Abstract
The increased sharing of computational resources elevates the risk of side channels and covert channels, where an entity’s security is affected by the entities with which it is co-located. This introduces a strong demand for mechanisms that can effectively isolate individual computations. Such mechanisms should be efficient, allowing resource utilisation to be maximised despite isolation.
In this work, we develop a model for uniformly describing isolation, co-location and containment relationships between entities at multiple levels of a computer’s architecture and at different granularities. In particular, we examine the formulation of constraints on co-location and placement using partial specifications, as well as the cost of maintaining isolation guarantees on dynamic systems. We apply the model to a number of established attacks and mitigations.
This work was supported by the German Federal Ministry of Education and Research (BMBF) within EC SPRIDE. At the time this research was conducted, Eric Bodden was at Fraunhofer SIT and Technische Universität Darmstadt.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
CRIU project page, January 2016. http://criu.org/Main_Page
Libvirt project page, January 2016. http://libvirt.org/
Adams, K., Agesen, O.: A comparison of software and hardware techniques for x86 virtualization. In: Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 2–13. ASPLOS XII. ACM, New York (2006). http://doi.acm.org/10.1145/1168857.1168860
Afoulki, Z., Rouzaud-Cornabas, J.: A security-aware scheduler for virtual machines on IaaS clouds. Technical report LIFO, ENSI de Bourges (2011)
Amazon: Amazon EC2 instances, April 2015. https://aws.amazon.com/ec2/instance-types/
Azar, Y., Kamara, S., Menache, I., Raykova, M., Shepard, B.: Co-location-resistant clouds. In: Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security, pp. 9–20. CCSW 2014. ACM, New York (2014). http://doi.acm.org/10.1145/2664168.2664179
Backes, M., Kopf, B., Rybalchenko, A.: Automatic discovery and quantification of information leaks. In: Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, SP 2009, pp. 141–153. IEEE Computer Society, Washington, DC (2009). http://dx.doi.org/10.1109/SP.2009.18
Barbanera, F., Bugliesi, M., Dezani-Ciancaglini, M., Sassone, V.: A calculus of bounded capacities. In: Saraswat, V.A. (ed.) ASIAN 2003. LNCS, vol. 2896, pp. 205–223. Springer, Heidelberg (2003)
Baumann, A., Peinado, M., Hunt, G.: Shielding applications from an untrusted cloud with haven. In: 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2014), pp. 267–283. USENIX Association, Broomfield, October 2014. https://www.usenix.org/conference/osdi14/technical-sessions/presentation/baumann
Bijon, K.Z., Krishnan, R., Sandhu, R.: A formal model for isolation management in cloud infrastructure-as-a-service. In: Au, M.H., Carminati, B., Kuo, C.-C.J. (eds.) NSS 2014. LNCS, vol. 8792, pp. 41–53. Springer, Heidelberg (2014)
Bleikertz, S., Groß, T., Mödersheim, S.: Automated verification of virtualized infrastructures. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, CCSW 2011, pp. 47–58. ACM, New York (2011). http://doi.acm.org/10.1145/2046660.2046672
Bleikertz, S., Groß, T., Mödersheim, S.: Modeling and analysis of dynamic infrastructure clouds. Technical report, IBM Zurich, December 2013
Bleikertz, S., Vogel, C., Groß, T.: Cloud radar: near real-time detection of security failures in dynamic virtualized infrastructures. In: Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC 2014, pp. 26–35. ACM, New York (2014). http://doi.acm.org/10.1145/2664243.2664274
Bleikertz, S., Gro, T.: A virtualization assurance language for isolation and deployment. In: POLICY, pp. 33–40. IEEE Computer Society (2011). http://dblp.uni-trier.de/db/conf/policy/policy2011.html#BleikertzG11
Braghin, C., Cortesi, A., Focardi, R.: Security boundaries in mobile ambients. Comput. Lang. Syst. Struct. 28(1), 101–127 (2002). Computer Languages and Security. http://www.sciencedirect.com/science/article/pii/S0096055102000097
Broquedis, F., Clet-Ortega, J., Moreaud, S., Furmento, N., Goglin, B., Mercier,G., Thibault, S., Namyst, R.: hwloc: a generic framework for managing hardware affinities in HPC applications. In: The 18th Euromicro International Conference on Parallel, Distributed and Network-Based Computing, PDP 2010. IEEE, Pisa, February 2010. https://hal.inria.fr/inria-00429889
Cardelli, L., Gordon, A.D.: Mobile ambients. In: Proceedings of POPL 1998. ACM Press (1998)
Caron, E., Rouzaud-Cornabas, J.: Improving users’ isolation in IaaS: virtual machine placement with security constraints. Research report RR-8444, INRIA, January 2014. https://hal.inria.fr/hal-00924296
Dolan-Gavitt, B., Leek, T., Hodosh, J., Lee, W.: Tappan zee (north) bridge: mining memory accesses for introspection. In: ACM CCS 2013, pp. 839–850. ACM, New York (2013). http://doi.acm.org/10.1145/2508859.2516697
Doychev, G., Feld, D., Köpf, B., Mauborgne, L., Reineke, J.: Cacheaudit: A tool for the static analysis of cache side channels. In: Proceedings of the 22nd USENIX Conference on Security, SEC 2013, pp. 431–446. USENIX Association, Berkeley (2013). http://dl.acm.org/citation.cfm?id=2534766.2534804
Falzon, K., Bodden, E.: Dynamically provisioning isolation in hierarchical architectures. In: López, J., Mitchell, C.J. (eds.) ISC 2015. LNCS, vol. 9290, pp. 83–101. Springer, Heidelberg (2015). http://dx.doi.org/10.1007/978-3-319-23318-5_5
Gao, X., Xiao, B., Tao, D., Li, X.: A survey of graph edit distance. Pattern Anal. Appl. 13(1), 113–129 (2010). http://dx.doi.org/10.1007/s10044-008-0141-y
Gueron, S.: Intel advanced encryption standard (aes) new instructions set, May 2010. http://www.intel.com/content/dam/doc/white-paper/advanced-encryption-standard-new-instructions-set-paper.pdf
Hu, W.M.: Reducing timing channels with fuzzy time. In: Proceedings, 1991 IEEE Computer Society Symposium on Research in Security and Privacy, 1991, pp. 8–20, May 1991
Jarraya, Y., Eghtesadi, A., Debbabi, M., Zhang, Y., Pourzandi, M.: Cloud calculus: security verification in elastic cloud computing platform. In: Smari, W.W., Fox, G.C. (eds.) CTS, pp. 447–454. IEEE (2012). http://dblp.uni-trier.de/db/conf/cts/cts2012.html#JarrayaEDZP12
Kim, T., Peinado, M., Mainar-Ruiz, G.: Stealthmem: system-level protection against cache-based side channel attacks in the cloud. In: 21st USENIX Conference on Security Symposium. Security 2012. USENIX Association, Berkeley (2012). http://dl.acm.org/citation.cfm?id=2362793.2362804
Li, P., Gao, D., Reiter, M.: Mitigating access-driven timing channels in clouds using stopwatch. In: 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 1–12, June 2013
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006). http://dx.doi.org/10.1007/11605805_1
Priebe, C., Muthukumaran, D., O’Keeffe, D., Eyers, D., Shand, B., Kapitza, R., Pietzuch, P.: Cloudsafetynet: detecting data leakage between cloud tenants. In: ACM Cloud Computing Security Workshop (CCSW). ACM, Scottsdale, November 2014
Raj, H., Nathuji, R., Singh, A., England, P.: Resource management for isolation enhanced cloud services. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, pp. 77–84. ACM, New York (2009). http://doi.acm.org/10.1145/1655008.1655019
Varadarajan, V., Kooburat, T., Farley, B., Ristenpart, T., Swift, M.M.: Resource-freeing attacks: improve your cloud performance (at your neighbor’s expense). In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 281–292. ACM, New York (2012). http://doi.acm.org/10.1145/2382196.2382228
Varadarajan, V., Ristenpart, T., Swift, M.: Scheduler-based defenses against cross-vm side-channels. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 687–702. USENIX Association, San Diego, August 2014. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/varadarajan
Wu, Z., Xu, Z., Wang, H.: Whispers in the hyper-space: high-speed covert channel attacks in the cloud. In: 21st USENIX Conference on Security Symposium, Security 2012, pp. 159–173. USENIX Association, Berkeley (2012). http://dl.acm.org/citation.cfm?id=2362793.2362802
Zhang, Y., Juels, A., Oprea, A., Reiter, M.K.: Homealone: Co-residency detection in the cloud via side-channel analysis. In: IEEE S&P 2011, pp. 313–328. IEEE Computer Society, Washington, DC (2011). http://dx.doi.org/10.1109/SP.2011.31
Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-vm side channels and their use to extract private keys. In: ACM CCS 2012, pp. 305–316. ACM, New York (2012). http://doi.acm.org/10.1145/2382196.2382230
Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-tenant side-channel attacks in paas clouds. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 990–1003. ACM, New York (2014). http://doi.acm.org/10.1145/2660267.2660356
Zhang, Y., Reiter, M.K.: Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud. In: ACM CCS 2013, pp. 827–838. ACM, New York (2013). http://doi.acm.org/10.1145/2508859.2516741
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Falzon, K., Bodden, E. (2016). Towards a Comprehensive Model of Isolation for Mitigating Illicit Channels. In: Piessens, F., Viganò, L. (eds) Principles of Security and Trust. POST 2016. Lecture Notes in Computer Science(), vol 9635. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-49635-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-662-49635-0_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-49634-3
Online ISBN: 978-3-662-49635-0
eBook Packages: Computer ScienceComputer Science (R0)