Skip to main content
SpringerLink
Log in

Dynamically Provisioning Isolation in Hierarchical Architectures

  • Conference paper
  • First Online:
Information Security (ISC 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9290))

Included in the following conference series:

Abstract

Physical isolation provides tenants in a cloud with strong security guarantees, yet dedicating entire machines to tenants would go against cloud computing’s tenet of consolidation. A fine-grained isolation model allowing tenants to request fractions of dedicated hardware can provide similar guarantees at a lower cost.

In this work, we investigate the dynamic provisioning of isolation at various levels of a system’s architecture, primarily at the core, cache, and machine level, as well as their virtualised equivalents. We evaluate recent technological developments, including post-copy VM migration and OS containers, and show how they assist in improving reconfiguration times and utilisation. We incorporate these concepts into a unified framework, dubbed SafeHaven, and apply it to two case studies, showing its efficacy both in a reactive, as well as an anticipatory role. Specifically, we describe its use in detecting and foiling a system-wide covert channel in a matter of seconds, and in implementing a multi-level moving target defence policy.

This work was supported by the BMBF within EC SPRIDE, by the Hessian LOEWE excellence initiative within CASED, and by the DFG Collaborative Research Center CROSSING.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://git.cs.umu.se/cklein/libvirt.

References

  1. CRIU project page, April 2015. http://criu.org/Main_Page

  2. KVM project page, April 2015. http://www.linux-kvm.org/

  3. Libvirt project page, April 2015. http://www.libvirt.org/

  4. Aciiçmez, O., Koç, c.K., Seifert, J.P.: On the power of simple branch prediction analysis. In: ASIACCS 2007, pp. 312–320. ACM, New York (2007)

    Google Scholar 

  5. Agat, J.: Transforming out timing leaks. In: Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2000, pp. 40–53. ACM, New York (2000)

    Google Scholar 

  6. Askarov, A., Zhang, D., Myers, A.C.: Predictive black-box mitigation of timing channels. In: CCS 2010, pp. 297–307. ACM, New York (2010)

    Google Scholar 

  7. Azar, Y., Kamara, S., Menache, I., Raykova, M., Shepard, B.: Co-location-resistant clouds. In: CCSW 2014, pp. 9–20. ACM, New York (2014)

    Google Scholar 

  8. Bienia, C., Kumar, S., Singh, J.P., Li, K.: The parsec benchmark suite: characterization and architectural implications. In: Proceedings of the 17th International Conference on Parallel Architectures and Compilation Techniques, October 2008

    Google Scholar 

  9. Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 355–371. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  10. Cabuk, S., Brodley, C.E., Shields, C.: IP covert timing channels: design and detection. In: CCS 2004. ACM, New York (2004)

    Google Scholar 

  11. Cardelli, L., Gordon, A.D.: Mobile ambients. In: POPL 1998. ACM Press (1998)

    Google Scholar 

  12. Caron, E., Desprez, F., Rouzaud-Cornabas, J.: Smart resource allocation to improve cloud security. In: Nepal, S., Pathan, M. (eds.) Security, Privacy and Trust in Cloud Systems. Springer, Heidelberg (2014)

    Google Scholar 

  13. Coppens, B., Verbauwhede, I., Bosschere, K.D., Sutter, B.D.: Practical mitigations for timing-based side-channel attacks on modern x86 processors. In: S&P 2009, pp. 45–60. IEEE Computer Society, Washington, DC (2009)

    Google Scholar 

  14. Dolan-Gavitt, B., Leek, T., Hodosh, J., Lee, W.: Tappan zee (north) bridge: mining memory accesses for introspection. In: CCS 2013. ACM, New York (2013)

    Google Scholar 

  15. Du, J., Sehrawat, N., Zwaenepoel, W.: Performance profiling in a virtualized environment. In: 2nd USENIX Workshop on Hot Topics in Cloud Computing (2010)

    Google Scholar 

  16. Ericsson AB: Erlang reference manual user’s guide, 6.2 edn., September 2014. http://www.erlang.org/doc/reference_manual/users_guide.html

  17. Gorantla, S., Kadloor, S., Kiyavash, N., Coleman, T., Moskowitz, I., Kang, M.: Characterizing the efficacy of the NRL network pump in mitigating covert timing channels. IEEE Trans. Inf. Forensics Secur. 7(1), 64–75 (2012)

    Article  Google Scholar 

  18. Gueron, S.: Intel advanced encryption standard (AES) new instructions set, May 2010. http://www.intel.com/content/dam/doc/white-paper/advanced-encryption-standard-new-instructions-set-paper.pdf

  19. Hu, W.M.: Reducing timing channels with fuzzy time. In: S&P 1991, pp. 8–20. IEEE Computer Society, May 1991

    Google Scholar 

  20. Hu, W.M.: Lattice scheduling and covert channels. In: S&P 1992, p. 52. IEEE Computer Society, Washington, DC (1992)

    Google Scholar 

  21. Intel: system programming guide, Intel\(\textregistered \) 64 & IA-32 architectures software developers manual, vol. 3B. Intel, May 2011

    Google Scholar 

  22. Intel: instruction set reference, intel\(\textregistered \) 64 & IA-32 architectures software developers manual, vol. 2. Intel, January 2015

    Google Scholar 

  23. Keller, E., Szefer, J., Rexford, J., Lee, R.B.: Nohype: virtualized cloud infrastructure without the virtualization. In: 37th Annual International Symposium on Computer Architecture, ISCA 2010, pp. 350–361. ACM, New York (2010)

    Google Scholar 

  24. Kim, T., Peinado, M., Mainar-Ruiz, G.: Stealthmem: system-level protection against cache-based side channel attacks in the cloud. In: Security 2012. USENIX Association, Berkeley (2012)

    Google Scholar 

  25. Lampson, B.W.: A note on the confinement problem. CACM 16(10), 613–615 (1973)

    Article  Google Scholar 

  26. Li, P., Gao, D., Reiter, M.: Mitigating access-driven timing channels in clouds using stopwatch. In: 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 1–12, June 2013

    Google Scholar 

  27. Linux: cpuset(7) - Linux manual page, August 2014. http://www.man7.org/linux/man-pages/man7/cpuset.7.html

  28. Mdhaffar, A., Ben Halima, R., Jmaiel, M., Freisleben, B.: A dynamic complex event processing architecture for cloud monitoring and analysis. In: 2013 IEEE 5th International Conference on Cloud Computing Technology and Science, CloudCom, vol. 2, pp. 270–275, December 2013

    Google Scholar 

  29. Mucci, P.J., Browne, S., Deane, C., Ho, G.: Papi: a portable interface to hardware performance counters. In: Proceedings of the DoD HPCMP Users Group Conference (1999)

    Google Scholar 

  30. Okamura, K., Oyama, Y.: Load-based covert channels between Xen virtual machines. In: 2010 ACM Symposium on Applied Computing, SAC 2010, pp. 173–180. ACM, New York (2010)

    Google Scholar 

  31. OpenStack foundation: OpenStack documentation, February 2015. http://www.docs.openstack.org/

  32. Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  33. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: CCS 2009, pp. 199–212. ACM, New York (2009)

    Google Scholar 

  34. Sailer, R., Jaeger, T., Valdez, E., Cáceres, R., Perez, R., Berger, S., Linwood, J., Doorn, G.L.: Building a MAC-based security architecture for the Xen opensource hypervisor. In: 21st Annual Competition Section Applications Conference, ACSAC 2005 (2005)

    Google Scholar 

  35. Saltaformaggio, B., Xu, D., Zhang, X.: Busmonitor: a hypervisor-based solution for memory bus covert channels. In: EuroSec 2013. ACM (2013)

    Google Scholar 

  36. Silberschatz, A., Galvin, P.B., Gagne, G.: Operating System Concepts, Chap. 5, 7th edn, p. 161. Wiley Publishing, New York (2005)

    Google Scholar 

  37. Tycho: live migration of linux containers, October 2014. http://tycho.ws/blog/2014/09/container-migration.html

  38. Varadarajan, V., Ristenpart, T., Swift, M.: Scheduler-based defenses against Cross-VM side-channels. In: Security 2014. USENIX Association, San Diego, August 2014

    Google Scholar 

  39. Wang, Z., Lee, R.B.: Covert and side channels due to processor architecture. In: 22nd Annual Computer Security Applications Conference, ACSAC 2006, pp. 473–482. IEEE Computer Society, Washington, DC (2006)

    Google Scholar 

  40. Wu, Z., Xu, Z., Wang, H.: Whispers in the hyper-space: high-speed covert channel attacks in the cloud. In: Security 2012. USENIX Association, Berkeley (2012)

    Google Scholar 

  41. Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., Schlichting, R.: An exploration of L2 cache covert channels in virtualized environments. In: CCSW 2011, pp. 29–40. ACM, New York (2011)

    Google Scholar 

  42. Yarom, Y., Falkner, K.E.: Flush+reload: a high resolution, low noise, L3 cache side-channel attack. IACR Crypt. ePrint Arch. 2013, 448 (2013)

    Google Scholar 

  43. Zhang, Y., Juels, A., Oprea, A., Reiter, M.K.: Homealone: co-residency detection in the cloud via side-channel analysis. In: S&P 2011, pp. 313–328. IEEE Computer Society, Washington, DC (2011)

    Google Scholar 

  44. Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-tenant side-channel attacks in paas clouds. In: CCS 2014, pp. 990–1003. ACM, New York (2014)

    Google Scholar 

  45. Zhang, Y., Reiter, M.K.: Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud. In: CCS 2013, pp. 827–838. ACM, New York (2013)

    Google Scholar 

  46. Yu, M., Zang, W., Zhang, Y., Li, M., Bai, K.: Incentive compatible moving target defense against VM-colocation attacks in clouds. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 388–399. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. European Centre for Security and Privacy by Design (EC-SPRIDE), Darmstadt, Germany

    Kevin Falzon & Eric Bodden

Authors
  1. Kevin Falzon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eric Bodden
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kevin Falzon .

Editor information

Editors and Affiliations

  1. University of Malaga, Malaga, Spain

    Javier Lopez

  2. Royal Holloway University of London, Egham, United Kingdom

    Chris J. Mitchell

A Appendix: Migration Frequency and Performance

A Appendix: Migration Frequency and Performance

Table 3. Effect of migration frequency on performance when running at capacity.
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Falzon, K., Bodden, E. (2015). Dynamically Provisioning Isolation in Hierarchical Architectures. In: Lopez, J., Mitchell, C. (eds) Information Security. ISC 2015. Lecture Notes in Computer Science(), vol 9290. Springer, Cham. https://doi.org/10.1007/978-3-319-23318-5_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-23318-5_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-23317-8

  • Online ISBN: 978-3-319-23318-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation