Skip to main content
SpringerLink
Log in
Book cover

International Conference on Principles of Security and Trust

POST 2016: Principles of Security and Trust pp 116–138Cite as

Towards a Comprehensive Model of Isolation for Mitigating Illicit Channels

  • Conference paper

  • 672 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9635))

Abstract

The increased sharing of computational resources elevates the risk of side channels and covert channels, where an entity’s security is affected by the entities with which it is co-located. This introduces a strong demand for mechanisms that can effectively isolate individual computations. Such mechanisms should be efficient, allowing resource utilisation to be maximised despite isolation.

In this work, we develop a model for uniformly describing isolation, co-location and containment relationships between entities at multiple levels of a computer’s architecture and at different granularities. In particular, we examine the formulation of constraints on co-location and placement using partial specifications, as well as the cost of maintaining isolation guarantees on dynamic systems. We apply the model to a number of established attacks and mitigations.

This work was supported by the German Federal Ministry of Education and Research (BMBF) within EC SPRIDE. At the time this research was conducted, Eric Bodden was at Fraunhofer SIT and Technische Universität Darmstadt.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Introspection [19] can be used to characterise sub-confinements of a \(\mathbf {VM}\).

  2. 2.

    Disabling hyperthreading was once common amongst cloud providers [33], although Amazon EC2 has recently foregone this practice [5].

References

  1. CRIU project page, January 2016. http://criu.org/Main_Page

  2. Libvirt project page, January 2016. http://libvirt.org/

  3. Adams, K., Agesen, O.: A comparison of software and hardware techniques for x86 virtualization. In: Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 2–13. ASPLOS XII. ACM, New York (2006). http://doi.acm.org/10.1145/1168857.1168860

  4. Afoulki, Z., Rouzaud-Cornabas, J.: A security-aware scheduler for virtual machines on IaaS clouds. Technical report LIFO, ENSI de Bourges (2011)

    Google Scholar 

  5. Amazon: Amazon EC2 instances, April 2015. https://aws.amazon.com/ec2/instance-types/

  6. Azar, Y., Kamara, S., Menache, I., Raykova, M., Shepard, B.: Co-location-resistant clouds. In: Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security, pp. 9–20. CCSW 2014. ACM, New York (2014). http://doi.acm.org/10.1145/2664168.2664179

  7. Backes, M., Kopf, B., Rybalchenko, A.: Automatic discovery and quantification of information leaks. In: Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, SP 2009, pp. 141–153. IEEE Computer Society, Washington, DC (2009). http://dx.doi.org/10.1109/SP.2009.18

  8. Barbanera, F., Bugliesi, M., Dezani-Ciancaglini, M., Sassone, V.: A calculus of bounded capacities. In: Saraswat, V.A. (ed.) ASIAN 2003. LNCS, vol. 2896, pp. 205–223. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  9. Baumann, A., Peinado, M., Hunt, G.: Shielding applications from an untrusted cloud with haven. In: 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2014), pp. 267–283. USENIX Association, Broomfield, October 2014. https://www.usenix.org/conference/osdi14/technical-sessions/presentation/baumann

  10. Bijon, K.Z., Krishnan, R., Sandhu, R.: A formal model for isolation management in cloud infrastructure-as-a-service. In: Au, M.H., Carminati, B., Kuo, C.-C.J. (eds.) NSS 2014. LNCS, vol. 8792, pp. 41–53. Springer, Heidelberg (2014)

    Google Scholar 

  11. Bleikertz, S., Groß, T., Mödersheim, S.: Automated verification of virtualized infrastructures. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, CCSW 2011, pp. 47–58. ACM, New York (2011). http://doi.acm.org/10.1145/2046660.2046672

  12. Bleikertz, S., Groß, T., Mödersheim, S.: Modeling and analysis of dynamic infrastructure clouds. Technical report, IBM Zurich, December 2013

    Google Scholar 

  13. Bleikertz, S., Vogel, C., Groß, T.: Cloud radar: near real-time detection of security failures in dynamic virtualized infrastructures. In: Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC 2014, pp. 26–35. ACM, New York (2014). http://doi.acm.org/10.1145/2664243.2664274

  14. Bleikertz, S., Gro, T.: A virtualization assurance language for isolation and deployment. In: POLICY, pp. 33–40. IEEE Computer Society (2011). http://dblp.uni-trier.de/db/conf/policy/policy2011.html#BleikertzG11

  15. Braghin, C., Cortesi, A., Focardi, R.: Security boundaries in mobile ambients. Comput. Lang. Syst. Struct. 28(1), 101–127 (2002). Computer Languages and Security. http://www.sciencedirect.com/science/article/pii/S0096055102000097

    MATH  Google Scholar 

  16. Broquedis, F., Clet-Ortega, J., Moreaud, S., Furmento, N., Goglin, B., Mercier,G., Thibault, S., Namyst, R.: hwloc: a generic framework for managing hardware affinities in HPC applications. In: The 18th Euromicro International Conference on Parallel, Distributed and Network-Based Computing, PDP 2010. IEEE, Pisa, February 2010. https://hal.inria.fr/inria-00429889

  17. Cardelli, L., Gordon, A.D.: Mobile ambients. In: Proceedings of POPL 1998. ACM Press (1998)

    Google Scholar 

  18. Caron, E., Rouzaud-Cornabas, J.: Improving users’ isolation in IaaS: virtual machine placement with security constraints. Research report RR-8444, INRIA, January 2014. https://hal.inria.fr/hal-00924296

  19. Dolan-Gavitt, B., Leek, T., Hodosh, J., Lee, W.: Tappan zee (north) bridge: mining memory accesses for introspection. In: ACM CCS 2013, pp. 839–850. ACM, New York (2013). http://doi.acm.org/10.1145/2508859.2516697

  20. Doychev, G., Feld, D., Köpf, B., Mauborgne, L., Reineke, J.: Cacheaudit: A tool for the static analysis of cache side channels. In: Proceedings of the 22nd USENIX Conference on Security, SEC 2013, pp. 431–446. USENIX Association, Berkeley (2013). http://dl.acm.org/citation.cfm?id=2534766.2534804

  21. Falzon, K., Bodden, E.: Dynamically provisioning isolation in hierarchical architectures. In: López, J., Mitchell, C.J. (eds.) ISC 2015. LNCS, vol. 9290, pp. 83–101. Springer, Heidelberg (2015). http://dx.doi.org/10.1007/978-3-319-23318-5_5

    Chapter  Google Scholar 

  22. Gao, X., Xiao, B., Tao, D., Li, X.: A survey of graph edit distance. Pattern Anal. Appl. 13(1), 113–129 (2010). http://dx.doi.org/10.1007/s10044-008-0141-y

    Article  MathSciNet  Google Scholar 

  23. Gueron, S.: Intel advanced encryption standard (aes) new instructions set, May 2010. http://www.intel.com/content/dam/doc/white-paper/advanced-encryption-standard-new-instructions-set-paper.pdf

  24. Hu, W.M.: Reducing timing channels with fuzzy time. In: Proceedings, 1991 IEEE Computer Society Symposium on Research in Security and Privacy, 1991, pp. 8–20, May 1991

    Google Scholar 

  25. Jarraya, Y., Eghtesadi, A., Debbabi, M., Zhang, Y., Pourzandi, M.: Cloud calculus: security verification in elastic cloud computing platform. In: Smari, W.W., Fox, G.C. (eds.) CTS, pp. 447–454. IEEE (2012). http://dblp.uni-trier.de/db/conf/cts/cts2012.html#JarrayaEDZP12

  26. Kim, T., Peinado, M., Mainar-Ruiz, G.: Stealthmem: system-level protection against cache-based side channel attacks in the cloud. In: 21st USENIX Conference on Security Symposium. Security 2012. USENIX Association, Berkeley (2012). http://dl.acm.org/citation.cfm?id=2362793.2362804

  27. Li, P., Gao, D., Reiter, M.: Mitigating access-driven timing channels in clouds using stopwatch. In: 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 1–12, June 2013

    Google Scholar 

  28. Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006). http://dx.doi.org/10.1007/11605805_1

    Chapter  Google Scholar 

  29. Priebe, C., Muthukumaran, D., O’Keeffe, D., Eyers, D., Shand, B., Kapitza, R., Pietzuch, P.: Cloudsafetynet: detecting data leakage between cloud tenants. In: ACM Cloud Computing Security Workshop (CCSW). ACM, Scottsdale, November 2014

    Google Scholar 

  30. Raj, H., Nathuji, R., Singh, A., England, P.: Resource management for isolation enhanced cloud services. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, pp. 77–84. ACM, New York (2009). http://doi.acm.org/10.1145/1655008.1655019

  31. Varadarajan, V., Kooburat, T., Farley, B., Ristenpart, T., Swift, M.M.: Resource-freeing attacks: improve your cloud performance (at your neighbor’s expense). In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 281–292. ACM, New York (2012). http://doi.acm.org/10.1145/2382196.2382228

  32. Varadarajan, V., Ristenpart, T., Swift, M.: Scheduler-based defenses against cross-vm side-channels. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 687–702. USENIX Association, San Diego, August 2014. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/varadarajan

  33. Wu, Z., Xu, Z., Wang, H.: Whispers in the hyper-space: high-speed covert channel attacks in the cloud. In: 21st USENIX Conference on Security Symposium, Security 2012, pp. 159–173. USENIX Association, Berkeley (2012). http://dl.acm.org/citation.cfm?id=2362793.2362802

  34. Zhang, Y., Juels, A., Oprea, A., Reiter, M.K.: Homealone: Co-residency detection in the cloud via side-channel analysis. In: IEEE S&P 2011, pp. 313–328. IEEE Computer Society, Washington, DC (2011). http://dx.doi.org/10.1109/SP.2011.31

  35. Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-vm side channels and their use to extract private keys. In: ACM CCS 2012, pp. 305–316. ACM, New York (2012). http://doi.acm.org/10.1145/2382196.2382230

  36. Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-tenant side-channel attacks in paas clouds. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 990–1003. ACM, New York (2014). http://doi.acm.org/10.1145/2660267.2660356

  37. Zhang, Y., Reiter, M.K.: Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud. In: ACM CCS 2013, pp. 827–838. ACM, New York (2013). http://doi.acm.org/10.1145/2508859.2516741

Download references

Author information

Authors and Affiliations

  1. Technische Universität Darmstadt, Darmstadt, Germany

    Kevin Falzon

  2. Universität Paderborn and Fraunhofer IEM, Paderborn, Germany

    Eric Bodden

Authors
  1. Kevin Falzon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eric Bodden
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kevin Falzon .

Editor information

Editors and Affiliations

  1. KU Leuven, Leuven, Belgium

    Frank Piessens

  2. King’s College London, London, UK

    Luca Viganò

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Falzon, K., Bodden, E. (2016). Towards a Comprehensive Model of Isolation for Mitigating Illicit Channels. In: Piessens, F., Viganò, L. (eds) Principles of Security and Trust. POST 2016. Lecture Notes in Computer Science(), vol 9635. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-49635-0_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-49635-0_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-49634-3

  • Online ISBN: 978-3-662-49635-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation