
Bolt: I Know What You Did Last Summer in the Cloud [pdf] - lainon
http://csl.stanford.edu/~christos/publications/2017.bolt.asplos.pdf
======
jwilk
Abstract:

 _Cloud providers routinely schedule multiple applications per physical host
to increase efficiency. The resulting interference on shared resources often
leads to performance degradation and, more importantly, security
vulnerabilities. Interference can leak important information ranging from a
service’s placement to confidential data, like private keys.

We present Bolt, a practical system that accurately detects the type and
characteristics of applications sharing a cloud platform based on the
interference an adversary sees on shared resources. Bolt leverages online data
mining techniques that only require 2-5 seconds for detection. In a multi-user
study on EC2, Bolt correctly identifies the characteristics of 385 out of 436
diverse workloads. Extracting this information enables a wide spectrum of
previously-impractical cloud attacks, including denial of service attacks
(DoS) that increase tail latency by 140x, as well as resource freeing (RFA)
and co-residency attacks. Finally, we show that while advanced isolation
mechanisms, such as cache partitioning lower detection accuracy, they are
insufficient to eliminate these vulnerabilities altogether. To do so, one must
either disallow core sharing, or only allow it between threads of the same
application, leading to significant inefficiencies and performance penalties._

------
Artemis2
Great analysis by The Morning Paper:
[https://blog.acolyer.org/2017/05/24/bolt-i-know-what-you-
did...](https://blog.acolyer.org/2017/05/24/bolt-i-know-what-you-did-last-
summer-in-the-cloud/)

------
inlined
This is an an interesting article but I wish it had info for cloud providers
beyond AWS. Why was the experiment not tested on multiple providers?

