nomad mitigating arbitrary cloud side channels via
play

Nomad : Mitigating Arbitrary Cloud Side Channels via - PowerPoint PPT Presentation

Jan 08, 2024 •188 likes •919 views

Nomad : Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar Michael K. Reiter Context: Infrastructure-as-a-Service Clouds Client API Cloud Controller VM VM Machine VM VM VM Machine Machine

  1. Nomad : Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar Michael K. Reiter

  2. Context: Infrastructure-as-a-Service Clouds Client API Cloud Controller VM VM Machine VM VM VM Machine Machine

  3. Information Leakage via Co-Residency Co-Residency Cloud Controller VM VM Machine

  4. Information Leakage via Co-Residency Co-Residency Cloud Controller Shared resources VM VM Machine Shared Resources

  5. Information Leakage via Co-Residency Co-Residency Cloud Controller Shared resources Side Channels VM VM Machine Shared Resources

  6. Information Leakage via Co-Residency Co-Residency Cloud Controller Shared resources Side Channels VM VM Machine Information Leakage Shared Resources

  7. Limitations of Current Defenses 1. Requires significant/detailed upgrades OS OS e.g., Noise injection Hypervisor e.g., Deterministic execution Hardware e.g., New cache design 2. Attack-specific Proposed defense includes but not limited to: Y. Zhang et al., CCS2013; T. Kim et al., USENIXSec 2012; F. Liu and R. Lee, Micro 2014

  8. Limitations of Current Defenses 1. Requires significant/detailed upgrades OS OS e.g., Noise injection Hypervisor e.g., Deterministic execution Hardware e.g., New cache design 2. Attack-specific What about future side-channel attacks? Proposed defense includes but not limited to: Y. Zhang et al., CCS2013; T. Kim et al., USENIXSec 2012; F. Liu and R. Lee, Micro 2014

  9. Ideal Properties 1) General 2) Immediately deployable

  10. Ideal Properties 1) General 2) Immediately deployable Single-tenancy?

  11. Ideal Properties 1) General 2) Immediately deployable Single-tenancy?

  12. Nomad Ideas 1) General 2) Immediately deployable

  13. Nomad Ideas 1) General Tackle root-cause → Minimize co-residency 2) Immediately deployable

  14. Nomad Ideas 1) General Tackle root-cause → Minimize co-residency 2) Immediately deployable Migration

  15. Nomad Vision: Migration-as-a-Service Provider-assisted • Cloud Controller VM VM VM VM Machine Machine Machine

  16. Nomad Vision: Migration-as-a-Service Provider-assisted • Cloud Controller Move VMs {…} VM VM VM VM Machine Machine Machine

  17. Nomad Vision: Migration-as-a-Service Opt-in Service • Service offering Cloud Clients Provider Opt-in? Provider-assisted • Cloud Controller Move VMs {…} VM VM VM VM Machine Machine Machine

  18. Nomad Practical Challenges Logic Characterize information leakage due to co-residency Cloud Controller VM VM VM VM Machine Machine Machine

  19. Nomad Practical Challenges Scalable Design Logic e.g., can Amazon EC2 run this? Characterize information leakage due to co-residency Cloud Controller VM VM VM VM Machine Machine Machine

  20. Nomad Practical Challenges Scalable Design Logic e.g., can Amazon EC2 run this? Characterize information leakage due to co-residency Practical Impact (cloud) Minimal modifications? Cloud Controller VM VM VM VM Machine Machine Machine

  21. Nomad Practical Challenges Scalable Design Logic e.g., can Amazon EC2 run this? Characterize information leakage due to co-residency Practical Impact (cloud) Minimal modifications? Cloud Controller VM VM VM VM Machine Machine Machine Practical Impact (applications) 1) Advancement of VM migration techniques 2) Many cloud workloads with in-built resilience to migration

  22. Our Work 1. Idea General side-channel defense via migration

  23. Our Work 1. Idea 2. Logic Characterize information General side-channel leakage due to co-residency defense via migration

  24. Our Work 1. Idea 2. Logic Characterize information General side-channel leakage due to co-residency defense via migration 3. Scalable Design Scalable VM migration strategy that can handle large cloud deployments

  25. Our Work 1. Idea 2. Logic Characterize information General side-channel leakage due to co-residency defense via migration 3. Scalable Design Scalable VM migration strategy that can handle large cloud deployments 4. Practical Impact Practical OpenStack implementation with minimal modifications

  26. Our Work 1. Idea 2. Logic Characterize information General side-channel leakage due to co-residency defense via migration 3. Scalable Design Scalable VM migration strategy that can handle large cloud deployments 4. Practical Impact Practical OpenStack implementation with minimal modifications

  27. Threat Model Objective: Extract secrets via co-residency • Can use any kind of resource • Can launch/terminate VMs at will • VMs of a given client can collaborate

  28. Threat Model Objective: Extract secrets via co-residency • Can use any kind of resource • Can launch/terminate VMs at will • VMs of a given client can collaborate • Cannot control VM placement • No info. sharing across distinct clients

  29. Threat Model Objective: Extract secrets via co-residency • Can use any kind of resource • Can launch/terminate VMs at will • VMs of a given client can collaborate • Cannot control VM placement • No info. sharing across distinct clients ? Don’t know which other clients are malicious • Provider

  30. Information Leakage (InfoLeak) Model InfoLeak ? Clients

  31. Information Leakage (InfoLeak) Model InfoLeak ? Clients Replicated? (R or NR) R B2 B1 VM-level view

  32. Information Leakage (InfoLeak) Model InfoLeak ? Clients Replicated? (R or NR) R B2 B1 VM-level view NR B1 B2

  33. Information Leakage (InfoLeak) Model InfoLeak ? Clients Replicated? (R or NR) Collaborating? (C or NC) C R R1 R2 B2 B1 VM-level view NR B1 B2

  34. Information Leakage (InfoLeak) Model InfoLeak ? Clients Replicated? (R or NR) Collaborating? (C or NC) C R R1 R2 B2 B1 VM-level view NR NC R2 R1 B1 B2

  35. Information Leakage ( InfoLeak ) Model Replicated? NR R <NR,NC> <R,NC> NC Least InfoLeak Collaborating? Most InfoLeak C <NR,C> <R,C>

  36. Our Work 1. Idea 2. Logic Characterize information General side-channel leakage due to co-residency defense via migration 3. Scalable Design Scalable VM migration strategy that can handle large cloud deployments 4. Practical Impact Practical OpenStack implementation with minimal modifications

  37. System Overview Cloud Controller Move VMs {…} VM VM VM VM Machine Machine Machine

  38. System Overview Deployment model (e.g., <NR,NC>) Cloud Clients Provider Opt-in? Cloud Controller Move VMs {…} VM VM VM VM Machine Machine Machine

  39. Operational Timeline 1 epoch = D time units Time (epoch) Sliding Window of ∆ epochs Run placement algorithm every epoch

  40. Operational Timeline 1 epoch = D time units Time (epoch) Sliding Window of ∆ epochs Run placement algorithm every epoch Side-channel Parameters: • K: Information leakage rate (i.e., bits per time unit) • P: secret length (i.e., bits)

  41. Operational Timeline 1 epoch = D time units Time (epoch) Sliding Window of ∆ epochs Run placement algorithm every epoch Extracted secret (bits) if two VMs are co-resident for ∆ epochs Provider chooses D and ∆ to AT LEAST satisfy: D * ∆ * K < P

  42. Placement Algorithm Deployment Client Model Recent VM Workloads & (e.g.,<NR,NC>) Placements Constraints Placement Algorithm VM Placement

  43. � Placement Algorithm Deployment Client Model Recent VM Workloads & (e.g.,<NR,NC>) Placements Constraints Goal (per epoch): Minimize a global sum of a client- pair InfoLeak across past ∆ epochs Placement i.e., Algorithm ! 𝐽𝑜𝑔𝑝𝑀𝑓𝑏𝑙 * →* - ([𝑢 − ∆, 𝑢]) *,*7 subject to a fixed migration budget VM Placement

  44. � Placement Algorithm Deployment Client F (Deployment Model) Model Recent VM Workloads & (e.g.,<NR,NC>) Placements Constraints Goal (per epoch): Minimize a global sum of a client- pair InfoLeak across past ∆ epochs Placement i.e., Algorithm ! 𝐽𝑜𝑔𝑝𝑀𝑓𝑏𝑙 * →* - ([𝑢 − ∆, 𝑢]) *,*7 subject to a fixed migration budget VM Placement

  45. � Placement Algorithm Deployment Client F (Deployment Model) Model Recent VM Workloads & (e.g.,<NR,NC>) Placements Constraints Goal (per epoch): Minimize a global sum of a client- pair InfoLeak across past ∆ epochs Placement i.e., Algorithm ! 𝐽𝑜𝑔𝑝𝑀𝑓𝑏𝑙 * →* - ([𝑢 − ∆, 𝑢]) *,*7 subject to a fixed migration budget VM Placement F (Network Capacity)

  46. Challenge: Scalability Inputs Should handle tens of thousands of servers Placement Algorithm VM Placement

  47. Challenge: Scalability Inputs Should handle tens of thousands of servers ILP (Integer Linear Programming) • Placement Algorithm For 40 machines, D > 1 day VM Placement

  48. Challenge: Scalability Inputs Should handle tens of thousands of servers ILP (Integer Linear Programming) • Placement Algorithm For 40 machines, D > 1 day VM Placement

  49. Challenge: Scalability Inputs Should handle tens of thousands of servers ILP (Integer Linear Programming) • Placement Algorithm For 40 machines, D > 1 day Basic Greedy • For 400 machines, D > 1 day VM Placement

Recommend

Nomad : Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon,

Nomad : Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon,

Nomad : Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar Michael K. Reiter Co-residency side-channel attacks in clouds Stealing secrets (e.g., keys) VM VM VM Machine Machine Many

1.03k views • 69 slides
Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab

Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab

Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab Assignment Handout on course website Each (regular) student will receive an email Solo or 2-person group Individual GitHub repo

978 views • 42 slides
Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab

Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab

Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab Assignment Handout on course website Each (regular) student will receive an email Solo or 2-person group Individual GitHub repo

1.24k views • 102 slides
Side Channels and Covert Channels Daniel Bosk Department of Information and Communication Systems

Side Channels and Covert Channels Daniel Bosk Department of Information and Communication Systems

Side Channels Covert Channels References Side Channels and Covert Channels Daniel Bosk Department of Information and Communication Systems (ICS), Mid Sweden University, Sundsvall. 1st May 2017 Daniel Bosk MIUN ICS Side Channels and Covert

689 views • 32 slides
Screaming Ch Channels When Electromagnetic Side Channels Meet Radio Transceivers Giovanni

Screaming Ch Channels When Electromagnetic Side Channels Meet Radio Transceivers Giovanni

Screaming Ch Channels When Electromagnetic Side Channels Meet Radio Transceivers Giovanni Camurati, Sebastian Poeplau, Marius Muench, Tom Hayes, Aurlien Francillon Whats this all about? - A nov novel attack ex exploiting g EM side

886 views • 77 slides
Exploiting Out-of-Order-Execution Processor Side Channels to Enable Cross VM Code Execution Sophia

Exploiting Out-of-Order-Execution Processor Side Channels to Enable Cross VM Code Execution Sophia

Exploiting Out-of-Order-Execution Processor Side Channels to Enable Cross VM Code Execution Sophia DAntoine REcon 2015 The Cloud 06/19/2015 Exploiting Out-of-Order-Execution 2/46 Cloud Computing (IaaS) Virtual instances Hypervisors

491 views • 46 slides
NOMAD 70m Oceanfast AVAILABLE FOR CHARTER 2019 1 NOMAD 70m Oceanfast Main Salon 2 NOMAD

NOMAD 70m Oceanfast AVAILABLE FOR CHARTER 2019 1 NOMAD 70m Oceanfast Main Salon 2 NOMAD

NOMAD 70m Oceanfast AVAILABLE FOR CHARTER 2019 1 NOMAD 70m Oceanfast Main Salon 2 NOMAD 70m Oceanfast Main Salon NOMAD 70m Oceanfast Hall NOMAD 70m Oceanfast Formal Dining NOMAD 70m Oceanfast Owners suite NOMAD 70m Oceanfast

360 views • 19 slides
Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy US DoD 1985 Basically a

1.04k views • 67 slides
FUCHSIA: Data-Driven Debugging for Functional Side Channels Saeid Tizpaz-Niari* , Pavol Cerny,

FUCHSIA: Data-Driven Debugging for Functional Side Channels Saeid Tizpaz-Niari* , Pavol Cerny,

FUCHSIA: Data-Driven Debugging for Functional Side Channels Saeid Tizpaz-Niari* , Pavol Cerny, Ashutosh Trivedi *University of Colorado Boulder Functional Case Motivation Side Channels Studies Functional Case Motivation Side Channels

366 views • 24 slides
Side Channels CS 161: Computer Security Prof. David Wagner April 23, 2013 UI Side Channel

Side Channels CS 161: Computer Security Prof. David Wagner April 23, 2013 UI Side Channel

Side Channels CS 161: Computer Security Prof. David Wagner April 23, 2013 UI Side Channel Snooping Scenario: Ann the Attacker works in a building across the street from Victor the Victim. Late one night Ann can see Victor hard at work in

727 views • 44 slides
How to become a Successful Digital Nomad JohnnyFD.com 2 Successful Digital Nomad = Making

How to become a Successful Digital Nomad JohnnyFD.com 2 Successful Digital Nomad = Making

How to become a Successful Digital Nomad JohnnyFD.com 2 Successful Digital Nomad = Making enough money location independently to have the time and freedom to travel and work when and where you choose. 3 Actually Living the 4-hour

1.41k views • 27 slides
CSE 127: I ntroduction to Security Lecture 16: Side Channels and Constant-Time Code Nadia

CSE 127: I ntroduction to Security Lecture 16: Side Channels and Constant-Time Code Nadia

CSE 127: I ntroduction to Security Lecture 16: Side Channels and Constant-Time Code Nadia Heninger and Deian Stefan UCSD Fall 2019 Some material from Dan Boneh, Stefan Savage Reminder: Side-channel attacks You saw before how timing

1.37k views • 81 slides
Protecting Your Blind Side: A Lessons Learned Guide to Mitigating Contract Risk October 17, 2018

Protecting Your Blind Side: A Lessons Learned Guide to Mitigating Contract Risk October 17, 2018

Prepared by WilmerHale for: Protecting Your Blind Side: A Lessons Learned Guide to Mitigating Contract Risk October 17, 2018 PRESENTED BY: ANDREW E. SHIPLEY MELISSA COX PARTNER CORPORATE COUNSEL, LITIGATION Wilmer Cutler Pickering Hale and

465 views • 34 slides
Loose Ends: Side Channels, Government Surveillance &amp; Targeted

Loose Ends: Side Channels, Government Surveillance &amp; Targeted

CSE 484 / CSE M 584: Computer Security and Privacy Loose Ends: Side Channels, Government Surveillance &amp; Targeted Attacks Spring 2015 Franziska

622 views • 27 slides
Outline Side and covert channels Transient execution CSci 5271 Introduction to Computer

Outline Side and covert channels Transient execution CSci 5271 Introduction to Computer

Outline Side and covert channels Transient execution CSci 5271 Introduction to Computer Security Transient execution and kernel isolation: Meltdown Day 11: Side Channels and Transient Execution Stephen McCamant Transient execution and kernel

496 views • 4 slides
Off-Path Round Trip Time Measurement via TCP/IP Side Channels Geoffrey Alexander and Jedidiah R.

Off-Path Round Trip Time Measurement via TCP/IP Side Channels Geoffrey Alexander and Jedidiah R.

Off-Path Round Trip Time Measurement via TCP/IP Side Channels Geoffrey Alexander and Jedidiah R. Crandall University of New Mexico, USA How do you measure something? Interact directly T ake samples Multiple tests 2 Problem How

534 views • 26 slides
System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus

System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus

System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus Peinado, Gloria Mainar-Ruiz MIT CSAIL Microsoft Research Security is a big concern in cloud adoption Why are cache-based side channel

588 views • 38 slides
Isolation and side-channels Nadia Heninger and Deian Stefan Some slides adopted from John

Isolation and side-channels Nadia Heninger and Deian Stefan Some slides adopted from John

CSE 127: Computer Security Isolation and side-channels Nadia Heninger and Deian Stefan Some slides adopted from John Mitchell, Dan Boneh, and Stefan Savage Today Lecture objectives: Understand basic principles for building secure systems

1.08k views • 78 slides
Transient Side Channels Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher

Transient Side Channels Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher

Transient Side Channels Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher Reminder 1 st paper review due midnight on 09/27 (before the next lecture) You will receive an invitation from HotCRP

1.46k views • 78 slides
Transient Side Channels Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher

Transient Side Channels Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher

Transient Side Channels Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher Reminder 1 st paper review due midnight on 09/27 (before the next lecture) You will receive an invitation from HotCRP

561 views • 27 slides
Web Tracking (Continued) Side Channels Autumn 2018 Tadayoshi (Yoshi) Kohno

Web Tracking (Continued) Side Channels Autumn 2018 Tadayoshi (Yoshi) Kohno

CSE 484 / CSE M 584: Computer Security and Privacy Web Tracking (Continued) Side Channels Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.Washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli, John

737 views • 40 slides
Cache attacks: From side channels to fault attacks Clmentine Maurice CNRS, Rennes, France

Cache attacks: From side channels to fault attacks Clmentine Maurice CNRS, Rennes, France

Cache attacks: From side channels to fault attacks Clmentine Maurice CNRS, Rennes, France November 16, 2017 Cryptacus Workshop, Nijmegen, Netherlands the attacker only needs unprivileged execution on the victims machine

1.99k views • 164 slides
Cross-VM Side Channels and Their Use to Extract Private Keys Yinqian Zhang (UNC-Chapel Hill) Ari

Cross-VM Side Channels and Their Use to Extract Private Keys Yinqian Zhang (UNC-Chapel Hill) Ari

Cross-VM Side Channels and Their Use to Extract Private Keys Yinqian Zhang (UNC-Chapel Hill) Ari Juels (RSA Labs) Michael K. Reiter (UNC-Chapel Hill) Thomas Ristenpart (U Wisconsin-Madison) Motivation Security Isolation by Virtualization VM

775 views • 40 slides
From bottom to top: Exploiting hardware side channels in web browsers Cl ementine Maurice,

From bottom to top: Exploiting hardware side channels in web browsers Cl ementine Maurice,

From bottom to top: Exploiting hardware side channels in web browsers Cl ementine Maurice, Graz University of Technology July 4, 2017RMLL, Saint- Etienne, France Rennes Graz Cl ementine Maurice now postdoc at TU Graz, Austria PhD

2.37k views • 178 slides

More recommend