summer in the cloud
play

Summer In the Cloud Christina Delimitrou 1 and Christos Kozyrakis 2 1 - PowerPoint PPT Presentation

Dec 29, 2022 •170 likes •475 views

Bolt: I Know What You Did Last Summer In the Cloud Christina Delimitrou 1 and Christos Kozyrakis 2 1 Cornell University, 2 Stanford University ASPLOS April 12 th 2017 Executive Summary Problem: cloud resource sharing hides security

  1. Bolt: I Know What You Did Last Summer… In the Cloud Christina Delimitrou 1 and Christos Kozyrakis 2 1 Cornell University, 2 Stanford University ASPLOS – April 12 th 2017

  2. Executive Summary  Problem: cloud resource sharing hides security vulnerabilities  Interference from co-scheduled apps  leaks app characteristics  Enables severe performance attacks  Bolt: adversarial runtime in public clouds  Transparent app detection (5-10sec)  Leverages practical machine learning techniques  DoS  140x increase in latency  User study: 88% correctly identified applications  Resource partitioning is helpful but insufficient 2

  3. Motivation App1 App2 3

  4. Motivation App1 App2 containers 4

  5. Motivation App1 App2 containers memory capacity 5

  6. Motivation App1 App2 containers memory capacity storage capacity/bw 6

  7. Motivation App1 App2 containers memory capacity storage network bw capacity/bw 7

  8. Motivation App1 App2 LL cache containers memory capacity storage network bw capacity/bw 8

  9. Motivation power App1 App2 LL cache containers memory capacity storage network bw capacity/bw 9

  10. Motivation power Not all isolation techniques available App1 App2 LL cache Not all used/configured correctly containers Not all scale well Mem bw/core resources not isolated memory capacity storage network bw capacity/bw 10

  11. Bolt  Key idea: Leverage lack of isolation in public clouds to infer application characteristics  Programming framework, algorithm, load characteristics  Exploit: enable practical, effective, and hard-to-detect performance attacks  DoS, RFA, VM pinpointing  Use app characteristics (sensitive resource) against it  Avoid CPU saturation  hard to detect 11

  12. Threat Model Cloud Adversary Victim provider  Impartial, neutral cloud provider  Active adversary but no control over VM placement 12

  13. Bolt App Contention 1 3 inference injection Adversary Victim 2 Interference Impact measurement 13

  14. Bolt App Contention 1 3 inference injection Custom 4 contention Adversary Victim kernel Performance attack 5 2 Interference Impact measurement 14

  15. 1. Contention Measurement  Set of contentious kernels (iBench) 1 Contention injection  Compute  L1/L2/L3 Adversary Victim  Memory bw 2 Interference  Storage bw impact  Network bw measurement  (Memory/Storage capacity)  Sample 2-3 kernels, run in adversarial VM  Measure impact on performance of kernels vs. isolation 15

  16. 2. Practical App Inference Practical app inference  Infer resource pressure in non- 3 profiled resources  Sparse  dense information Adversary Victim  SGD (Collaborative filtering)  Classify unknown victim based on previously-seen applications  Label & determine resource sensitivity  Content-based recommendation Hybrid recommender 16

  17. Big Data to the Rescue Infer pressure in non-profiled resources 1. Reconstruct sparse information  Stochastic Gradient Descent (SGD), O(mpk)  Contention injection Bolt uBench uBench Data Interference App App App profile App SVD+SGD r 1 r 2 r 3 … r N r 1 r 2 r 3 … r N a 11 0 0 … a 1N a 11 a 12 a 13 … a 1N 0 a 22 0 … 0 a 21 a 22 a 23 … a 2N … … … … … … … … … … 17 a M1 0 a M3 … 0 a M1 a M2 a M3 … a MN

  18. Big Data to the Rescue Classify and label victims 2. Weighted Pearson Correlation Coefficients  Output: distribution of similarity scores to app classes  Bolt Data App label & App App characteristics App App Pearson Corr Coeff r 1 r 2 r 3 … r N Hadoop SVM: 65% a 11 a 12 a 13 … a 1N Spark ALS: 21% a 21 a 22 a 23 … a 2N memcached: 11% … … … … … … a M1 a M2 a M3 … a MN 18

  19. Inference Accuracy  40 machine cluster (420 cores)  Training apps: 120 jobs (analytics, databases, webservers, in- memory caching, scientific, js)  high coverage of resource space  Testing apps: 108 latency-critical webapps, analytics  No overlap in algorithms/datasets between training and testing sets Application class Detection accuracy (%) In-memory caching (memcached) 80% Persistent databases (Cassandra, MongoDB) 89% Hadoop jobs 92% Spark jobs 86% Webservers 91% Aggregate 89% 19

  20. 3. Practical Performance Attacks Custom kernel 4 Determine the resource injection 1. bottleneck of the victim Create custom contentious 2. Adversary Victim kernel that targets critical resource(s) Inject kernel in Bolt 3.  Several performance attacks (DoS, RFAs, VM pinpointing)  Target specific, critical resource  low CPU pressure 20

  21. 3. Practical DoS Attacks  Launched against same 108 applications as before  On average 2.2x higher execution time and up to 9.8x  For interactive services, on average 42x increase in tail latency and up to 140x  Bolt does not saturate CPU  Naïve attacker gets migrated 21

  22. Demo 22

  23. User Study  20 independent users from Stanford and Cornell  Cluster  200 EC2 servers, c3.8xlarge (32vCPUs, 60GB memory)  Rules:  4vCPUs per machine for Bolt  All users have equal priority  Users use thread pinning  Users can select specific instances  Training set: 120 apps incl. analytics, webapps, scientific, etc. 23

  24. Accuracy of App Labeling 53 app classes (analytics, webapps, FS/OS, HLS/sim, other…) 24

  25. Accuracy of App Characterization Performance attack results in the paper 25

  26. The Value of Isolation 45% 14%  Need more scalable, fine-grain, and complete isolation techniques 26

  27. Conclusions  Bolt: highlight the security vulnerabilities from lack of isolation  Fast detection using online data mining techniques  Practical, hard-to-detect performance attacks  Current isolation helpful but insufficient  In the paper:  Sensitivity to Bolt parameters  Sensitivity to applications and platform parameters  User study details  More performance attacks (resource freeing, VM pinpointing) 27

  28. Questions?  Bolt: highlight the security vulnerabilities from lack of isolation  Fast detection using online data mining techniques  Practical, hard-to-detect performance attacks  Current isolation helpful but insufficient  In the paper:  Sensitivity to Bolt parameters  Sensitivity to applications and platform parameters  User study details  More performance attacks (resource freeing, VM pinpointing) 28

  29. Evolving Applications  Cloud applications change behavior  Users use the same cloud resources for several apps over time  Bolt periodically wakes up, checks if app profile has changed; if so, reprofile & reclassify 29

  30. Inference Within a Framework  Within a framework, dataset and choice of algorithm affect resource requirements  Bolt matches a new unknown application to apps in a framework by distinguishing their resource needs 30

Recommend

Program Update Summer/Early Fall 2017 W Summer/Early Fall

Program Update Summer/Early Fall 2017 W Summer/Early Fall

Cloud Transformation Program Executive Sponsor Roadshow Program Update Summer/Early Fall 2017 W Summer/Early Fall Cloud Program Update! Overview of of the UIT Cloud 1 Todays Agenda Transformation Program

603 views • 17 slides
Helix Nebula, the Science Cloud CloudCom SCC-Computing Summer Symposium on EU-China- North

Helix Nebula, the Science Cloud CloudCom SCC-Computing Summer Symposium on EU-China- North

Helix Nebula, the Science Cloud CloudCom SCC-Computing Summer Symposium on EU-China- North America Collaboration on HPC, Cloud and Big Data Stavanger, 20-21 June 2013 Maryline Lengert, ESA Why is Helix Nebula relevant for HPC? Started with

383 views • 22 slides
Flaring up of the Compact Cloud G2 during the Close Encounter with Sgr A* in 2013 Summer

Flaring up of the Compact Cloud G2 during the Close Encounter with Sgr A* in 2013 Summer

ALMA 2013/01/26-28 Flaring up of the Compact Cloud G2 during the Close Encounter with Sgr A* in 2013 Summer Takayuki Saitoh Tokyo Institute of Technology CollaboratorsJunichiro Makino(Titech),

493 views • 32 slides
I & E Future Cloud Summer School Bjorn Hovstadius Boris Nordenstrm I&E I & E

I & E Future Cloud Summer School Bjorn Hovstadius Boris Nordenstrm I&E I & E

I & E Future Cloud Summer School Bjorn Hovstadius Boris Nordenstrm I&E I & E People Bjrn Hovstadius Business development at SICS and EIT Digital Microsoft Entrepreneur started and mentored several companies

323 views • 10 slides
We know what you did this summer Android Banking Trojans Exposing Its Sins in The Cloud

We know what you did this summer Android Banking Trojans Exposing Its Sins in The Cloud

We know what you did this summer Android Banking Trojans Exposing Its Sins in The Cloud Siegfried Rasthofer (TU Darmstadt / CASED) Eric Bodden (TU Darmstadt / Fraunhofer SIT) Carlos Castillo (Intel Security) Alex Hinchliffe (Intel

510 views • 39 slides
We know what you did this summer: Android Banking Trojan exposing its sins in the cloud

We know what you did this summer: Android Banking Trojan exposing its sins in the cloud

We know what you did this summer: Android Banking Trojan exposing its sins in the cloud Siegfried Rasthofer (TU Darmstadt / CASED) Eric Bodden (TU Darmstadt / Fraunhofer SIT) Carlos Castillo (Intel Security) Alex Hinchliffe (Intel Security)

626 views • 34 slides
EIT ICT Labs Summer School on Cloud and Big Data - The Mentimeter Case Johnny Warstrm, CEO

EIT ICT Labs Summer School on Cloud and Big Data - The Mentimeter Case Johnny Warstrm, CEO

EIT ICT Labs Summer School on Cloud and Big Data - The Mentimeter Case Johnny Warstrm, CEO & Co-founder Mentimeter - Awkward family photo Summary of Mentimeter Why we do it: We want to give everyone a chance to share their opinion How we

651 views • 7 slides
Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come

Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come

Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come from? Why Cloud? Cloud for small, medium, enterprise, and government Barriers to adoption Embracing Cloud Social Mobile Cloud

972 views • 45 slides
SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud

SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud

SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud Tour of the buzzwords, myths and realities Whats in store for me, the boss, the company, the industry? Your cloud, our cloud their

224 views • 19 slides
Apache Spark Tutorial Future Cloud Summer School Paco Nathan @pacoid 2015-08-06

Apache Spark Tutorial Future Cloud Summer School Paco Nathan @pacoid 2015-08-06

Apache Spark Tutorial Future Cloud Summer School Paco Nathan @pacoid 2015-08-06 http://cdn.liber118.com/workshop/fcss_spark.pdf Getting Started s e g a k c a P X h p a G r b l i L M k a r p S g n m i L a Q

1.74k views • 147 slides
CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

Cornell CS5412 Cloud Computing (Spring 2015) 1 CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is cheaper! The cloud business model is growing at an unparalleled pace without any limit in sight

632 views • 45 slides
CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

1 CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is cheaper The cloud business model is growing at an unparalleled pace without any limit in sight In the future everything will be on the cloud

945 views • 65 slides
Spark Machine Learning Future Cloud Summer School Paco Nathan @pacoid 2015-08-08

Spark Machine Learning Future Cloud Summer School Paco Nathan @pacoid 2015-08-08

Spark Machine Learning Future Cloud Summer School Paco Nathan @pacoid 2015-08-08 http://cdn.liber118.com/workshop/fcss_ml.pdf ML Background ML: Background A Visual Guide to Machine Learning Stephanie Yee , Tony Chu

1.07k views • 80 slides
The Cloud Is Big! The Cloud Is Hot! IT industry Constitutes about 2% of total US energy

The Cloud Is Big! The Cloud Is Hot! IT industry Constitutes about 2% of total US energy

The Data Furnace: Heating Up with Cloud Computing Jie Liu , Michel Goraczko, Jiakang Lu Sean James, Christian Belady Kamin Whitehouse Microsoft University of Virginia The Cloud Is Big! The Cloud Is Hot! IT industry Constitutes about 2%

551 views • 16 slides
Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing Understanding: Distributed Application Design Resource Management Automation Virtualized Computing Environments High-performance Computing

1.02k views • 49 slides
Second XtreemOS Summer School Reisensburg Castle, University of Ulm 2 Acknowlegments

Second XtreemOS Summer School Reisensburg Castle, University of Ulm 2 Acknowlegments

XtremOS tutorial on security XtreemOS: Evolving from a Grid to a Cloud Computing System Christine Morin XtreemOS scientific coordinator INRIA Rennes-Bretagne Atlantique Second XtreemOS Summer School July 5, 2010 XtreemOS IP project is

652 views • 30 slides
NVIDIA GPUs in the Cloud 4 EVOLVING CLOUD REQUIREMENTS On Off Hybrid Cloud premises premises

NVIDIA GPUs in the Cloud 4 EVOLVING CLOUD REQUIREMENTS On Off Hybrid Cloud premises premises

NVIDIA GPUs in the Cloud 4 EVOLVING CLOUD REQUIREMENTS On Off Hybrid Cloud premises premises Connecting clouds New workloads Components to disrupt SOFTLAYER CAPABILITIES OVERVIEW 5 GLOBAL CLOUD PLATFORM Unified architecture enabled by

390 views • 17 slides
SUMMER BRAIN GAIN: REIMAGINING SUMMER LEARNING What is the problem? Why Summer Matters There is

SUMMER BRAIN GAIN: REIMAGINING SUMMER LEARNING What is the problem? Why Summer Matters There is

SUMMER BRAIN GAIN: REIMAGINING SUMMER LEARNING What is the problem? Why Summer Matters There is no other time of year when inequalities are greater in the United States than during the summer months. Why Summer Matters In the summer, 43

219 views • 18 slides
github.com/18F/cg-workshop I Want You to use cloud.gov : Focus on mission " :

github.com/18F/cg-workshop I Want You to use cloud.gov : Focus on mission " :

09:00 Welcome Shashank Khandelwal 09:10 cloud.gov Overview 09:40 cloud.gov Hands-on I 10:20 Break 10:30 Federalist Will Slack 10:40 cloud.gov Hands-on II 11:30 Q & A github.com/18F/cg-workshop I Want You to use cloud.gov

461 views • 34 slides
Cloud Ross Mallace Commercial Director Cloud/SaaS Cloud is here. ALL By 2020 most core

Cloud Ross Mallace Commercial Director Cloud/SaaS Cloud is here. ALL By 2020 most core

Banking in the Cloud Ross Mallace Commercial Director Cloud/SaaS Cloud is here. ALL By 2020 most core most banking initiatives will be in the cloud John Schlesinger Changing Cloud Adoption in Financial Services Over 100

561 views • 20 slides
A vision for Carrier Cloud Networking... Itzik Weinstein, CEO 1 Cloud Services The Cloud is

A vision for Carrier Cloud Networking... Itzik Weinstein, CEO 1 Cloud Services The Cloud is

A vision for Carrier Cloud Networking... Itzik Weinstein, CEO 1 Cloud Services The Cloud is highly scalable, and managed infrastructure capable of hosting end- customer applications and billed by consumption. - Forrester Virtual

399 views • 6 slides
Cloud-iQ New features including xSP reporting Crayon Channel Team Cloud-iQ updates The Cloud-iQ

Cloud-iQ New features including xSP reporting Crayon Channel Team Cloud-iQ updates The Cloud-iQ

Cloud-iQ New features including xSP reporting Crayon Channel Team Cloud-iQ updates The Cloud-iQ Platform is Crayons Cloud Service Scaling Engine. Offering best in class self- provisioning, billing and reporting capabilities to

346 views • 12 slides
Cloud-Integrated IP Design: Bursting EDA Workflows to the Public Cloud Jerome McFarland,

Cloud-Integrated IP Design: Bursting EDA Workflows to the Public Cloud Jerome McFarland,

Cloud-Integrated IP Design: Bursting EDA Workflows to the Public Cloud Jerome McFarland, Marketing Director, Elastifile Agenda Why Cloud? How Cloud? Real-World Example Why Cloud? IC Design Complexity is Steadily Increasing Process

604 views • 31 slides
Building a Private Cloud Cloud Infrastructure Using Opensource Building a Private Cloud OSCON

Building a Private Cloud Cloud Infrastructure Using Opensource Building a Private Cloud OSCON

Building a Private Cloud Cloud Infrastructure Using Opensource Building a Private Cloud OSCON 2010 Building a Private Cloud with Ubuntu Server 10.04 Enterprise Cloud (Eucalyptus) OSCON 2010 (Note: Special thanks to Jim Beasley, my lead Cloud

604 views • 37 slides

More recommend