Advertisement

Securing Data Center Against Power Attacks

  • Rajesh JSEmail author
  • Chidhambaranathan Rajamanikkam
  • Koushik Chakraborty
  • Sanghamitra Roy
Article
  • 10 Downloads

Abstract

Modern data centers employ complex and specialized power management architectures in the pursuit of energy and thermal efficiency. Interestingly, this rising complexity has exposed a new attack surface in an already vulnerable environment. In this work, we uncover a potent threat stemming from a compromised power management module in the hypervisor to motivate the need to safeguard the data centers from power attacks. HyperAttackan internal power attack—maliciously increases the data center power consumption by more than 70%, while minimally affecting the service level agreement. We propose a machine learning-based secure architecture, SCALE, to detect anomalous power consumption behavior and prevent against power outages due to HyperAttack escalations. SCALE delivers 99% classification accuracy, with a maximum false positive rate of 3.8%.

Keywords

Security Data center Power attacks 

Notes

References

  1. 1.
    Andrae AS, Edler T (2015) On global electricity usage of communication technology: trends to 2030. Challenges 6(1):117–157CrossRefGoogle Scholar
  2. 2.
    Arce I et al (2014) Avoiding the top 10 software security design flaws. Technical report, IEEE Computer Societys Center for Secure Design (CSD)Google Scholar
  3. 3.
    Barroso LA, Hölzle U (2007) The case for energy-proportional computing. IEEE Computer 40:33–37CrossRefGoogle Scholar
  4. 4.
    Beloglazov A et al (2012) Energy-aware resource allocation heuristics for efficient management of data centers for cloud computing. Fut Gener Comput Syst 28(5):755–768CrossRefGoogle Scholar
  5. 5.
    Beloglazov A, Buyya R (2012) Optimal online deterministic algorithms and adaptive heuristics for energy and performance efficient dynamic consolidation of virtual machines in cloud data centers. Concurr Comput: Pract Exper 24(13):1397–1420CrossRefGoogle Scholar
  6. 6.
    Ben-Yehuda M et al (2010) The turtles project: design and implementation of nested virtualization. In: USENIX-OSDI, pp 423–436Google Scholar
  7. 7.
    Brook J et al The treacherous twelve: cloud computing top threats in 2016, Cloud Security Alliance. Retrieved June 15 (2016)Google Scholar
  8. 8.
    Buyya R et al (2010) Energy-efficient management of data center resources for cloud computing: a vision, architectural elements, and open challenges. arXiv:1006.0308
  9. 9.
    Calheiros RN et al (2011) CloudSim: a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithms. Softw. Pract. Exper. 41(1): 23–50MathSciNetCrossRefGoogle Scholar
  10. 10.
    Chan J (2004) Essentials of patch management policy and practice. http://www.patchmanagement.org/pmessentials.asp
  11. 11.
    Chang C-C, Lin C-J (2011) LIBSVM: A library for support vector machines. ACM Transactions on Intelligent Systems and Technology. Software available at http://www.csie.ntu.edu.tw/cjlin/libsvm
  12. 12.
    Crosby SA, Wallach DS Denial of service via algorithmic complexity attacks. In: 12th USENIX Security Symposium, USAGoogle Scholar
  13. 13.
    David H et al (2011) Memory power management via dynamic voltage/frequency scaling. In: ACM Proceedings on International Conference on Autonomic Computing, pp 31–40Google Scholar
  14. 14.
    Farahnakian F et al (2014) Energy-efficient virtual machines consolidation in cloud data centers using reinforcement learning. In: 22nd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing, PDP 2014, Torino, Italy, pp 500–507Google Scholar
  15. 15.
    Fu X et al (2011) How much power oversubscription is safe and allowed in data centers. In: ACM Proceedings on International Conference on Autonomic ComputingGoogle Scholar
  16. 16.
    Gartner Inc. (2012) Competitive landscape: power management IC and power semiconductor vendors. Gartner ResearchGoogle Scholar
  17. 17.
    Kliazovich D et al (2013) DENS: data center energy-efficient network-aware scheduling. Clust Comput 16 (1):65–75CrossRefGoogle Scholar
  18. 18.
    Kocher P et al (2018) Spectre attacks: exploiting speculative execution. https://meltdownattack.com
  19. 19.
    Lee Y, Kim S Samsung blames small battery flaw for prompting Note 7 recall. https://www.bloomberg.com/news/articles/2016-09-13/samsung-blames-small-battery-flaw-for-igniting-note-7-recall
  20. 20.
    Lipp M et al (2018) Meltdown. CoRR arXiv:1801.01207
  21. 21.
    Mastelic T et al (2015) Cloud computing: survey on energy efficiency. ACM Comput Surv (CSUR) 47(2):33Google Scholar
  22. 22.
    Mittal S (2014) Power management techniques for data centers: a survey. CoRR arXiv:1404.6681
  23. 23.
    Nekoogar F (2003) From ASICs to SOCs: a practical approach. Prentice Hall Professional, Englewood CliffsGoogle Scholar
  24. 24.
    Park K, Pai VS (2006) CoMon: A mostly-scalable monitoring system for PlanetLab. SIGOPSGoogle Scholar
  25. 25.
    Reserach P (2011) PC And server power management software. Tech. rep.Google Scholar
  26. 26.
    Rich S Battery failure, human error still cause most data center outages. http://www.govtech.com/data/224102581.html
  27. 27.
    Ryan MD (2013) Cloud computing security the scientific challenge, and a survey of solutions. J Syst Softw 86(9):2263–2268CrossRefGoogle Scholar
  28. 28.
  29. 29.
    Scholkopf B et al (2001) Estimating the support of a high-dimensional distribution. Journal on Neural Computing 13(7):1443–1471CrossRefGoogle Scholar
  30. 30.
  31. 31.
    Tan C et al (2012) Tinychecker: transparent protection of VMS against hypervisor failures with nested virtualization. In: IEEE/IFIP International Conference on DSN. IEEE, pp 1–6Google Scholar
  32. 32.
    TechNavio (2013) Global PC and server power management Software Market. Tech. rep.Google Scholar
  33. 33.
    Tehranipoor M, Koushanfar F (2010) A survey of hardware trojan taxonomy and detection. IEEE Des Test Comput 27(1):10–25CrossRefGoogle Scholar
  34. 34.
    Wu Z et al (2011) Energy attack on server systems. In: USENIX Technical Conference, pp 62–70Google Scholar
  35. 35.
    Xu Z et al (2014) Power attack: an increasing threat to data centers. In: 21St annual NDSS symposium, USAGoogle Scholar
  36. 36.
  37. 37.
    HP Power Manager Vulnerability CVE-2011-0280 https://nvd.nist.gov/vuln/detail/CVE-2011-0280
  38. 38.
    HP Power Manager Vulnerability CVE-2010-4113 https://nvd.nist.gov/vuln/detail/CVE-2010-4113
  39. 39.
    Intel Power Management Controller Firmware Vulnerability CVE-2018-3643 https://nvd.nist.gov/vuln/detail/CVE-2018-3643
  40. 40.
    Gao X et al (2018) Reduced cooling redundancy: a new security vulnerability in a hot data center. In: Proceedings of the network and distributed system security symposiumGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Open AccessSpringer Nature terms of use for archived author accepted manuscripts (AAMs) of subscription articles For articles, books and chapters published within the Springer Nature group of companies that have been archived into academic repositories such as institutional repositories, PubMed Central and its mirror sites, where a Springer Nature company holds copyright, or an exclusive license to publish, users may view, print, copy, download and text and data-mine the content, for the purposes of academic research, subject always to the full conditions of use. Any further use is subject to permission from Springer Nature. The conditions of use are not intended to override, should any national law grant further rights to any user. Conditions of use Articles, books and chapters published within the Springer Nature group of companies which are made available through academic repositories remain subject to copyright. The following restrictions on use of such articles, books and chapters apply: Academic research only 1. Archived content may only be used for academic research. Any content downloaded for text based experiments should be destroyed when the experiment is complete. Reuse must not be for Commercial Purposes 2. Archived content may not be used for purposes that are intended for or directed towards commercial advantage or monetary compensation by means of sale, resale, licence, loan, transfer or any other form of commercial exploitation ("Commercial Purposes"). Wholesale re-publishing is prohibited 3. Archived content may not be published verbatim in whole or in part, whether or not this is done for Commercial Purposes, either in print or online. 4. This restriction does not apply to reproducing normal quotations with an appropriate citation. In the case of text-mining, individual words, concepts and quotes up to 100 words per matching sentence may be used, whereas longer paragraphs of text and images cannot (without specific permission from Springer Nature). Moral rights 5. All use must be fully attributed.  Attribution must take the form of a link - using the article DOI - to the published article on the journal's website. 6. All use must ensure that the authors' moral right to the integrity of their work is not compromised. Third party content 7. Where content in the document is identified as belonging to a third party, it is the obligation of the user to ensure that any use complies with copyright policies of the owner. Reuse at own risk 8. Any use of Springer Nature content is at your own risk and Springer Nature accepts no liability arising from such use.

Authors and Affiliations

  1. 1.USU BRIDGE LAB, Electrical and Computer EngineeringUtah State UniversityLoganUSA

Personalised recommendations