placement security of
play

Placement Security of New IaaS Cloud Providers SCSE01 Pan Yue - PowerPoint PPT Presentation

Mar 20, 2023 •539 likes •838 views

A Method for Evaluating Placement Security of New IaaS Cloud Providers SCSE01 Pan Yue Mentor: Dr. Ta Nguyen Binh Duong Overview Introduction to Problem Background research Experimental methodology Results and analysis Future development

  1. A Method for Evaluating Placement Security of New IaaS Cloud Providers SCSE01 Pan Yue Mentor: Dr. Ta Nguyen Binh Duong

  2. Overview Introduction to Problem Background research Experimental methodology Results and analysis Future development

  3. Introduction to Problem

  4. IaaS clouds -a popular model of cloud computing • Configurable computing resources shared over the internet • Hosts Virtual Machines (VM) on shared physical infrastructure (Multi-tenancy)

  5. Co-location Attacks - a security risk in IaaS Clouds data • Launched on victim VMs on the same physical host as attacker • Extract confidential data or degrade performance of victim

  6. Aims of research I. Examine an evaluation technique of IaaS cloud placement security (memory-bus locking) II. Explore how the findings can be applied to evaluate commercial IaaS cloud providers

  7. Background Research

  8. Co-location Attack Mechanism Victim VM Attacker VM Co-location Detection Request VM Attacker

  9. Co-location Detection • Covert side channel detection  create contention in shared hardware resources of host  cause observable performance degradation in victim Attacker Victim Intensive Normal Request request request delayed Shared hardware resource

  10. Co-location Detection • Memory bus locking  create contention in memory bus of host  observe degraded performance in accessing main memory Attacker Victim Continuous Access access to memory delayed main memory bus

  11. Evaluating Placement Security Susceptibility to co-location attacks indicates Susceptibility to co-location detection MAY test for memory bus locking

  12. Hypothesis Memory bus locking can achieve accurate co-location detection in both cooperative and uncooperative cases, and hence prove useful for evaluating placement security of IaaS cloud providers.

  13. Experimental Methodology

  14. Cooperative memory-bus locking • Lock and Probe model • two VMs set up on same local host • one locks memory-bus (attacker), one performs and measures affected task(victim)

  15. Cooperative experiment set-up memory shared bus hardware

  16. Locking: Implementation reference: github.com/jacnel/co-res

  17. Probing: Implementation reference: Varadarajan et al., 2017

  18. Uncooperative memory-bus locking • Lock and Probe model, revised • Attacker and victim VMs set up retained • Does not assume control over victim (cannot measure own performance) • A third VM (evaluator) on unknown host to measure victim’s performance

  19. Uncooperative experiment set-up • Victim: web server • Virtual host with public domain OR local host domain • Apache 2 • Evaluator • Accesses victim’s domain • Measures server performance • Apache Jmeter

  20. Experiment summary Attacker locks memory bus by executing Locking code cooperative uncooperative Victim performs task and Victim performs task and Evaluator measures own performance measures performance Observe performance degradation in victim to detect co-location

  21. Results and Analysis

  22. Cooperative experiment results Data collected as the number of CPU clock cycles required to execute one run of the probe program, taken for 100 runs

  23. Cooperative experiment results The average runtime with locking instance sees a 70% increase compared to without locking.  Performance degradation is apparent  Co-location successfully detected

  24. Conclusion for cooperative detection • Memory-bus locking can accurately detect co-location in the cooperative case • Hence, it can evaluate the placement security of IaaS clouds if a dedicated server can be purchased to ensure the co-location of lock and probe VMs

  25. Overall Conclusion Memory bus locking is an effective co-location detection technique in the cooperative case, which can be used for evaluating placement security in cloud providers under controlled conditions.

  26. Future Developments

  27. Future developments • Complete experiments for the uncooperative case • Apply memory-bus locking detection technique to commercial cloud providers

  28. Thank You

  29. Main References Varadarajan, V. (2015). A Placement Vulnerability Study in Multi-Tenant Public Clouds. USENIX. Delimitrou, C., & Kozyrakis, C. (2017). Bolt: I Know What You Did Last Summer...In the Cloud. ACM SIGOPS Operating Systems Review,51(2), 599-613. doi:10.1145/3093315.3037703 Han, Y., Chan, J., Alpcan, T., & Leckie, C. (2015). Using Virtual Machine Allocation Policies to Defend against Co-resident Attacks in Cloud Computing. IEEE Transactions on Dependable and Secure Computing,1-1. doi:10.1109/tdsc.2015.2429132 Nelson, J. (2017). Co-residency Detection and Memory Bus Locking. Ristenpart, T. (n.d.). Hey, You, Get Off of My Cloud: Exploring Information ... Retrieved from https://hovav.net/ucsd/dist/cloudsec.pdf Alibaba Cloud Ranks the World's Third Largest Cloud Services Provider for Two Consecutive Years. (n.d.). Retrieved from https://www.alibabacloud.com/press-room/alibaba-cloud-ranks- the-worlds-third-largest-cloud-services-provider-for-two-consecutive- time?spm=a2c5t.10695662.1996646101.searchclickresult.4a645316ZjqxGh

Recommend

TimberWolf 7.0 Placement Perform TimberWolf placement Based on the given standard cell

TimberWolf 7.0 Placement Perform TimberWolf placement Based on the given standard cell

TimberWolf 7.0 Placement Perform TimberWolf placement Based on the given standard cell placement Initial HPBB wirelength = 23 Practical Problems in VLSI Physical Design TimberWolf Placement (1/16) First Swap Swap node b and e

340 views • 16 slides
Fertilizer Deep Placement Technology A Useful Tool in Food Security Improvement Presentation

Fertilizer Deep Placement Technology A Useful Tool in Food Security Improvement Presentation

Fertilizer Deep Placement Technology A Useful Tool in Food Security Improvement Presentation Transcript April 24, 2013 Presenters Samba Kawa USAID/BFS Upendra Singh IFDC John H. Allgood IFDC Sponsor United States Agency for International

441 views • 18 slides
Automatic Placement of Authorization Hooks in the Linux Security Modules Framework Vinod

Automatic Placement of Authorization Hooks in the Linux Security Modules Framework Vinod

Automatic Placement of Authorization Hooks in the Linux Security Modules Framework Vinod Ganapathy vg@cs.wisc.edu University of Wisconsin, Madison Joint work with Trent Jaeger Somesh Jha tjaeger@cse.psu.edu jha@cs.wisc.edu Pennsylvania

604 views • 41 slides
VLSI Placement Sadiq M. Sait & Habib Youssef December 1995 Placement Placement is the

VLSI Placement Sadiq M. Sait & Habib Youssef December 1995 Placement Placement is the

King Fahd University of Petroleum & Minerals College of Computer Sciences & Engineering Department of Computer Engineering VLSI Placement Sadiq M. Sait & Habib Youssef December 1995 Placement Placement is the process of

1.15k views • 52 slides
ADVANCED PLACEMENT The purpose of the Advanced Placement program is to provide the students with

ADVANCED PLACEMENT The purpose of the Advanced Placement program is to provide the students with

ADVANCED PLACEMENT The purpose of the Advanced Placement program is to provide the students with challenging coursework that culminates with an external examination. BENEFITS OF ADVANCED PLACEMENT Possible College Credit Early completion

601 views • 6 slides
Outline Motivation Seeing the Forest and the Why current placement tools are outdated

Outline Motivation Seeing the Forest and the Why current placement tools are outdated

Outline Motivation Seeing the Forest and the Why current placement tools are outdated Trees: Steiner Wirelength Analysis of placement objectives Optimization in Placement A nave attempt at optimization Our placement

219 views • 8 slides
INCREASING CIRCULATION BOOK DISPLAYS THROUGH 2 Placement PLACEMENT LIBRARY GEOGRAPHY

INCREASING CIRCULATION BOOK DISPLAYS THROUGH 2 Placement PLACEMENT LIBRARY GEOGRAPHY

INCREASING CIRCULATION BOOK DISPLAYS THROUGH 2 Placement PLACEMENT LIBRARY GEOGRAPHY Front of the Library Power Aisle Endcaps & Small tables High Traffic Areas 3 PLACEMENT FRONT OF THE LIBRARY First

384 views • 27 slides
GORDIAN Placement Perform GORDIAN placement Uniform area and net weight, area balance

GORDIAN Placement Perform GORDIAN placement Uniform area and net weight, area balance

GORDIAN Placement Perform GORDIAN placement Uniform area and net weight, area balance factor = 0.5 Undirected graph model: each edge in k -clique gets weight 2/ k Practical Problems in VLSI Physical Design GORDIAN Placement (1/21) IO

672 views • 21 slides
BonnPlace : A Self-Stabilizing Placement Framework Ulrich Brenner, Anna Hermann, Nils Hoppmann,

BonnPlace : A Self-Stabilizing Placement Framework Ulrich Brenner, Anna Hermann, Nils Hoppmann,

BonnPlace : A Self-Stabilizing Placement Framework Ulrich Brenner, Anna Hermann, Nils Hoppmann, Philipp Ochsendorf Research Institute for Discrete Mathematics, University of Bonn ISPD 2015 1 Placement Problem Placement Problem Placement area

282 views • 26 slides
CS137: Today Electronic Design Automation Placement Problem Partitioning Placement

CS137: Today Electronic Design Automation Placement Problem Partitioning Placement

CS137: Today Electronic Design Automation Placement Problem Partitioning Placement Quadrisection Day 16: November 9, 2005 Refinement Placement (Intro, Constructive) 1 2 CALTECH CS137 Fall2005 -- DeHon CALTECH CS137

295 views • 7 slides
Advanced Placement Physics 1 Advanced Placement Physics 2 Dr. Matt Frederickson Dr. Kevin

Advanced Placement Physics 1 Advanced Placement Physics 2 Dr. Matt Frederickson Dr. Kevin

Advanced Placement Physics 1 Advanced Placement Physics 2 Dr. Matt Frederickson Dr. Kevin McColgan Advanced Placement Physics 1&2 Revisions at a Glance WHY from College Board? AP has implemented key recommendations of the NRC

66 views • 6 slides
Placement Introduction A very important step in physical design cycle. A poor placement

Placement Introduction A very important step in physical design cycle. A poor placement

Placement Introduction A very important step in physical design cycle. A poor placement requires larger area. Also results in performance degradation. It is the process of arranging a set of modules on the layout surface. Each

428 views • 41 slides
Student Placement Task Force Student placement option presentation Maize Board of Education |

Student Placement Task Force Student placement option presentation Maize Board of Education |

Student Placement Task Force Student placement option presentation Maize Board of Education | Feb. 10, 2014 Introduction: Peggy McNeive, Commissioner Federal Mediation and Conciliation Service Student Placement Task Force members

662 views • 50 slides
Placement and Beyond in Honor of Ernest S. Kuh C. K. Cheng UC San Diego UC San Diego March 28,

Placement and Beyond in Honor of Ernest S. Kuh C. K. Cheng UC San Diego UC San Diego March 28,

Placement and Beyond in Honor of Ernest S. Kuh C. K. Cheng UC San Diego UC San Diego March 28, 2011 Placement and Beyond Placement and Beyond Ernest S. Kuh is a pioneer and giant in physical layout. Board of Directors, Cadence Design

512 views • 15 slides
The ISPD 2006 Placement Contest and Benchmark Suite Gi-Joon Nam, Charles J. Alpert, Paul G.

The ISPD 2006 Placement Contest and Benchmark Suite Gi-Joon Nam, Charles J. Alpert, Paul G.

The ISPD 2006 Placement Contest and Benchmark Suite Gi-Joon Nam, Charles J. Alpert, Paul G. Villarrubia IBM Corp. 1 Summary of ISPD 2005 Placement Contest 9 academic placement tools participated Good coverage of placement tools

591 views • 23 slides
HHS Advanced Placement / Dual Credit Information Night Why Take Advanced Placement or Dual

HHS Advanced Placement / Dual Credit Information Night Why Take Advanced Placement or Dual

HHS Advanced Placement / Dual Credit Information Night Why Take Advanced Placement or Dual Credit? Jump start on earning college credit. Huge savings versus what a student (parent) will pay once they graduate HHS. Helps prepare students

630 views • 26 slides
REDUCING PLACEMENT DELAY/PLACEMENT FAILURE Background: At any one time, between 15% and 25 % of

REDUCING PLACEMENT DELAY/PLACEMENT FAILURE Background: At any one time, between 15% and 25 % of

Sue Burrell, Staff Attorney Youth Law Center CPDA Juvenile Defense Seminar Monterey, California (January 12, 2002) REDUCING PLACEMENT DELAY/PLACEMENT FAILURE Background: At any one time, between 15% and 25 % of the youth in California juvenile

408 views • 5 slides
Advanced Placement/Dual Enrollment Course Info. Session: February 13, 2020 Advanced Placement

Advanced Placement/Dual Enrollment Course Info. Session: February 13, 2020 Advanced Placement

Advanced Placement/Dual Enrollment Course Info. Session: February 13, 2020 Advanced Placement Program Mr. Anthony Vargas MCPS, Supervisor of Gifted/Talent and Advanced Programs What are the advantages of taking an AP course in high school?

243 views • 21 slides
8th Grade Open House What are AP and Dual Credit? Advanced Placement (AP) Advanced Placement ( AP

8th Grade Open House What are AP and Dual Credit? Advanced Placement (AP) Advanced Placement ( AP

AP, Dual Credit and Honors Information Meeting 8th Grade Open House What are AP and Dual Credit? Advanced Placement (AP) Advanced Placement ( AP ) is a program in the United States and Canada created by the College Board, which offers

983 views • 64 slides
ISPD 2005/2006 Placement Contest Updates Gi-Joon Nam IBM Corp. 2 ISPD Placement Contest ISPD

ISPD 2005/2006 Placement Contest Updates Gi-Joon Nam IBM Corp. 2 ISPD Placement Contest ISPD

ISPD 2005/2006 Placement Contest Updates Gi-Joon Nam IBM Corp. 2 ISPD Placement Contest ISPD hosted two placement contest in 2005 and 2006 Open contest for physical design academic community Common goals Further accelerate

475 views • 22 slides
BACKEND DESIGN Placement and Pin Assignment Placement 1 Problem Definition Input: A set

BACKEND DESIGN Placement and Pin Assignment Placement 1 Problem Definition Input: A set

BACKEND DESIGN Placement and Pin Assignment Placement 1 Problem Definition Input: A set of blocks, both fixed and flexible. Area of the block A i = w i x h i Constraint on the shape of the block (rigid/flexible) Pin

634 views • 26 slides
A Foundation for Automated Placement of Data Douglass Otstott, Sean Williams, Latchesar Ionkov,

A Foundation for Automated Placement of Data Douglass Otstott, Sean Williams, Latchesar Ionkov,

A Foundation for Automated Placement of Data Douglass Otstott, Sean Williams, Latchesar Ionkov, Michael Lang, Ming Zhao LA-UR-17-22686 Managed by Triad National Security, LLC for the U.S. Department of Energys NNSA Memory and Storage are

175 views • 16 slides
The ICPC Process Case worker finds possible placement for child out of state. Placement packet

The ICPC Process Case worker finds possible placement for child out of state. Placement packet

4/22/15 The ICPC Process Case worker finds possible placement for child out of state. Placement packet completed and submitted The he N National E Electronic I Interstate to central ICPC office in state. Compact E Enterprise (

411 views • 4 slides
Zonal Placement & Cost Mitigation within SPP SPP Strategic Planning Committee April 20, 2017

Zonal Placement & Cost Mitigation within SPP SPP Strategic Planning Committee April 20, 2017

Zonal Placement & Cost Mitigation within SPP SPP Strategic Planning Committee April 20, 2017 Zonal Placement Significant opportunity for stakeholder-wide agreement on zonal placement Important to be codified in the SPP Tariff

160 views • 11 slides

More recommend