Robust Coordination of Cloud-Internal Denial of Service Attacks

In an Infrastructure as a Service (IaaS) cloud environment, workloads change dynamically with limited insight by service providers into the precise characteristics of client workloads. At the same time, service providers must seek to honour service level agreements (SLA) regarding performance and availability. In this paper we describe and analyse a class of attacks that may target other workloads or the ability of a service provider to satisfy SLA requirements by launching tightly coordinated attack or attack sequence. The attack seeks to utilise resource over-commitment and the cost of migration and related secondary effects such as power management rather than relying on implementation-specific weaknesses that could be mitigated more easily. The effectiveness of the attack depends on the ability to co-locate and precisely modulate workloads of virtual machines (VMs) on a single host. We describe a novel coordination protocol relying on broadcast primitives in memory-based covert channels for dynamic attack group membership and attack initiation based on a broadcast variant of the Jarecki-Kim-Tsudik (JKT) protocol. This protocol requires very limited channel capacity and has O(n + T) message complexity whilst tolerating up to T failures, increasing the difficulty of detection and mitigation.