scotch combining software guard extensions and system
play

Scotch: Combining Software Guard Extensions and System Management - PowerPoint PPT Presentation

Jul 24, 2023 •221 likes •704 views

Scotch: Combining Software Guard Extensions and System Management Mode to Monitor Cloud Resource Usage Kevin Leach 1 , Fengwei Zhang 2 , and Westley Weimer 1 1 University of Michigan, 2 Wayne State University Leach, Zhang, & Weimer 1 / 19

  1. Scotch: Combining Software Guard Extensions and System Management Mode to Monitor Cloud Resource Usage Kevin Leach 1 , Fengwei Zhang 2 , and Westley Weimer 1 1 University of Michigan, 2 Wayne State University Leach, Zhang, & Weimer 1 / 19

  2. Summary We use Intel Software Guard Extensions (SGX) and System Management Mode (SMM) to accurately monitor resource consumption of virtual machines (VMs) in the presence of a compromised VM or hypervisor Leach, Zhang, & Weimer 2 / 19

  3. Motivation ◮ Multi-tenant cloud computing increases utilization ◮ Client agrees to pay Cloud provider for a particular service level ◮ e.g., $1 per hour of CPU time Leach, Zhang, & Weimer 3 / 19

  4. Motivation ◮ Multi-tenant cloud computing increases utilization ◮ Client agrees to pay Cloud provider for a particular service level ◮ e.g., $1 per hour of CPU time ◮ Cloud provider depends on hypervisor/virtual machine monitor (VMM) platform to distribute resources ◮ Xen, QEMU, etc. Cloud VMM VM 1 VM 2 VM 3 Leach, Zhang, & Weimer 3 / 19

  5. Motivation ◮ Multi-tenant cloud computing increases utilization ◮ Client agrees to pay Cloud provider for a particular service level ◮ e.g., $1 per hour of CPU time ◮ Cloud provider depends on hypervisor/virtual machine monitor (VMM) platform to distribute resources ◮ Xen, QEMU, etc. Cloud VMM 1 1 1 3 CPU 3 CPU 3 CPU VM 1 VM 2 VM 3 If all 3 VMs peg the CPU, the VMM must decide how to allocate CPU time based on each client’s service level. Leach, Zhang, & Weimer 3 / 19

  6. Motivation ◮ Cloud provider depends on VMM platform to distribute resources Leach, Zhang, & Weimer 4 / 19

  7. Motivation ◮ Cloud provider depends on VMM platform to distribute resources ◮ Two issues Leach, Zhang, & Weimer 4 / 19

  8. Motivation ◮ Cloud provider depends on VMM platform to distribute resources ◮ Two issues 1. What if the VMM/cloud provider is malicious? ◮ Manipulate resource consumption to bill customers more Leach, Zhang, & Weimer 4 / 19

  9. Motivation ◮ Cloud provider depends on VMM platform to distribute resources ◮ Two issues 1. What if the VMM/cloud provider is malicious? ◮ Manipulate resource consumption to bill customers more 2. What if the VMM is vulnerable to malicious VMs? ◮ Malicious VM manipulates resource consumption to steal resources from benign customers Leach, Zhang, & Weimer 4 / 19

  10. Resource Accounting Attacks ◮ Benign Behavior VMM decides to bill a guest: 1 2 1 2 1 2 1 1 2 1 2 1 2 1 . . . 0ms 30ms 60ms 90ms 120ms 150ms 180ms CPU time The Xen hypervisor regularly checks which VM is active to determine how much CPU time each VM uses Leach, Zhang, & Weimer 5 / 19

  11. Resource Accounting Attacks ◮ Malicious Behavior VMM decides to bill a guest: 1 1 1 1 1 2 1 2 1 2 1 . . . 0ms 30ms 60ms 90ms 120ms 150ms 180ms CPU time A malicious VM (2) with knowledge of the VMM can affect the appearance of resource consumption by itself and benign VMs. Leach, Zhang, & Weimer 6 / 19

  12. Resource Interference Attacks Attacker can take advantage of known victim behavior Victim VM Flood HTTP server Malicious VM (webserver) Free CPU cycles Thrash from I/O Malicious VM can cause benign VM to free up resources for itself Leach, Zhang, & Weimer 7 / 19

  13. VM Escape Attack Malicious VM can exploit buggy VMM implementation, allowing code execution with VMM privilege ◮ Could potentially alter resource consumption to hide itself Leach, Zhang, & Weimer 8 / 19

  14. Scotch: Transparent Cloud Resource Accounting Two desired properties 1. Transparent ◮ The underlying VMM and VMs are not aware accounting occurs 2. Tamper-resistant ◮ A malicious VMM or VM guest cannot reliably alter accounting data Leach, Zhang, & Weimer 9 / 19

  15. Insights for Scotch ◮ System Management Mode High priority System Management Interrupt causes CPU to atomically execute SMM handler code Leach, Zhang, & Weimer 10 / 19

  16. Insights for Scotch ◮ System Management Mode High priority System Management Interrupt causes CPU to atomically execute SMM handler code ◮ Use SMM to collect raw resource consumption data Leach, Zhang, & Weimer 10 / 19

  17. Insights for Scotch ◮ System Management Mode High priority System Management Interrupt causes CPU to atomically execute SMM handler code ◮ Use SMM to collect raw resource consumption data ◮ SMM logically collects data, then relays it to SGX enclave Leach, Zhang, & Weimer 10 / 19

  18. Insights for Scotch ◮ Software Guard Extensions Enclave-based trusted execution environment (TEE); userspace code runs in isolation Leach, Zhang, & Weimer 11 / 19

  19. Insights for Scotch ◮ Software Guard Extensions Enclave-based trusted execution environment (TEE); userspace code runs in isolation ◮ Use SGX enclave so that benign user can monitor and verify their resource consumption Leach, Zhang, & Weimer 11 / 19

  20. Insights for Scotch ◮ Software Guard Extensions Enclave-based trusted execution environment (TEE); userspace code runs in isolation ◮ Use SGX enclave so that benign user can monitor and verify their resource consumption ◮ Raw data collected by SMM is relayed to SGX enclave Leach, Zhang, & Weimer 11 / 19

  21. Scotch: Transparent Cloud Resource Accounting Protected System VMM (e.g., Xen) SGX Enclave 1 VM1 data VM1 VM2 VM3 VM2 data VM3 data 2 SGX Enclave 4 True timer 3 5 SMI Handler Data 1. VMM decides to switch between VM guests Leach, Zhang, & Weimer 12 / 19

  22. Scotch: Transparent Cloud Resource Accounting Protected System VMM (e.g., Xen) SGX Enclave 1 VM1 data VM1 VM2 VM3 VM2 data VM3 data 2 SGX Enclave 4 True timer 3 5 SMI Handler Data 2. Scotch measures resource consumption by invoking SMM every context switch Leach, Zhang, & Weimer 12 / 19

  23. Scotch: Transparent Cloud Resource Accounting Protected System VMM (e.g., Xen) SGX Enclave 1 VM1 data VM1 VM2 VM3 VM2 data VM3 data 2 SGX Enclave 4 True timer 3 5 SMI Handler Data 3. SMM handler executes resource accounting in isolation Leach, Zhang, & Weimer 12 / 19

  24. Scotch: Transparent Cloud Resource Accounting Protected System VMM (e.g., Xen) SGX Enclave 1 VM1 data VM1 VM2 VM3 VM2 data VM3 data 2 SGX Enclave 4 True timer 3 5 SMI Handler Data 4. Data is marshalled to SGX enclave within VM Leach, Zhang, & Weimer 12 / 19

  25. Scotch: Transparent Cloud Resource Accounting Protected System VMM (e.g., Xen) SGX Enclave 1 VM1 data VM1 VM2 VM3 VM2 data VM3 data 2 SGX Enclave 4 True timer 3 5 SMI Handler Data 5. Benign VM can monitor resource accounting data with high integrity Leach, Zhang, & Weimer 12 / 19

  26. Evaluation Research Questions ◮ RQ1: Can we maintain accurate accounting during scheduler attacks? ◮ RQ2: What is our overhead on benign workloads? ◮ RQ3: Can we maintain accurate accounting during resource interference attacks? ◮ RQ4: Can we maintain accurate accounting during VM escape attacks? Leach, Zhang, & Weimer 13 / 19

  27. RQ1: Scheduler Attacks ◮ Implement controllable scheduler ◮ Simulate attacker by altering the CPU time allocation by a varying degree Leach, Zhang, & Weimer 14 / 19

  28. RQ1: Scheduler Attacks ◮ Implement controllable scheduler ◮ Simulate attacker by altering the CPU time allocation by a varying degree ◮ Run two VMs, one simulated attacker and one benign ◮ Both are computing indicative workloads: pi , gzip , and the PARSEC benchmarks Leach, Zhang, & Weimer 14 / 19

  29. RQ1: Scheduler Attacks ◮ Implement controllable scheduler ◮ Simulate attacker by altering the CPU time allocation by a varying degree ◮ Run two VMs, one simulated attacker and one benign ◮ Both are computing indicative workloads: pi , gzip , and the PARSEC benchmarks ◮ Compare observed CPU time consumption presented by Xen vs. Scotch Leach, Zhang, & Weimer 14 / 19

  30. RQ1: Scheduler Attacks ◮ Implement controllable scheduler ◮ Simulate attacker by altering the CPU time allocation by a varying degree ◮ Run two VMs, one simulated attacker and one benign ◮ Both are computing indicative workloads: pi , gzip , and the PARSEC benchmarks ◮ Compare observed CPU time consumption presented by Xen vs. Scotch ◮ TL;DR Scotch shows significant difference in allocated CPU time Leach, Zhang, & Weimer 14 / 19

  31. RQ1: Scheduler Attacks Table : Ratio of attacker VM CPU time to guest VM CPU time. Scheduler attack severity level Benign 1 3 5 7 9 10 Scotch 1.00 1.04 1.10 1.17 1.26 1.36 1.41 ground truth 0.99 1.05 1.12 1.17 1.25 1.35 1.39 Leach, Zhang, & Weimer 15 / 19

  32. RQ1: Scheduler Attacks Table : Ratio of attacker VM CPU time to guest VM CPU time. Scheduler attack severity level Benign 1 3 5 7 9 10 Scotch 1.00 1.04 1.10 1.17 1.26 1.36 1.41 ground truth 0.99 1.05 1.12 1.17 1.25 1.35 1.39 The attacker receives disproportionate CPU time. Ground truth obtained with Xentrace. Leach, Zhang, & Weimer 15 / 19

  33. RQ2: Overhead ◮ Invoking SMIs to run accounting code can be costly Leach, Zhang, & Weimer 16 / 19

  34. RQ2: Overhead ◮ Invoking SMIs to run accounting code can be costly ◮ Accounting code takes 2248 ± 69 cycles to execute ◮ Roughly 1 µ s incurred every context switch Leach, Zhang, & Weimer 16 / 19

Recommend

Scotch Whisky From humble beginnings to global success The Scotch Whisky Association is the trade

Scotch Whisky From humble beginnings to global success The Scotch Whisky Association is the trade

Scotch Whisky From humble beginnings to global success The Scotch Whisky Association is the trade body for the Scotch Whisky industry. Established in 1912 70 member companies, including Diageo, Chivas, Edrington & William Grants

349 views • 12 slides
BRAND PRESENTATION THE BLENDED SCOTCH WHISKY MARKET SCOTCH WHISKY, THE 1 ST WHISKY CATEGORY

BRAND PRESENTATION THE BLENDED SCOTCH WHISKY MARKET SCOTCH WHISKY, THE 1 ST WHISKY CATEGORY

BRAND PRESENTATION THE BLENDED SCOTCH WHISKY MARKET SCOTCH WHISKY, THE 1 ST WHISKY CATEGORY RANKING WHISKY CATEGORIES WORLDWIDE WHISKY CAT. SCOTCH #1 #2 US LENDED WHI IES BLEN HISKIE Blended Scotch Whisky #1 of the category CANADIAN

401 views • 36 slides
The Perfect Mix Building a brand for Millennials The Brand No.1 Scotch Whisky in Europe No. 2

The Perfect Mix Building a brand for Millennials The Brand No.1 Scotch Whisky in Europe No. 2

The Perfect Mix Building a brand for Millennials The Brand No.1 Scotch Whisky in Europe No. 2 Scotch Whisky Globally No.1 Scotch Whisky in Europe No. 2 Scotch Whisky Globally But needing to attract new consumers The Challenge Connecting

666 views • 35 slides
Practical implications of Intel SGX with Graphene July 4th, 2019 Derk Barten Robin Klusman

Practical implications of Intel SGX with Graphene July 4th, 2019 Derk Barten Robin Klusman

Practical implications of Intel SGX with Graphene July 4th, 2019 Derk Barten Robin Klusman Software Guard Untrusted system Trusted enclave Extensions Attestation (SGX) Encrypted & isolated memory Integrity,

266 views • 22 slides
How to mature a 20 y.o. Scotch Franois Pellegrini EQUIPE PROJET BACCHUS Bordeaux 02/02/2012

How to mature a 20 y.o. Scotch Franois Pellegrini EQUIPE PROJET BACCHUS Bordeaux 02/02/2012

How to mature a 20 y.o. Scotch Franois Pellegrini EQUIPE PROJET BACCHUS Bordeaux 02/02/2012 Sud-Ouest Outline of the talk Graph partitioning The Scotch project and history Licensing issues Some lessons (to be) learnt

583 views • 30 slides
CSci 5271 Software-based Fault Isolation Navid Emamdoost navid@cs.umn.edu Oct-16-2014 Need for

CSci 5271 Software-based Fault Isolation Navid Emamdoost navid@cs.umn.edu Oct-16-2014 Need for

CSci 5271 Software-based Fault Isolation Navid Emamdoost navid@cs.umn.edu Oct-16-2014 Need for extensibility Problem with extensions UNIX vnode interface Security! Extensions may be o Add new file system Postgres database o

583 views • 6 slides
Combining a Formal Method and PSP for Improving Software Process: An Initial Report -

Combining a Formal Method and PSP for Improving Software Process: An Initial Report -

Combining a Formal Method and PSP for Improving Software Process: An Initial Report - (Work-In-Progress Report) - Shigeru KUSAKABE , Yoichi OMORI, Keijiro ARAKI Kyushu University, Japan Outline Background Personal Software Process

343 views • 31 slides
Ants, Mutants and Beyond Combining formal and stochastic techniques to improve software

Ants, Mutants and Beyond Combining formal and stochastic techniques to improve software

Nature-inspired Computing Search Based Software Engineering Genetic Improvement Automatic Improvement References References Ants, Mutants and Beyond Combining formal and stochastic techniques to improve software jerry.swan@york.ac.uk

487 views • 26 slides
Tomasz ciso Software Engineer Samsung R&D Center Poland The Earth Guard development

Tomasz ciso Software Engineer Samsung R&D Center Poland The Earth Guard development

Highly portable HTML5 games on Tizen Developer Conference May 2013 San Francisco USA Tomasz ciso Software Engineer Samsung R&D Center Poland The Earth Guard development story Code once - for Tizen and deploy your application on

350 views • 15 slides
U.S. Coast Guard Deepwater Horizon Incident Response Summary 1 More than 48,000 people

U.S. Coast Guard Deepwater Horizon Incident Response Summary 1 More than 48,000 people

U.S. Coast Guard Deepwater Horizon Incident Response Summary 1 More than 48,000 people 7,000 Coast Guard 1,625 National Guard 41,470 Contractors 723 BP 4,000 Volunteers United States Coast Guard 2 U.S. Department of

337 views • 19 slides
Extensions to the ripe-dbase Whois software Manage your IP Address Space with a customized

Extensions to the ripe-dbase Whois software Manage your IP Address Space with a customized

Extensions to the ripe-dbase Whois software Manage your IP Address Space with a customized version of the ripe database whois software Tobias Cremer, Arnd Vehling av@nethead.de Cable & Wireless, Munich, Germany nethead.de, Cologne,

1.09k views • 82 slides
SEA-PT 2017 Dave Mc Myler Pollution and Ship Casualty Irish Coast Guard Irish Coast Guard -

SEA-PT 2017 Dave Mc Myler Pollution and Ship Casualty Irish Coast Guard Irish Coast Guard -

SEA-PT 2017 Dave Mc Myler Pollution and Ship Casualty Irish Coast Guard Irish Coast Guard - Garda Csta na hireann Economic health of the State depends on Shipping as a Safe form of transport Introduction Brief on Irish Coast Guard

102 views • 9 slides
Enabling System Transactions via Lightweight Kernel Extensions R.P. Spillane, S. Gaikwad. M.

Enabling System Transactions via Lightweight Kernel Extensions R.P. Spillane, S. Gaikwad. M.

Enabling System Transactions via Lightweight Kernel Extensions R.P. Spillane, S. Gaikwad. M. Chinni, C.P. Wright, E. Zadok Stony Brook University http://www.fsl.cs.sunysb.edu/ Summary What is the design complexity of system transactions

288 views • 26 slides
Learning about the Earth from a scotch egg: How children learn with analogies and how to teach

Learning about the Earth from a scotch egg: How children learn with analogies and how to teach

Learning about the Earth from a scotch egg: How children learn with analogies and how to teach with them effectively Matthew Slocombe Centre for Educational Neuroscience University of London Primary Science Education Conference Edinburgh 8

749 views • 60 slides
CopyCat: Controlled Instruction-Level Attacks on Enclaves Daniel Moghimi Jo Van Bulck

CopyCat: Controlled Instruction-Level Attacks on Enclaves Daniel Moghimi Jo Van Bulck

CopyCat: Controlled Instruction-Level Attacks on Enclaves Daniel Moghimi Jo Van Bulck Nadia Heninger Frank Piessens Berk Sunar Trusted Execution Environment (TEE) Intel SGX Intel Software Guard eXtensions (SGX) App

894 views • 42 slides
Restrictions and Extensions of Data Automata Zhilin Wu Institute of Software, Chinese Academy of

Restrictions and Extensions of Data Automata Zhilin Wu Institute of Software, Chinese Academy of

Restrictions and Extensions of Data Automata Zhilin Wu Institute of Software, Chinese Academy of Sciences LOCALI 2013, Fragrant Hill Hotel, Nov. 04-07, 2011 Zhilin Wu (ISCAS) Restrictions and Extensions of Data Automata LOCALI 2013, Nov.

1.01k views • 66 slides
NEW- Sneeze Guard Screens NEW- Sneeze Guard Screens Desk-mounted screens Easy clean sneeze

NEW- Sneeze Guard Screens NEW- Sneeze Guard Screens Desk-mounted screens Easy clean sneeze

NEW- Sneeze Guard Screens NEW- Sneeze Guard Screens Desk-mounted screens Easy clean sneeze guard screens Clear acrylic/glass or healthcare grade vinyl, both easily cleanable Vinyl is anti-microbial/anti-fungal (AATCC 147) &

426 views • 7 slides
Guest Lecture Software-based Fault Isolation Navid Emamdoost navid@cs.umn.edu Need for

Guest Lecture Software-based Fault Isolation Navid Emamdoost navid@cs.umn.edu Need for

CSci 5271 Guest Lecture Software-based Fault Isolation Navid Emamdoost navid@cs.umn.edu Need for extensibility Problem with extensions Applications can incorporate independently developed Security and Reliability Extensions may be

532 views • 11 slides
United States Coast Guard Auxiliary [AV Version] WEB-BASED PRIVATE AID TO NAVIGATION SYSTEM

United States Coast Guard Auxiliary [AV Version] WEB-BASED PRIVATE AID TO NAVIGATION SYSTEM

WEB-BASED PRIVATE AID TO NAVIGATION SYSTEM TRAINING GUIDE United States Coast Guard Auxiliary [AV Version] WEB-BASED PRIVATE AID TO NAVIGATION SYSTEM Introduction Since it is always possible that, with the long intervals between use, many AVs

619 views • 41 slides
Combining Deduction and Algebraic Constraints for Hybrid System Analysis Andr e Platzer

Combining Deduction and Algebraic Constraints for Hybrid System Analysis Andr e Platzer

Combining Deduction and Algebraic Constraints for Hybrid System Analysis Andr e Platzer University of Oldenburg, Department of Computing Science, Germany Verify07 at CADE07 Andr e Platzer (University of Oldenburg) Combining

975 views • 59 slides
Scotch Sport 2018 What has sport done for us? Creates leaders and competitors Creates

Scotch Sport 2018 What has sport done for us? Creates leaders and competitors Creates

Scotch Sport 2018 What has sport done for us? Creates leaders and competitors Creates communicators, collaborators and teamplayers Instills great values Humility Respect Empathy and compassion Discipline Determination

773 views • 37 slides
Metal, Continued Reading: Checking System Rules Using System-Specific, Programmer-Written

Metal, Continued Reading: Checking System Rules Using System-Specific, Programmer-Written

Metal, Continued Reading: Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions 17-654/17-754 Analysis of Software Artifacts Jonathan Aldrich Assertion Side-Effects Flags error if assert() has side effects

422 views • 13 slides
PYP at Scotch College E ngaging R elevant C hallenging S ignificant Key Concepts WA Curriculum

PYP at Scotch College E ngaging R elevant C hallenging S ignificant Key Concepts WA Curriculum

PYP at Scotch College E ngaging R elevant C hallenging S ignificant Key Concepts WA Curriculum Trans- disciplinary Themes Approaches Learner Profile to Learning Attributes Curriculum: Curriculum for reporting & assessment of the

238 views • 22 slides
West Seattle and Ballard Link Extensions System Expansion Committee | May 9, 2019 West Seattle

West Seattle and Ballard Link Extensions System Expansion Committee | May 9, 2019 West Seattle

West Seattle and Ballard Link Extensions System Expansion Committee | May 9, 2019 West Seattle & Ballard Link Extensions Motion No. M2019-51 Identifying Alternatives for DEIS 9 May 2019 2 Agenda Alternatives development process Level 3

1.34k views • 85 slides

More recommend