Abstract
Physical isolation provides tenants in a cloud with strong security guarantees, yet dedicating entire machines to tenants would go against cloud computing’s tenet of consolidation. A fine-grained isolation model allowing tenants to request fractions of dedicated hardware can provide similar guarantees at a lower cost.
In this work, we investigate the dynamic provisioning of isolation at various levels of a system’s architecture, primarily at the core, cache, and machine level, as well as their virtualised equivalents. We evaluate recent technological developments, including post-copy VM migration and OS containers, and show how they assist in improving reconfiguration times and utilisation. We incorporate these concepts into a unified framework, dubbed SafeHaven, and apply it to two case studies, showing its efficacy both in a reactive, as well as an anticipatory role. Specifically, we describe its use in detecting and foiling a system-wide covert channel in a matter of seconds, and in implementing a multi-level moving target defence policy.
This work was supported by the BMBF within EC SPRIDE, by the Hessian LOEWE excellence initiative within CASED, and by the DFG Collaborative Research Center CROSSING.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
CRIU project page, April 2015. http://criu.org/Main_Page
KVM project page, April 2015. http://www.linux-kvm.org/
Libvirt project page, April 2015. http://www.libvirt.org/
Aciiçmez, O., Koç, c.K., Seifert, J.P.: On the power of simple branch prediction analysis. In: ASIACCS 2007, pp. 312–320. ACM, New York (2007)
Agat, J.: Transforming out timing leaks. In: Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2000, pp. 40–53. ACM, New York (2000)
Askarov, A., Zhang, D., Myers, A.C.: Predictive black-box mitigation of timing channels. In: CCS 2010, pp. 297–307. ACM, New York (2010)
Azar, Y., Kamara, S., Menache, I., Raykova, M., Shepard, B.: Co-location-resistant clouds. In: CCSW 2014, pp. 9–20. ACM, New York (2014)
Bienia, C., Kumar, S., Singh, J.P., Li, K.: The parsec benchmark suite: characterization and architectural implications. In: Proceedings of the 17th International Conference on Parallel Architectures and Compilation Techniques, October 2008
Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 355–371. Springer, Heidelberg (2011)
Cabuk, S., Brodley, C.E., Shields, C.: IP covert timing channels: design and detection. In: CCS 2004. ACM, New York (2004)
Cardelli, L., Gordon, A.D.: Mobile ambients. In: POPL 1998. ACM Press (1998)
Caron, E., Desprez, F., Rouzaud-Cornabas, J.: Smart resource allocation to improve cloud security. In: Nepal, S., Pathan, M. (eds.) Security, Privacy and Trust in Cloud Systems. Springer, Heidelberg (2014)
Coppens, B., Verbauwhede, I., Bosschere, K.D., Sutter, B.D.: Practical mitigations for timing-based side-channel attacks on modern x86 processors. In: S&P 2009, pp. 45–60. IEEE Computer Society, Washington, DC (2009)
Dolan-Gavitt, B., Leek, T., Hodosh, J., Lee, W.: Tappan zee (north) bridge: mining memory accesses for introspection. In: CCS 2013. ACM, New York (2013)
Du, J., Sehrawat, N., Zwaenepoel, W.: Performance profiling in a virtualized environment. In: 2nd USENIX Workshop on Hot Topics in Cloud Computing (2010)
Ericsson AB: Erlang reference manual user’s guide, 6.2 edn., September 2014. http://www.erlang.org/doc/reference_manual/users_guide.html
Gorantla, S., Kadloor, S., Kiyavash, N., Coleman, T., Moskowitz, I., Kang, M.: Characterizing the efficacy of the NRL network pump in mitigating covert timing channels. IEEE Trans. Inf. Forensics Secur. 7(1), 64–75 (2012)
Gueron, S.: Intel advanced encryption standard (AES) new instructions set, May 2010. http://www.intel.com/content/dam/doc/white-paper/advanced-encryption-standard-new-instructions-set-paper.pdf
Hu, W.M.: Reducing timing channels with fuzzy time. In: S&P 1991, pp. 8–20. IEEE Computer Society, May 1991
Hu, W.M.: Lattice scheduling and covert channels. In: S&P 1992, p. 52. IEEE Computer Society, Washington, DC (1992)
Intel: system programming guide, Intel\(\textregistered \) 64 & IA-32 architectures software developers manual, vol. 3B. Intel, May 2011
Intel: instruction set reference, intel\(\textregistered \) 64 & IA-32 architectures software developers manual, vol. 2. Intel, January 2015
Keller, E., Szefer, J., Rexford, J., Lee, R.B.: Nohype: virtualized cloud infrastructure without the virtualization. In: 37th Annual International Symposium on Computer Architecture, ISCA 2010, pp. 350–361. ACM, New York (2010)
Kim, T., Peinado, M., Mainar-Ruiz, G.: Stealthmem: system-level protection against cache-based side channel attacks in the cloud. In: Security 2012. USENIX Association, Berkeley (2012)
Lampson, B.W.: A note on the confinement problem. CACM 16(10), 613–615 (1973)
Li, P., Gao, D., Reiter, M.: Mitigating access-driven timing channels in clouds using stopwatch. In: 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 1–12, June 2013
Linux: cpuset(7) - Linux manual page, August 2014. http://www.man7.org/linux/man-pages/man7/cpuset.7.html
Mdhaffar, A., Ben Halima, R., Jmaiel, M., Freisleben, B.: A dynamic complex event processing architecture for cloud monitoring and analysis. In: 2013 IEEE 5th International Conference on Cloud Computing Technology and Science, CloudCom, vol. 2, pp. 270–275, December 2013
Mucci, P.J., Browne, S., Deane, C., Ho, G.: Papi: a portable interface to hardware performance counters. In: Proceedings of the DoD HPCMP Users Group Conference (1999)
Okamura, K., Oyama, Y.: Load-based covert channels between Xen virtual machines. In: 2010 ACM Symposium on Applied Computing, SAC 2010, pp. 173–180. ACM, New York (2010)
OpenStack foundation: OpenStack documentation, February 2015. http://www.docs.openstack.org/
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: CCS 2009, pp. 199–212. ACM, New York (2009)
Sailer, R., Jaeger, T., Valdez, E., Cáceres, R., Perez, R., Berger, S., Linwood, J., Doorn, G.L.: Building a MAC-based security architecture for the Xen opensource hypervisor. In: 21st Annual Competition Section Applications Conference, ACSAC 2005 (2005)
Saltaformaggio, B., Xu, D., Zhang, X.: Busmonitor: a hypervisor-based solution for memory bus covert channels. In: EuroSec 2013. ACM (2013)
Silberschatz, A., Galvin, P.B., Gagne, G.: Operating System Concepts, Chap. 5, 7th edn, p. 161. Wiley Publishing, New York (2005)
Tycho: live migration of linux containers, October 2014. http://tycho.ws/blog/2014/09/container-migration.html
Varadarajan, V., Ristenpart, T., Swift, M.: Scheduler-based defenses against Cross-VM side-channels. In: Security 2014. USENIX Association, San Diego, August 2014
Wang, Z., Lee, R.B.: Covert and side channels due to processor architecture. In: 22nd Annual Computer Security Applications Conference, ACSAC 2006, pp. 473–482. IEEE Computer Society, Washington, DC (2006)
Wu, Z., Xu, Z., Wang, H.: Whispers in the hyper-space: high-speed covert channel attacks in the cloud. In: Security 2012. USENIX Association, Berkeley (2012)
Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., Schlichting, R.: An exploration of L2 cache covert channels in virtualized environments. In: CCSW 2011, pp. 29–40. ACM, New York (2011)
Yarom, Y., Falkner, K.E.: Flush+reload: a high resolution, low noise, L3 cache side-channel attack. IACR Crypt. ePrint Arch. 2013, 448 (2013)
Zhang, Y., Juels, A., Oprea, A., Reiter, M.K.: Homealone: co-residency detection in the cloud via side-channel analysis. In: S&P 2011, pp. 313–328. IEEE Computer Society, Washington, DC (2011)
Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-tenant side-channel attacks in paas clouds. In: CCS 2014, pp. 990–1003. ACM, New York (2014)
Zhang, Y., Reiter, M.K.: Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud. In: CCS 2013, pp. 827–838. ACM, New York (2013)
Yu, M., Zang, W., Zhang, Y., Li, M., Bai, K.: Incentive compatible moving target defense against VM-colocation attacks in clouds. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 388–399. Springer, Heidelberg (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Appendix: Migration Frequency and Performance
A Appendix: Migration Frequency and Performance
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Falzon, K., Bodden, E. (2015). Dynamically Provisioning Isolation in Hierarchical Architectures. In: Lopez, J., Mitchell, C. (eds) Information Security. ISC 2015. Lecture Notes in Computer Science(), vol 9290. Springer, Cham. https://doi.org/10.1007/978-3-319-23318-5_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-23318-5_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23317-8
Online ISBN: 978-3-319-23318-5
eBook Packages: Computer ScienceComputer Science (R0)