Files in this item

FilesDescriptionFormat

application/pdf

application/pdfTAHIR-THESIS-2015.pdf (1MB)Restricted to U of Illinois
(no description provided)PDF

Description

Title:Sneak-peek: high speed covert channels in data center networks
Author(s):Tahir, Rashid
Advisor(s):Caesar, Matthew C.
Department / Program:Computer Science
Discipline:Computer Science
Degree Granting Institution:University of Illinois at Urbana-Champaign
Degree:M.S.
Genre:Thesis
Subject(s):Covert Channels
Data Center Networks
Clouds
Software Defined Networking (SDN)
Abstract:With the advent of big data, modern businesses face an increasing need to store and process large volumes of sensitive customer information on the cloud. In these environments, resources are shared across a multitude of mutually untrusting tenants increasing propensity for data leakage. With the recent spate of high-profile data exfiltration attacks and the emergence of critical vulnerabilities such as Heartbleed and Shellshock, coupled with increasing use of clouds in all aspects of our daily lives, this problem stands to grow further in severity. In this thesis, we present a novel network-based covert channel that can arise in the context of shared network resources in data-center environments even in the presence of network monitors regulating flow destinations with NAC policies and VLAN-based isolation mechanisms. Through a series of experiments on diverse network hardware (including SDNs) and commercial clouds such as EC2 and Azure, we demonstrate that our network-based channel achieves orders of magnitude greater bit rates than reported in any recent literature. Furthermore, we present an information-theoretic framework to model and study the channel. Using this model we derive an upper bound on the information rate of the channel and propose a coding scheme that nearly achieves this upper bound. Additionally we introduce some techniques to make the covert channel robust to noise, and empirically study its performance in the presence of realistic cross-traffic. Finally, we discuss several avenues for mitigation, and demonstrate the effectiveness of our schemes both empirically and mathematically.
Issue Date:2015-10-29
Type:Thesis
URI:http://hdl.handle.net/2142/89281
Rights Information:Copyright 2015 Rashid Tahir
Date Available in IDEALS:2016-03-08
Date Deposited:2015-12


This item appears in the following Collection(s)

Item Statistics