Bolt: Uncovering and Reducing the Security Vulnerabilities of Shared Clouds

Cloud providers routinely schedule multiple applications per physical host to increase cost efficiency. The resulting interference in shared resources leads to performance degradation and, more importantly, security vulnerabilities. Interference can leak important information ranging from the placement of a service to confidential data, like private keys. We present Bolt, a practical system that accurately detects the type and characteristics of applications sharing a cloud platform, based on the interference an adversary sees on shared resources. Bolt leverages practical data mining techniques for detection that operate online and require 2-5 seconds. In a 40-server shared cluster, Bolt correctly detects 81% out of 108 diverse batch and interactive workloads. Extracting this information enables a wide spectrum of previouslyimpractical cloud attacks, including denial of service (DoS), resource freeing (RFA) and co-residency attacks. For example, Bolt can successfully launch difficult to detect, host-based DoS attacks, with only a fraction of the resources and time needed by a conventional distributed DoS that cause the tail latency of the victim to increase by up to 140x. Finally, we show that, while advanced isolation techniques, such as cache partitioning, lower detection accuracy, they are insufficient to eliminate these vulnerabilities. To do so, one must either disallow core sharing, or only allow it between threads of the same application, leading to significant inefficiencies and performance penalties respectively.