Public infrastructure-as-a-service clouds, such as Amazon EC2, Google Compute Engine
(GCE) and Microsoft Azure allow clients to run virtual machines (VMs) on shared physical …

Cloud providers routinely schedule multiple applications per physical host to increase
efficiency. The resulting interference on shared resources often leads to performance …

The cloud concept promises computing as a utility. More and more functions are moved to
cloud environments. But this transition comes at a cost: security and privacy solutions have …

We introduce a new microarchitectural timing covert channel using the processor memory
order buffer (MOB). Specifically, we show how an adversary can infer the state of a spy …

This article presents StopWatch, a system that defends against timing-based side-channel
attacks that arise from coresidency of victims and attackers in infrastructure-as-a-service …

Honeynet and honeypot originate as network security tools to collect attack information
during the network being compromised. With the development of virtualization and software …

Drawing upon the expertise of world-renowned researchers and experts, The Cloud Security
Ecosystem comprehensively discusses a range of cloud security topics from multi …

We present a new technique, which we call socket overloading, that we apply for off-path
attacks on DNS. Socket overloading consists of short, low-rate, bursts of inbound packets …

Abstract Public Platform-as-a-Service (PaaS) clouds are always multi-tenant. Applications
from different tenants may reside on the same physical machine, which introduces the risk of …

In cloud computing, network Denial of Service (DoS) attacks are well studied and defenses
have been implemented, but severe DoS attacks on a victim's working memory by a single …