Virtualization and Cloud Computing. The Threat of Covert Channels. Related Work. Zhenyu Wu, Zhang Xu, and Haining Wang 1



Similar documents
Are Cache Attacks on Public Clouds Practical?

Real- Time Mul,- Core Virtual Machine Scheduling in Xen

Small is Better: Avoiding Latency Traps in Virtualized DataCenters

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Cloud security CS642: Computer Security Professor Ristenpart h9p:// rist at cs dot wisc dot edu University of Wisconsin CS 642

Virtualization. Dr. Yingwu Zhu

Enabling Technologies for Distributed and Cloud Computing

Computer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk

The Benefits of POWER7+ and PowerVM over Intel and an x86 Hypervisor

HEY, YOU, GET OFF OF MY CLOUD: EXPLORING INFORMATION LEAKAGE

Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Clouds. Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage

IOS110. Virtualization 5/27/2014 1

Technical Paper. Moving SAS Applications from a Physical to a Virtual VMware Environment

ACANO SOLUTION VIRTUALIZED DEPLOYMENTS. White Paper. Simon Evans, Acano Chief Scientist

Chapter 14 Virtual Machines

COS 318: Operating Systems. Virtual Machine Monitors

RED HAT ENTERPRISE VIRTUALIZATION & CLOUD COMPUTING

Vocera Voice 4.3 and 4.4 Server Sizing Matrix

Scaling in a Hypervisor Environment

Cloud computing security

Full and Para Virtualization

Chapter 5 Cloud Resource Virtualization

Data Centers and Cloud Computing

Thomas Fahrig Senior Developer Hypervisor Team. Hypervisor Architecture Terminology Goals Basics Details

Enabling Technologies for Distributed Computing

HALF THE PRICE. HALF THE POWER. HALF THE SPACE.

Outline. Introduction. State-of-the-art Forensic Methods. Hardware-based Workload Forensics. Experimental Results. Summary. OS level Hypervisor level

StACC: St Andrews Cloud Computing Co laboratory. A Performance Comparison of Clouds. Amazon EC2 and Ubuntu Enterprise Cloud

HRG Assessment: Stratus everrun Enterprise

Masters Project Proposal

COLO: COarse-grain LOck-stepping Virtual Machine for Non-stop Service

DIABLO TECHNOLOGIES MEMORY CHANNEL STORAGE AND VMWARE VIRTUAL SAN : VDI ACCELERATION

Intel DPDK Boosts Server Appliance Performance White Paper

Performance Evaluation of VMXNET3 Virtual Network Device VMware vsphere 4 build

The Benefits of Virtualizing

Virtualization. Pradipta De

New Data Center architecture

Virtual Switching Without a Hypervisor for a More Secure Cloud

Achieving Nanosecond Latency Between Applications with IPC Shared Memory Messaging

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

Development of Type-2 Hypervisor for MIPS64 Based Systems

Best Practices for Monitoring Databases on VMware. Dean Richards Senior DBA, Confio Software

Achieving QoS in Server Virtualization

Virtualization of the MS Exchange Server Environment

Security Overview of the Integrity Virtual Machines Architecture

Virtualization. Jukka K. Nurminen

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies

Windows Server 2008 R2 Hyper-V Live Migration

Network performance in virtual infrastructures

CFCC: Covert Flows Confinement For VM Coalitions Ge Cheng, Hai Jin, Deqing Zou, Lei Shi, and Alex K. Ohoussou

Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family

Control your corner of the cloud.

I/O Virtualization Using Mellanox InfiniBand And Channel I/O Virtualization (CIOV) Technology

Why Use 16Gb Fibre Channel with Windows Server 2012 Deployments

VXLAN: Scaling Data Center Capacity. White Paper

Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines

Cloud Computing through Virtualization and HPC technologies

Datacenters and Cloud Computing. Jia Rao Assistant Professor in CS

How To Make A Virtual Machine Aware Of A Network On A Physical Server

Multi-core Programming System Overview

Virtualization. Explain how today s virtualization movement is actually a reinvention

SQL Server Virtualization

Performance Analysis of Large Receive Offload in a Xen Virtualized System

SQL Server Consolidation Using Cisco Unified Computing System and Microsoft Hyper-V

GUEST OPERATING SYSTEM BASED PERFORMANCE COMPARISON OF VMWARE AND XEN HYPERVISOR

Data Centers and Cloud Computing. Data Centers

Virtualization for Cloud Computing

Developing a dynamic, real-time IT infrastructure with Red Hat integrated virtualization

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?

Microsoft SQL Server 2012 on Cisco UCS with iscsi-based Storage Access in VMware ESX Virtualization Environment: Performance Study

MS Exchange Server Acceleration

PARALLELS CLOUD SERVER

9/26/2011. What is Virtualization? What are the different types of virtualization.

The Role of the Operating System in Cloud Environments

ConnectX -3 Pro: Solving the NVGRE Performance Challenge

Enterprise Storage Solution for Hyper-V Private Cloud and VDI Deployments using Sanbolic s Melio Cloud Software Suite April 2011

Jukka Ylitalo Tik TKK, April 24, 2006

Hyper-V R2: What's New?

Distributed and Cloud Computing

Energy Constrained Resource Scheduling for Cloud Environment

Before we can talk about virtualization security, we need to delineate the differences between the

Compromise-as-a-Service

Introduction to Virtual Machines

Dell Virtualization Solution for Microsoft SQL Server 2012 using PowerEdge R820

Knut Omang Ifi/Oracle 19 Oct, 2015

The Lagopus SDN Software Switch. 3.1 SDN and OpenFlow. 3. Cloud Computing Technology

Virtual Machine Security

Answering the Requirements of Flash-Based SSDs in the Virtualized Data Center

How To Connect Virtual Fibre Channel To A Virtual Box On A Hyperv Virtual Machine

Cloud Computing and the Internet. Conferenza GARR 2010

Overcoming Security Challenges to Virtualize Internet-facing Applications

Rackspace Cloud Databases and Container-based Virtualization

Transcription:

Virtualization and Cloud Computing Zhenyu Wu, Zhang Xu, Haining Wang William and Mary Now affiliated with NEC Laboratories America Inc. Server Virtualization Consolidates workload Simplifies resource management Enabling Utility-based Cloud Computing Server Virtualization Technologies Goal: Computing consolidation Design: Logically-separate but physically-shared NOT equivalent to physically separated machines Non-negligible differences expected, e.g. covert channels The Threat of Covert Channels Covert Channels Exploit imperfection in the isolation of shared resources Enable communication bypassing mandatory access controls (i.e. data exfiltration) On non-virtualized systems File system objects, network stack, shared processor cache, input device, etc. On virtualized systems No practical exploit to date Related Work Precautionary Research Hey, you, get off of my cloud (Ristenpart et al., CCS 9) Bandwidth.2bps << bps by TCSEC Follow up research (Xu et al., CCSW ) Improved bandwidth 3.2bps (~% error rate) Conclusion: can do very limited harm in the cloud Industry Response Amazon EC2 Dedicated Instances Significant extra-cost (Targeting the paranoid high-end?) Zhenyu Wu, Zhang Xu, and Haining Wang

Project Outline Understand Existing Cache Covert Channel Why it doesn t work in the Cloud Design a New Covert Channel Targeting cross-vm communication Realistic Evaluation In-house and on Amazon EC2 Struggles of Cache Covert Channel Struggles of Cache Covert Channel Classic Cache Channel A hybrid timing & storage channel Cache Classic Cache Channels Works very well on hyper-threaded processor Bandwidth ~4 kilo bytes/sec ~3,, bits/sec Performs very poorly on virtualize environment Bandwidth ~ bit/sec Reasons for Struggling Addressing Uncertainty Scheduling Uncertainty Cache Physical Limitation Zhenyu Wu, Zhang Xu, and Haining Wang 2

Struggle #: Addressing Uncertainty Virtualization Additional Layer of Indirection (or, complication) Struggle #2: Scheduling Uncertainty Cache Round-trip Requirement Initialize Prepare Detect L2 Cache (VIPT / PIPT) Strict Round-Robin Scheduling Process A VM Guest Physical Address Host Physical Address Host Physical Address Guest Physical Address Process B VM 2 Struggle #2: Scheduling Uncertainty Struggle #3: Physical Limitation Too Many Invalid Scheduling Alternatives Other Require stably shared cache, however Non-participating workload destabilize the cache s between physical processors do not share cache! Other Other L L L L2 Processor L L L L L2 Processor L Zhenyu Wu, Zhang Xu, and Haining Wang 3

Latency Project Outline Understand Existing Cache Covert Channel Why it doesn t work in the Cloud Design a New Covert Channel Targeting cross-vm communication Realistic Evaluation In-house and on Amazon EC2 Redesigning Transmission Change of Modulation Technique Cache region based encoding no longer suitable State Patterns Timing Patterns Redesigning Transmission Change of Modulation Technique Cache region based encoding no longer suitable State Patterns Timing Patterns Redesigning Transmission Change of Modulation Technique Cache region based encoding no longer suitable State Patterns Timing Patterns Cache Miss Change of Scheduling Requirement Signal generation and detection are instantaneous Cache Hit Valid For Transmission Zhenyu Wu, Zhang Xu, and Haining Wang 4

Demonstration L2 cache channel using new transmission scheme Intel 2, Hyper-V, Windows Guests Progress So Far Addressing Uncertainty Scheduling Uncertainty 39 bits in 2μs 9 kilo bits / sec Cache Physical Limitation An Insurmountable Limitation A shared cache is not guaranteed Virtual processor migration results in frequent interruption L L L L L L L L L2 L2 Processor Processor Zhenyu Wu, Zhang Xu, and Haining Wang 5

The Bus Contention Channel Look beyond the processor cache we see the memory bus!!!!!!!! L L L L L L L L L2 Processor L2 Processor Atomic Instructions Special x86 memory manipulations Ensures operation atomicity Very useful for thread synchronization and covert channels Contention Bus Blocked Theory vs. Reality Theoretical Performance impact is localized Theory vs. Reality Theoretical (Not Exploitable) Performance impact is localized Pre-Pentium Pro Atomicity is implemented using bus lock signal!!! Bus Zhenyu Wu, Zhang Xu, and Haining Wang 6

Theory vs. Reality Theoretical (Not Exploitable) Performance impact is localized Pre-Pentium Pro (Exploitable) Atomicity is implemented using bus lock signal Pentium Pro ~ Pre-Nehalem Bus lock is reduced, but not eliminated When target data can be put on a cache line Cache line locking is performed But when target data spans two cache lines Reverts to old bus locking behavior!!! Cache Cache Cache Cache Bus Theory vs. Reality Theoretical (Not Exploitable) Performance impact is localized Pre-Pentium Pro (Exploitable) Atomicity is implemented using bus lock signal Pentium Pro ~ Pre-Nehalem (Exploitable) Bus lock is reduced, but not eliminated Nehalem ~? No shared memory bus! When target data can be put on a cache line Cache line locking is performed But when target data spans two cache lines Coordinated flush of all in-flight memory operations! Cache Cache!! Cache Cache Zhenyu Wu, Zhang Xu, and Haining Wang 7

Theory vs. Reality Theoretical (Not Exploitable) Performance impact is localized Pre-Pentium Pro (Exploitable) Atomicity is implemented using bus lock signal Pentium Pro ~ Pre-Nehalem (Exploitable) Bus lock is reduced, but not eliminated Nehalem ~? (Still Exploitable) No shared memory bus! Demonstration Bus Channels Intel 2, Hyper-V, Windows VMs Intel Xeon (Nehalem), Xen Linux VMs 39 bits in ms 38 kilo bits / sec So Far, So Good And Then? Addressing Uncertainty Scheduling Uncertainty Cache Physical Limitation Zhenyu Wu, Zhang Xu, and Haining Wang 8

Reliable Communication The memory bus channel is quite noisy Reliable Communication The memory bus channel is quite noisy Contended Contention-Free Contended ~6 bits ~43 bits ~6 Contention-Free bits Reliable Communication Receiving Confirmation No Explicit Send-and-Ack Simultaneous receiver detection Leveraging the system-wide observable bus contention Clock Synchronization Self-clock coding Differential Manchester Coding Standard network coding used in token ring network Error Correction Again, no Send-and-Ack Forward Error Correction Reed-Solomon Coding Use for optical discs, satellite communication, etc. Reliable Communication Framing Send data in small fixed-length packets Improves resilience to interruptions and errors Overview of Complete Protocol Block Segments Parity FEC Segments Preamble Parity Frame DM Encoded Frame Zhenyu Wu, Zhang Xu, and Haining Wang 9

Project Outline Understand Existing Cache Covert Channel Why it doesn t work in the Cloud Design a New Covert Channel Targeting cross-vm communication Realistic Evaluation In-house and on Amazon EC2 In-house Experiment Realistic Setup Intel Xeon (Nehalem), Xen, Linux Guests Spawn two VMs, single vcpu, 52MB memory and receiver runs as unprivileged user programs Protocol Parameters 32 bit data frame (8 bit preamble, 24 bit payload) FEC Parity : = 4 : 4 Channel Capacity Bandwidth: 78.6 ± 3.6 bps Error rate:.27% Amazon EC2 Experiments Preparation Spawn two physical co-resident VMs /proc/cpuinfo: Intel Xeon (Yorkfield) (share memory bus) Initial Trial: Protocol Parameters 24 bit data frame (8 bit preamble, 6 bit payload) FEC Parity : = 4 : 4 Best Channel Capacity Bandwidth: 343.5 ± 66. bps Error rate:.39% But degrades over time in an interesting way Amazon EC2 Experiments Three Staged Performance Due to Xen scheduler preemption Zhenyu Wu, Zhang Xu, and Haining Wang

Amazon EC2 Experiments Adapting to Offensive scheduling: Protocol Parameters Slow down transmission rate by 2% Increase FEC Parity : = 4 : 2 Stable Channel Capacity Bandwidth: 7.9 ± 39.9 bps Error rate:.75% Amazon EC2 Experiments Protocol Versatility Automatic speed adjustment according to channel quality Mitigation Avenues Tenants Limited Options Performance Anomaly Dentations Defender continuously monitors memory access latency High overhead, high false positives Cloud Providers Preventative Measures Dedicated Instance (Amazon EC2) Effective but costly Alternative Low-Cost Placement Strategies Controlled and deterministic sharing Makes arbitrary attack difficult Zhenyu Wu, Zhang Xu, and Haining Wang

Mitigation Avenues Cloud Providers Detective Measures Leverage access to Hypervisor, and rich server resource Discover performance anomalies by hardware counters Low overhead, low false positive penalties Hardware Manufactures Isolation Improvements (Preventative Measures) Trap instead of handling exotic conditions Tag request by VM, and limit performance impact scope Costly (one-time), but effective and efficient Conclusion Covert Channel Attacks in the Cloud are Practical We uncovered a high speed covert channel medium We designed a reliable transmission protocol We evaluated the performance in a real cloud environment Call for Effective and Efficient Mitigations Three avenues of approaches: Tenant Cloud Provider Hardware Manufacture Thank you for listening! Zhenyu Wu, Zhang Xu, and Haining Wang 2

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information