Dynamic Frequency-Based Fingerprinting Attacks against Modern Sandbox Environments

Titel in Übersetzung: Dynamische frequenzbasierte Fingerprinting Angriffe auf moderne Smandbox Umgebungen

Debopriya Roy Dipta*, Thore Tiemann, Berk Gülmezoğlu, Eduard Marin, Thomas Eisenbarth

*Korrespondierende/r Autor/-in für diese Arbeit

Abstract

The cloud computing landscape has evolved sig-nificantly in recent years, embracing various sandboxes to meet the diverse demands of modern cloud applications. These sandboxes encompass container-based technologies like Docker and gVisor, microVM-based solutions like Fire-cracker, and security-centric sandboxes relying on Trusted Execution Environments (TEEs) such as Intel SGX and AMD SEV. However, the practice of placing multiple tenants on shared physical hardware raises security and privacy concerns, most notably side-channel attacks. In this paper, we investigate the possibility of fingerprinting containers through CPU frequency reporting sensors in Intel and AMD CPUs. One key enabler of our attack is that the current CPU frequency information can be accessed by user-space attackers. We demonstrate that Docker images exhibit a unique frequency signature, enabling the distinction of different containers with up to 84.5 % accuracy even when multiple containers are running simultaneously in different cores. Additionally, we assess the effectiveness of our attack when performed against several sandboxes deployed in cloud environments, including Google's gVisor, AWS' Firecracker, and TEE-based platforms like Gramine (utilizing Intel SGX) and AMD SEV. Our empirical results show that these attacks can also be carried out successfully against all of these sandboxes in less than 40 seconds, with an accuracy of over 70 % in all cases. Finally, we propose a noise injection-based countermeasure to mitigate the proposed attack on cloud environments.
Titel in ÜbersetzungDynamische frequenzbasierte Fingerprinting Angriffe auf moderne Smandbox Umgebungen
OriginalspracheEnglisch
Titel9th IEEE European Symposium on Security and Privacy (EuroS&P 2024), July 8-12, 2024, Vienna, Austria
Seitenumfang18
Erscheinungsdatum2024
Seiten327-344
ISBN (Print)9798350354256
DOIs
PublikationsstatusVeröffentlicht - 2024

Zitieren