Advertisement

Isolation in cloud computing infrastructures: new security challenges

  • Mohammad-Mahdi BazmEmail author
  • Marc Lacoste
  • Mario Südholt
  • Jean-Marc Menaud
Article

Abstract

Cloud computing infrastructures share hardware resources among different clients, leveraging virtualization to multiplex physical resources among several self-contained execution environments such as virtual machines or Linux containers. Isolation is a core security challenge for such a computing paradigm. It may be threatened by side-channels, created due to the sharing of physical resources like processor caches, or by mechanisms implemented in the virtualization layer. Side-channel attacks (SCAs) exploit and use such leaky channels to obtain sensitive data such as kernel information. This paper aims to clarify the nature of this threat for cloud infrastructures. Current SCAs are performed locally and exploit isolation challenges of virtualized environments to retrieve sensitive information. This paper also clarifies the concept of distributed side-channel attack (DSCA). We explore how such attacks can threaten isolation of any virtualized environments such as cloud computing infrastructures. Finally, we study a set of different applicable countermeasures for attack mitigation in cloud infrastructures.

Keywords

Cloud security Isolation Side-channel attacks Distributed side-channel attacks Moving target defense 

Notes

References

  1. 1.
    Merkel D (2014) Docker: lightweight Linux containers for consistent development and deployment. Linux Journal 2014(239):2Google Scholar
  2. 2.
    Madhavapeddy A, Mortier R, Rotsos C, Scott D, Singh B, Gazagnaire T, Smith S, Hand S, Crowcroft J (2013) Unikernels: library operating systems for the cloud. ACM SIGPLAN Not 48(4):461–472CrossRefGoogle Scholar
  3. 3.
    Bazm MM, Lacoste M, Südholt M, Menaud JM (2017) Side-channels beyond the cloud edge: new isolation threats and solutions. In Cyber Security in Networking Conference (CSNet), 2017 1st (pp. 1–8). IEEEGoogle Scholar
  4. 4.
    Costan V, Devadas S (2016) Intel SGX explained. IACR Cryptology ePrint Archive 2016(086):1–118Google Scholar
  5. 5.
    Schwarz M, Weiser S, Gruss D, Maurice C, Mangard S (2017) Malware guard extension: Using SGX to conceal cache attacks. In international conference on detection of intrusions and malware, and vulnerability assessment. Springer, Cham, pp 3–24Google Scholar
  6. 6.
    Kocher Paul et al (J2018), “Spectre attacks: exploiting speculative execution”, ArXiv e-printsGoogle Scholar
  7. 7.
    Disselkoen C et al (2017) “Prime+ abort: a timer-free high-precision l3 cache attack using intel TSX.” 26th USENIX Security Symposium. USENIX Security 17, VancouverGoogle Scholar
  8. 8.
    Demme J, Martin R, Waksman A, Sethumadhavan S (2012) SideChannel vulnerability factor: a metric for measuring information leakage. ACM SIGARCH Computer Architecture News 40(3):106–117CrossRefGoogle Scholar
  9. 9.
    Arcangeli A, Eidus I, Wright C (2009) Increasing memory density by using KSM. In Proceedings of the linux symposium (pp. 19–28)Google Scholar
  10. 10.
    Suzaki K, Iijima K, Yagi T, Artho C (2011) Memory deduplication as a threat to the guest OS. In Proceedings of the Fourth European Workshop on System Security (p. 1). ACMGoogle Scholar
  11. 11.
    Apecechea GI, Eisenbarth T, Sunar B (2014) Jackpot stealing information from large caches via huge pages, Cryptology ePrint Archive 2014/970Google Scholar
  12. 12.
    Weiß M, Heinz B, Stumpf F (2012) A cache timing attack on AES in virtualization environments. In: in International Conference on Financial Cryptography and Data Security. Springer, pp 314–328Google Scholar
  13. 13.
    Acıiçmez O, Schindler W, Koç ÇK (2007) Cache based remote timing attack on the AES. In Cryptographers’ Track at the RSA Conference (pp. 271-286). Springer, BerlinGoogle Scholar
  14. 14.
    Tsunoo Y, Saito T, Suzaki T, Shigeri M, Miyauchi H (2003) Cryptanalysis of DES implemented on computers with cache. In: International Workshop on Cryptographic Hardware and Embedded Systems. Springer, pp 62–76Google Scholar
  15. 15.
    Gruss D, Maurice C, Wagner K, & Mangard S (2016) Flush+ Flush: a fast and stealthy cache attack. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 279-299). Springer, ChamGoogle Scholar
  16. 16.
    Yarom Y, Falkner K (2014) FLUSH+ RELOAD: a high resolution, low noise, L3 cache sidechannel Attack. In USENIX Security Symposium (Vol. 1, pp. 22–25)Google Scholar
  17. 17.
    Aciiçmez O, Koç ÇK (2006) Trace-driven cache attacks on AES (short paper). In : International Conference on Information and Communications Security. Springer, Berlin, p 112–121Google Scholar
  18. 18.
    Gallais J-F, Kizhvatov I, Tunstall M (2010) Improved trace-driven cachecollision attacks against embedded AES implementations. In : International Workshop on Information Security Applications. Springer, Berlin, p 243–257Google Scholar
  19. 19.
    Ristenpart T, Tromer E, Shacham H et al (2009) Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In : Proceedings of the 16th ACM conference on Computer and communications security. ACM, p 199–212Google Scholar
  20. 20.
    Spreitzer R, Plos T (2013) Cache-access pattern attack on disaligned aes t-tables. In: International Workshop on Constructive Side-Channel Analysis and Secure Design. Springer, Berlin, p 200–214Google Scholar
  21. 21.
    Lipp M, Schwarz M, Gruss D et al (2018) Meltdown: reading kernel memory from user space. In : 27th {USENIX} Security Symposium ({USENIX} Security 18). p 973–990Google Scholar
  22. 22.
    Zhang W, Jia X, Wang C, Zhang S, Huang Q, Wang M, Liu P (2016) A comprehensive study of co-residence threat in multi-tenant public paas clouds. In International Conference on Information and Communications Security (pp. 361–375). Springer, ChamGoogle Scholar
  23. 23.
    Delimitrou C, Kozyrakis C (2017) Bolt: I know what you did last summer... in the cloud. In: ACM SIGARCH Computer Architecture News. ACM, p 599–613Google Scholar
  24. 24.
    Varadarajan V, Zhang Y, Ristenpart T, Swift MM (2015) A placement vulnerability study in multi-tenant public clouds. In USENIX Security Symposium (pp. 913–928)Google Scholar
  25. 25.
    Payer M (2016) HexPADS: a platform to detect “stealth” attacks. In : International Symposium on Engineering Secure Software and Systems. Springer, Cham, p 138–154Google Scholar
  26. 26.
    Zhang T, Zhang Y, Lee RB (2016) Cloudradar: a real-time side-channel attack detection system in clouds. In : International Symposium on Research in Attacks, Intrusions, and Defenses. Springer, Cham, p 118–140Google Scholar
  27. 27.
    Chiappetta M, Savas E, Yilmaz C (2016) Real time detection of cache-based side-channel attacks using hardware performance counters. Appl Soft Comput 49:1162–1174CrossRefGoogle Scholar
  28. 28.
    Bazm M-M, Sautereau T, Lacoste M, Südholt M, Menaud J-M (2018) Cache-based side-channel attacks detection through Intel Cache Monitoring Technology and Hardware Performance Counters. 3rd IEEE International Conference on Fog and Mobile Edge Computing (FMEC), BarcelonaCrossRefGoogle Scholar
  29. 29.
  30. 30.
    Gopal V, Guilford J, Ozturk E, Feghali W, Wolrich G, Dixon M (2009) Fast and constant-time implementation of modular exponentiation. Embedded Systems and Communications Security, Niagara Falls, NY, USGoogle Scholar
  31. 31.
    Rivain M, Prouff E (2010) Provably secure higher-order masking of AES. In: International Workshop on Cryptographic Hardware and Embedded Systems. Springer, pp 413–427Google Scholar
  32. 32.
    Osvik DA, Shamir A, Tromer E (2006) Cache attacks and countermeasures: the case of AES. In: Pointcheval D (ed) Topics in cryptology – CT-RSA 2006. CT-RSA 2006. Lecture notes in computer science, vol 3860. Springer, BerlinGoogle Scholar
  33. 33.
    Barthe G, Rezk T, Warnier M (2006) Preventing timing leaks through transactional branching instructions. Electronic Notes in Theoretical Computer Science 153(2):33–55CrossRefGoogle Scholar
  34. 34.
    Cleemput JV, Coppens B, De Sutter B (2012) Compiler mitigations for time attacks on modern x86 processors. ACM Transactions on Architecture and Code Optimization (TACO) 8(4):23Google Scholar
  35. 35.
    Coppens B, Verbauwhede I, De Bosschere K, De Sutter B (2009) Practical mitigations for timing-based side-channel attacks on modern x86 processors. In: 30th IEEE Symposium on Security and Privacy. IEEE, pp 45–60Google Scholar
  36. 36.
    Zhang Y, Reiter MK (2013) Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud. In : Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM, p 827–838Google Scholar
  37. 37.
    Kim T, Peinado M, Mainar-Ruiz G (2012) STEALTHMEM: system-level protection against cache-based side channel attacks in the cloud. In : Proceedings of the 21st USENIX conference on Security symposium. USENIX Association, p 11–11Google Scholar
  38. 38.
    Gens D, Arias O, Sullivan D, Liebchen C, Jin Y, Sadeghi AR (2017) LAZARUS: practical side-channel resilient kernel-space randomization. In International Symposium on Research in Attacks, Intrusions, and Defenses (pp. 238–258). Springer, ChamGoogle Scholar
  39. 39.
    Gruss D, Lipp M, Schwarz M, Fellner R, Maurice C, Mangard S (2017) KASLR is dead: long live KASLR. In: International Symposium on Engineering Secure Software and Systems. Springer, Cham, pp 161–176CrossRefGoogle Scholar
  40. 40.
    Zhang Y, Li M, Bai K, Yu M, Zang W (2012) Incentive compatible moving target defense against VM-colocation attacks in clouds. In: IFIP International Information Security Conference. Springer, pp 388–399Google Scholar
  41. 41.
    Varadarajan V, Ristenpart T, Swift MM (2014) Scheduler-based defenses against cross-vM side-channels. In : USENIX Security Symposium, p 687–702Google Scholar
  42. 42.
    Jin X, Chen H, Wang X, Wang Z, Wen X, Luo Y, Li X (2009) A simple cache partitioning approach in a virtualized environment. In Parallel and Distributed Processing with Applications, 2009 IEEE International Symposium on (pp. 519-524). IEEEGoogle Scholar
  43. 43.
    Shi J, Song X, Chen H, Zang B (2011) Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring. In Dependable Systems and Networks Workshops (DSN-W), 2011 IEEE/IFIP 41st International Conference on (pp. 194-199). IEEEGoogle Scholar
  44. 44.
    Vattikonda BC, Das S, Shacham H (2011) Eliminating fine grained timers in Xen. In : Proceedings of the 3rd ACM workshop on Cloud computing security workshop. ACM, p 41–46Google Scholar
  45. 45.
    Zhuang R, Deloach SA, Ou X (2014) Towards a theory of moving target defense. In : Proceedings of the First ACM Workshop on Moving Target Defense. ACM, p 31–40Google Scholar
  46. 46.
    Kong J, Aciicmez O, Seifert JP, Zhou H (2008) Deconstructing new cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 2nd ACM workshop on Computer security architectures (pp. 25–34). ACMGoogle Scholar
  47. 47.
    Liu F, Ge Q, Yarom Y, Mckeen F, Rozas C, Heiser G, Lee RB (2016) Catalyst: Defeating last-level cache side channel attacks in cloud computing. In High Performance Computer Architecture (HPCA), 2016 IEEE International Symposium on (pp. 406-418). IEEEGoogle Scholar
  48. 48.
    INTEL, C. A. T (2015) Improving real-time performance by utilizing cache allocation technology. Intel CorporationGoogle Scholar
  49. 49.
    Wright M, Venkatesan S, Albanese M, Wellman MP (2016) Moving target defense against ddos attacks: An empirical game-theoretic analysis. In Proceedings of the 2016 ACM Workshop on Moving Target Defense (pp. 93–104). ACMGoogle Scholar
  50. 50.
    Moon S-J, Sekar V, Reiter MK (2015) Nomad: mitigating arbitrary cloud side channels via provider-assisted migration. In : Proceedings of the 22nd acm sigsac conference on computer and communications security. ACM, p 1595–1606Google Scholar
  51. 51.
    Hermenier F, Lorca X, Menaud JM, Muller G, Lawall J (2009). Entropy: a consolidation manager for clusters. In Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments (pp. 41-50). ACMGoogle Scholar
  52. 52.
    Quesnel F, Lebre A, Südholt M (2013) Cooperative and reactive scheduling in large-scale virtualized platforms with DVMS. Concurrency and Computation: Practice and Experience 25(12):1643–1655CrossRefGoogle Scholar
  53. 53.
    Mills K, Filliben J, Dabrowski C (2011) Comparing vm-placement algorithms for on-demand clouds. In : Cloud Computing Technology and Science (CloudCom), 2011 IEEE Third International Conference on. IEEE, p 91–98Google Scholar
  54. 54.
    Denneman F (2016) NUMA deep dive part 5: ESXi VMkernel NUMA constructs, http://frankdenneman.nl/tag/numa

Copyright information

© Institut Mines-Télécom and Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Mohammad-Mahdi Bazm
    • 1
    Email author
  • Marc Lacoste
    • 1
  • Mario Südholt
    • 2
  • Jean-Marc Menaud
    • 2
  1. 1.Orange LabsChâtillonFrance
  2. 2.IMT AtlantiqueNantesFrance

Personalised recommendations