMs (e.g., via a vulnerability that allowsan “escape” to the hypervisor or via side-channels betweenVMs) and violate customer confidentiality. This paper ex-plores the practicality of mounting such cross-VM attacksin existing third-party compute clouds.The attacks we consider require two main steps: place-ment and extraction. Placement refers to the adversary ar-ranging to place their malicious VM on the same physicalmachine as that of a target customer. Using Amazon’s EC2as a case study, we demonstrate that careful empirical “map-ping”can reveal how to launch VMs in a way that maximizesthe likelihood of an advantageous placement. We find thatin some natural attack scenarios, just a few dollars investedin launching VMs can produce a 40% chance of placing amalicious VM on the same physical server as a target cus-tomer. Using the same platform we also demonstrate theexistence of simple, low-overhead, “co-residence” checks todetermine when such an advantageous placement has takenplace. While we focus on EC2, we believe that variantsof our techniques are likely to generalize to other services,such as Microsoft’s Azure [20] or Rackspace’s Mosso [27], aswe only utilize standard customer capabilities and do notrequire that cloud providers disclose details of their infras-tructure or assignment policies.199Having managed to place a VM co-resident with the tar-get, the next step is to extract confidential information viaa cross-VM attack. While there are a number of avenuesfor such an attack, in this paper we focus on side-channels:cross-VM information leakage due to the sharing of physicalresources (e.g., the CPU’s data caches). In the multi-processenvironment, such attacks have been shown to enable ex-traction of RSA [26] and AES [22] secret keys. However, weare unaware of published extensions of these attacks to thevirtual machine environment; indeed, there are significantpractical challenges in doing so.We show preliminary results on cross-VM side channel at-tacks, including a range of building blocks (e.g., cache loadmeasurements in EC2) and coarse-grained attacks such asmeasuring activity burst timing (e.g., for cross-VM keystrokemonitoring). These point to the practicality of side-channelattacks in cloud-computing environments.Overall, our results indicate that there exist tangible dan-gers when deploying sensitive tasks to third-party computeclouds. In the remainder of this paper, we explain thesefindings in more detail and then discuss means to mitigatethe problem. We argue that the best solution is for cloudproviders to expose this risk explicitly and give some place-ment control directly to customers.2. THREAT MODELAs more and more applications become exported to