Full Text:   <346>

Summary:  <172>

CLC number: TP393

On-line Access: 2019-06-10

Received: 2018-08-31

Revision Accepted: 2018-11-26

Crosschecked: 2019-05-13

Cited: 0

Clicked: 1139

Citations:  Bibtex RefMan EndNote GB/T7714

 ORCID:

Chao Yang

http://orcid.org/0000-0002-4796-7011

-   Go to

Article info.
Open peer comments

Frontiers of Information Technology & Electronic Engineering  2019 Vol.20 No.5 P.731-748

http://doi.org/10.1631/FITEE.1800526


Driftor: mitigating cloud-based side-channel attacks by switching and migrating multi-executor virtual machines


Author(s):  Chao Yang, Yun-fei Guo, Hong-chao Hu, Ya-wen Wang, Qing Tong, Ling-shu Li

Affiliation(s):  National Digital Switching System Engineering & Technological Research Center, Zhengzhou 450003, China

Corresponding email(s):   1989600235@qq.com

Key Words:  Cloud computing, Side-channel attack, Information leakage, Multi-executor structure, Virtual machine switch, Virtual machine migration


Chao Yang, Yun-fei Guo, Hong-chao Hu, Ya-wen Wang, Qing Tong, Ling-shu Li. Driftor: mitigating cloud-based side-channel attacks by switching and migrating multi-executor virtual machines[J]. Frontiers of Information Technology & Electronic Engineering, 2019, 20(5): 731-748.

@article{title="Driftor: mitigating cloud-based side-channel attacks by switching and migrating multi-executor virtual machines",
author="Chao Yang, Yun-fei Guo, Hong-chao Hu, Ya-wen Wang, Qing Tong, Ling-shu Li",
journal="Frontiers of Information Technology & Electronic Engineering",
volume="20",
number="5",
pages="731-748",
year="2019",
publisher="Zhejiang University Press & Springer",
doi="10.1631/FITEE.1800526"
}

%0 Journal Article
%T Driftor: mitigating cloud-based side-channel attacks by switching and migrating multi-executor virtual machines
%A Chao Yang
%A Yun-fei Guo
%A Hong-chao Hu
%A Ya-wen Wang
%A Qing Tong
%A Ling-shu Li
%J Frontiers of Information Technology & Electronic Engineering
%V 20
%N 5
%P 731-748
%@ 2095-9184
%D 2019
%I Zhejiang University Press & Springer
%DOI 10.1631/FITEE.1800526

TY - JOUR
T1 - Driftor: mitigating cloud-based side-channel attacks by switching and migrating multi-executor virtual machines
A1 - Chao Yang
A1 - Yun-fei Guo
A1 - Hong-chao Hu
A1 - Ya-wen Wang
A1 - Qing Tong
A1 - Ling-shu Li
J0 - Frontiers of Information Technology & Electronic Engineering
VL - 20
IS - 5
SP - 731
EP - 748
%@ 2095-9184
Y1 - 2019
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/FITEE.1800526


Abstract: 
Co-residency of different tenants’ virtual machines (VMs) in cloud provides a good chance for side-channel attacks, which results in information leakage. However, most of current defense suffers from the generality or compatibility problem, thus failing in immediate real-world deployment. VM migration, an inherit mechanism of cloud systems, envisions a promising countermeasure, which limits co-residency by moving VMs between servers. Therefore, we first set up a unified practical adversary model, where the attacker focuses on effective side channels. Then we propose Driftor, a new cloud system that contains VMs of a multi-executor structure where only one executor is active to provide service through a proxy, thus reducing possible information leakage. Active state is periodically switched between executors to simulate defensive effect of VM migration. To enhance the defense, real VM migration is enabled at the same time. Instead of solving the migration satisfiability problem with intractable CIRCUIT-SAT, a greedy-like heuristic algorithm is proposed to search for a viable solution by gradually expanding an initial has-to-migrate set of VMs. Experimental results show that Driftor can not only defend against practical fast side-channel attack, but also bring about reasonable impacts on real-world cloud applications.

基于切换和迁移多执行体架构虚拟机的云侧信道攻击防御技术

摘要:云中不同租户的虚拟机共存为以信息泄露为目标的侧信道攻击创造了便利条件。然而,当前绝大多数防御技术都存在通用性或兼容性问题,无法在真实环境下实现快速部署。作为云系统固有功能之一,虚拟机迁移机制可通过在服务器之间迁移虚拟机,限制租户共存,从而提供一种具有应用前景的防御思路。本文首先建立一个统一的攻击模型,攻击者关注的目标是有效侧信道攻击。设计了一种包含多执行架构虚拟机的新型云系统:Driftor。对于其中每个虚拟机,同一时刻有且仅有一个执行体处于运行状态,并通过代理提供服务,以此降低可能泄漏的信息量。为模拟虚拟机迁移机制,系统将在虚拟机不同执行体之前周期性切换运行状态,同时通过真实迁移操作加强防御效果。为解决CIRCUIT-SAT求解迁移问题时的弱扩展性,本文提出一种类贪婪算法,通过逐渐扩展必须迁移的虚拟机子集搜索可行解。实验结果表明,Driftor能有效防御快速侧信道攻击,且针对真实云应用的防御开销较小。

关键词:云计算;侧信道攻击;信息泄露;多执行体架构;虚拟机切换;虚拟机迁移

Darkslateblue:Affiliate; Royal Blue:Author; Turquoise:Article

Reference

[1]Almeida JB, Barbosa M, Barthe G, et al., 2016. Verifiable side-channel security of cryptographic implementations: constant-time MEE-CBC. 23rd Int Conf on Fast Software Encryption, p.163-184.

[2]Amazon EC2, 2018. Amazon EC2. https://amazonaws-china.com/cn/events/ec2/?sc_channel=ps&sc_campaign=inbounddg&sc_publisher=baidu&sc_detail={ec2%20amazon}&sc_country=cn&sc_geo=chna&sc_category=ec2&sc_segment={AWS%20EC2|brand}&sc_outcome=field&trkCampaign=inbounddg_ec2& trk=Baidu|AWS%20EC2|brand|ec2%20amazon&audience=205636 [Accessed on Aug. 4, 2018].

[3]Bosman E, Razavi K, Bos H, et al., 2016. Dedup est Machina: memory deduplication as an advanced exploitation vector. IEEE Symp on Security and Privacy, p.987-1004.

[4]Douceur JR, 2002. The Sybil attack. 1st Int Workshop on Peer-to-Peer Systems, p.251-260.

[5]Ezhilchelvan PD, Mitrani I, 2017. Evaluating the probability of malicious co-residency in public clouds. IEEE Trans Cloud Comput, 5(3):420-427.

[6]Feng DG, Zhang M, Zhang Y, et al., 2011. Study on cloud computing security. J Softw, 22(1):71-83 (in Chinese).

[7]Garey MR, Johnson DS, 1979. Computers and intractability: a guide to the theory of NP-completeness. W.H. Freeman & Co., New York, NY, USA, p.498-500.

[8]Gruss D, Maurice C, Wagner K, et al., 2016. Flush+Flush: a fast and stealthy cache attack. Int Conf on Detection of Intrusions and Malware, and Vulnerability Assessment, p.279-299.

[9]Han Y, Alpcan T, Chan J, et al., 2016. A game theoretical approach to defend against co-resident attacks in cloud computing: preventing co-residence using semi-supervised learning. IEEE Trans Inform Forens Secur, 11(3):556-570.

[10]Han Y, Chan J, Alpcan T, et al., 2017. Using virtual machine allocation policies to defend against co-resident attacks in cloud computing. IEEE Trans Depend Secur Comput, 14(1):95-108.

[11]Hu HC, Wu JX, Wang ZP, et al., 2018. Mimic defense: a designed-in cybersecurity defense framework. IET Inform Secur, 12(3):226-237.

[12]Irazoqui G, Eisenbarth T, Sunar B, 2015. S$A: a shared cache attack that works across cores and defies VM sandboxing --and its application to AES. IEEE Symp on Security and Privacy, p.591-604.

[13]Kämäräinen T, Shan YQ, Siekkinen M, et al., 2015. Virtual machines vs. containers in cloud gaming systems. Int Workshop on Network and Systems Support for Games, p.1-6.

[14]Kim T, Peinado M, Mainar-Ruiz G, 2012. STEALTHMEM: system-level protection against cache-based side channel attacks in the cloud. 21st USENIX Conf on Security Symp, p.1-11.

[15]Kwiat L, Kamhoua CA, Kwiat KA, et al., 2015. Security-aware virtual machine allocation in the cloud: a game theoretic approach. Proc IEEE 8th Int Conf on Cloud Computing, p.556-563.

[16]Li H, Ota K, Dong MX, et al., 2017. Multimedia processing pricing strategy in GPU-accelerated cloud computing. IEEE Trans Cloud Comput, p.1.

[17]Li H, Ota K, Dong MX, 2018. Virtual network recognition and optimization in SDN-enabled cloud environment. IEEE Trans Cloud Comput, p.1.

[18]Li P, Gao DB, Reiter MK, 2014. StopWatch: a cloud architecture for timing channel mitigation. ACM Trans Inform Syst Secur, 17(2):28.

[19]Lingeling, 2018. Lingeling, Plingeling and Treengeling. http://fmv.jku.at/lingeling/ [Accessed on Aug. 4, 2018].

[20]Liu FF, Lee RB, 2014. Random fill cache architecture. 47th Annual IEEE/ACM Int Symp on Microarchitecture, p.203-215.

[21]Liu FF, Yarom Y, Ge Q, et al., 2015. Last-level cache side-channel attacks are practical. IEEE Symp on Security and Privacy, p.605-622.

[22]MariaDB, 2018. The MariaDB Foundation–Supporting Continuity and Open Collaboration in the MariaDB Ecosystem. https://mariadb.org [Accessed on Aug. 4, 2018].

[23]Microsoft Azure, 2018. Microsoft Azure. https://azure.microsoft.com/zh-cn/ [Accessed on Aug. 4, 2018].

[24]Migrate Instances, 2018. Migrate Instances. https://docs.openstack.org/nova/rocky/admin/migration.html [Accessed on Aug. 4, 2018].

[25]Moon SJ, Sekar V, Reiter MK, 2015. Nomad: mitigating arbitrary cloud side channels via provider-assisted migration. 22nd ACM SIGSAC Conf on Computer and Communications Security, p.1595-1606.

[26]Moscibroda T, Mutlu O, 2007. Memory performance attacks: denial of memory service in multi-core systems. Proc 16th USENIX Security Symp, Article 18.

[27]Nginx, 2018. Nginx News. http://nginx.org/ [Accessed on Aug. 4, 2018].

[28]OpenStack, 2018. The Open Infrastructure Summit CFP is Now Open! https://www.openstack.org/ [Accessed on Aug. 4, 2018].

[29]Pattuk E, Kantarcioglu M, Lin ZQ, et al., 2014. Preventing cryptographic key leakage in cloud virtual machines. Proc 23rd USENIX Conf on Security Symp, p.703-718.

[30]Rackspace, 2018. Transform the Way You Do Business. https://www.rackspace.com/ [Accessed on Aug. 4, 2018].

[31]Raj H, Nathuji R, Singh A, et al., 2009. Resource management for isolation enhanced cloud services. Proc ACM Workshop on Cloud Computing Security, p.77-84.

[32]Ristenpart T, Tromer E, Shacham H, et al., 2009. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. Proc 16th ACM Conf on Computer and Communications Security, p.199-212.

[33]Shyamasundar RK, 1996. Introduction to algorithms. Resonance, 1(9):14-24.

[34]Thompson M, Evans N, Kisekka V, 2014. Multiple OS rotational environment an implemented moving target defense. 7th Int Symp on Resilient Control Systems, p.1-6.

[35]Varadarajan V, Ristenpart T, Swift M, 2014. Scheduler-based defenses against cross-VM side-channels. Proc 23rd USENIX Conf on Security Symp, p.687-702.

[36]Vattikonda BC, Das S, Shacham H, 2011. Eliminating fine grained timers in Xen. 3rd ACM Workshop on Cloud Computing Security Workshop, p.41-46.

[37]Wang HX, Li F, Chen SQ, 2016. Towards cost-effective moving target defense against DDoS and covert channel attacks. Proc ACM Workshop on Moving Target Defense, p.15-25.

[38]Wang ZH, Lee RB, 2007. New cache designs for thwarting software cache-based side channel attacks. ACM SIGARCH Comput Arch News, 35(2):494-505.

[39]Wang ZH, Lee RB, 2008. A novel cache architecture with enhanced performance and security. 41st IEEE/ACM Int Symp on Microarchitecture, p.83-93.

[40]WikiBench, 2018. WikiBench. http://www.wikibench.eu/ [Accessed on Aug. 4, 2018].

[41]Wu J, Dong MX, Ota K, et al., 2017. FCSS: fog computing based content-aware filtering for security services in information centric social networks. IEEE Trans Emerg Top Comput, p.1.

[42]Wu J, Dong MX, Ota K, et al., 2018. Big data analysis-based secure cluster management for optimized control plane in software-defined networks. IEEE Trans Netw Serv Manag, 15(1):27-38.

[43]Wu JX, 2016. Research on cyber mimic defense. J Cyber Secur, 1(4):1-10 (in Chinese).

[44]Yarom Y, Falkner K, 2014. FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. Proc 23rd USENIX Conf on Security Symp, p.719-732.

[45]Zhang YL, Li M, Bai K, et al., 2012. Incentive compatible moving target defense against VM-colocation attacks in clouds. In: Gritzalis D, Furnell S, Theoharidou M (Eds.), Information Security and Privacy Research. Springer Berlin Heidelberg, Germany, p.388-399.

[46]Zhang YQ, Reiter MK, 2013. Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud. Proc ACM SIGSAC Conf on Computer & Communications Security, p.827-838.

[47]Zhang YQ, Juels A, Reiter MK, et al., 2012. Cross-VM side channels and their use to extract private keys. Proc ACM Conf on Computer and Communications Security, p.305- 316.

[48]Zhang YQ, Juels A, Reiter MK, et al., 2014. Cross-tenant side- channel attacks in PaaS clouds. Proc ACM SIGSAC Conf on Computer and Communications Security, p.990-1003.

Open peer comments: Debate/Discuss/Question/Opinion

<1>

Please provide your name, email address and a comment





Journal of Zhejiang University-SCIENCE, 38 Zheda Road, Hangzhou 310027, China
Tel: +86-571-87952783; E-mail: cjzhang@zju.edu.cn
Copyright © 2000 - Journal of Zhejiang University-SCIENCE