Abstract
Co-residency of different tenants’ virtual machines (VMs) in cloud provides a good chance for side-channel attacks, which results in information leakage. However, most of current defense suffers from the generality or compatibility problem, thus failing in immediate real-world deployment. VM migration, an inherit mechanism of cloud systems, envisions a promising countermeasure, which limits co-residency by moving VMs between servers. Therefore, we first set up a unified practical adversary model, where the attacker focuses on effective side channels. Then we propose Driftor, a new cloud system that contains VMs of a multi-executor structure where only one executor is active to provide service through a proxy, thus reducing possible information leakage. Active state is periodically switched between executors to simulate defensive effect of VM migration. To enhance the defense, real VM migration is enabled at the same time. Instead of solving the migration satisfiability problem with intractable CIRCUIT-SAT, a greedy-like heuristic algorithm is proposed to search for a viable solution by gradually expanding an initial has-to-migrate set of VMs. Experimental results show that Driftor can not only defend against practical fast side-channel attack, but also bring about reasonable impacts on real-world cloud applications.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Almeida JB, Barbosa M, Barthe G, et al., 2016. Verifiable side-channel security of cryptographic implementations: constant-time MEE-CBC. 23rd Int Conf on Fast Software Encryption, p.163–184. https://doi.org/10.1007/978-3-662-52993-5_9
Amazon EC2, 2018. Amazon EC2. https://amazonaws-china.com/cn/events/ec2/?sc_channel=ps&sc_campaign=inbounddg&c_publisher=baidu&sc_detail={ec2%20amazon}&sc_country=cn&sc_geo=chna&sc_categoryec2&sc_segment={AWS%20EC2 brand}&sc_outcome=field&trkCampaign=inbounddg_ec2&trk=Baidu AWS%20EC2 brand ec2%20amazon&audience=205636 [Accessed on Aug. 4, 2018].
Bosman E, Razavi K, Bos H, et al., 2016. Dedup est Machina: memory deduplication as an advanced exploitation vector. IEEE Symp on Security and Privacy, p.987–1004. https://doi.org/10.1109/SP.2016.63
Douceur JR, 2002. The Sybil attack. 1st Int Workshop on Peer-to-Peer Systems, p.251–260. https://doi.org/10.1007/3-540-45748-8_24
Ezhilchelvan PD, Mitrani I, 2017. Evaluating the probability of malicious co-residency in public clouds. IEEE Trans Cloud Comput, 5(3):420–427. https://doi.org/10.1109/TCC.2015.2451633
Feng DG, Zhang M, Zhang Y, et al., 2011. Study on cloud computing security. J Softw, 22(1):71–83 (in Chinese). https://doi.org/10.3724/SPJ.1001.2011.03958
Garey MR, Johnson DS, 1979. Computers and intractability: a guide to the theory of NP-completeness. W.H. Freeman & Co., New York, NY, USA, p.498–500. https://doi.org/10.2307/2273574
Gruss D, Maurice C, Wagner K, et al., 2016. Flush+Flush: a fast and stealthy cache attack. Int Conf on Detection of Intrusions and Malware, and Vulnerability Assessment, p.279–299. https://doi.org/10.1007/978-3-319-40667-1_14
Han Y, Alpcan T, Chan J, et al., 2016. A game theoretical approach to defend against co-resident attacks in cloud computing: preventing co-residence using semi-supervised learning. IEEE Trans Inform Forens Secur, 11(3):556–570. https://doi.org/10.1109/TIFS.2015.2505680
Han Y, Chan J, Alpcan T, et al., 2017. Using virtual machine allocation policies to defend against co-resident attacks in cloud computing. IEEE Trans Depend Secur Comput, 14(1):95–108. https://doi.org/10.1109/TDSC.2015.2429132
Hu HC, Wu JX, Wang ZP, et al., 2018. Mimic defense: a designed-in cybersecurity defense framework. IET Inform Secur, 12(3):226–237. https://doi.org/10.1049/iet-ifs.2017.0086
Irazoqui G, Eisenbarth T, Sunar B, 2015. S$A: a shared cache attack that works across cores and defies VM sandboxing — and its application to AES. IEEE Symp on Security and Privacy, p.591–604. https://doi.org/10.1109/SP.2015.42
Kämäräinen T, Shan YQ, Siekkinen M, et al., 2015. Virtual machines vs. containers in cloud gaming systems. Int Workshop on Network and Systems Support for Games, p.1–6. https://doi.org/10.1109/NetGames.2015.7382987
Kim T, Peinado M, Mainar-Ruiz G, 2012. STEALTHMEM: system-level protection against cache-based side channel attacks in the cloud. 21st USENIX Conf on Security Symp, p.1–11.
Kwiat L, Kamhoua CA, Kwiat KA, et al., 2015. Security-aware virtual machine allocation in the cloud: a game theoretic approach. Proc IEEE 8th Int Conf on Cloud Computing, p.556–563. https://doi.org/10.1109/CLOUD.2015.80
Li H, Ota K, Dong MX, et al., 2017. Multimedia processing pricing strategy in GPU-accelerated cloud computing. IEEE Trans Cloud Comput, p.1. https://doi.org/10.1109/TCC.2017.2672554
Li H, Ota K, Dong MX, 2018. Virtual network recognition and optimization in SDN-enabled cloud environment. IEEE Trans Cloud Comput, p.1. https://doi.org/10.1109/TCC.2018.2871118
Li P, Gao DB, Reiter MK, 2014. StopWatch: a cloud architecture for timing channel mitigation. ACM Trans Inform Syst Secur, 17(2):28. https://doi.org/10.1145/2670940
Lingeling, 2018. Lingeling, Plingeling and Treengeling. http://fmv.jku.at/lingeling/ [Accessed on Aug. 4, 2018].
Liu FF, Lee RB, 2014. Random fill cache architecture. 47th Annual IEEE/ACM Int Symp on Microarchitecture, p.203–215. https://doi.org/10.1109/MICRO.2014.28
Liu FF, Yarom Y, Ge Q, et al., 2015. Last-level cache side-channel attacks are practical. IEEE Symp on Security and Privacy, p.605–622. https://doi.org/10.1109/SP.2015.43
MariaDB, 2018. The MariaDB Foundation-Supporting Continuity and Open Collaboration in the MariaDB Ecosystem. https://mariadb.org [Accessed on Aug. 4, 2018].
Microsoft Azure, 2018. Microsoft Azure. https://azure.microsoft.com/zh-cn/ [Accessed on Aug. 4, 2018].
Migrate Instances, 2018. Migrate Instances. https://docs.openstack.org/nova/rocky/admin/migration.html [Accessed on Aug. 4, 2018].
Moon SJ, Sekar V, Reiter MK, 2015. Nomad: mitigating arbitrary cloud side channels via provider-assisted migration. 22nd ACM SIGSAC Conf on Computer and Communications Security, p.1595–1606. https://doi.org/10.1145/2810103.2813706
Moscibroda T, Mutlu O, 2007. Memory performance attacks: denial of memory service in multi-core systems. Proc 16th USENIX Security Symp, Article 18. Nginx, 2018. Nginx News. http://nginx.org/ [Accessed on Aug. 4, 2018].
OpenStack, 2018. The Open Infrastructure Summit CFP is Now Open! https://www.openstack.org/ [Accessed on Aug. 4, 2018].
Pattuk E, Kantarcioglu M, Lin ZQ, et al., 2014. Preventing cryptographic key leakage in cloud virtual machines. Proc 23rd USENIX Conf on Security Symp, p.703–718.
Rackspace, 2018. Transform the Way You Do Business. https://www.rackspace.com/ [Accessed on Aug. 4, 2018].
Raj H, Nathuji R, Singh A, et al., 2009. Resource management for isolation enhanced cloud services. Proc ACM Workshop on Cloud Computing Security, p.77–84. https://doi.org/10.1145/1655008.1655019
Ristenpart T, Tromer E, Shacham H, et al., 2009. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. Proc 16th ACM Conf on Computer and Communications Security, p.199–212. https://doi.org/10.1145/1653662.1653687
Shyamasundar RK, 1996. Introduction to algorithms. Resonance, 1(9):14–24. https://doi.org/10.1007/BF02837777
Thompson M, Evans N, Kisekka V, 2014. Multiple OS rotational environment an implemented moving target defense. 7th Int Symp on Resilient Control Systems, p.1–6. https://doi.org/10.1109/ISRCS.2014.6900086
Varadarajan V, Ristenpart T, Swift M, 2014. Scheduler-based defenses against cross-VM side-channels. Proc 23rd USENIX Conf on Security Symp, p.687–702.
Vattikonda BC, Das S, Shacham H, 2011. Eliminating fine grained timers in Xen. 3rd ACM Workshop on Cloud Computing Security Workshop, p.41–46. https://doi.org/10.1145/2046660.2046671
Wang HX, Li F, Chen SQ, 2016. Towards cost-effective moving target defense against DDoS and covert channel attacks. Proc ACM Workshop on Moving Target Defense, p.15–25. https://doi.org/10.1145/2995272.2995281
Wang ZH, Lee RB, 2007. New cache designs for thwarting software cache-based side channel attacks. ACM SIGARCH Comput Arch News, 35(2):494–505. https://doi.org/10.1145/1273440.1250723
Wang ZH, Lee RB, 2008. A novel cache architecture with enhanced performance and security. 41st IEEE/ACM Int Symp on Microarchitecture, p.83–93. https://doi.org/10.1109/MICRO.2008.4771781
WikiBench, 2018. WikiBench. http://www.wikibench.eu/ [Accessed on Aug. 4, 2018].
Wu J, Dong MX, Ota K, et al., 2017. FCSS: fog computing based content-aware filtering for security services in information centric social networks. IEEE Trans Emerg Top Comput, p.1. https://doi.org/10.1109/TETC.2017.2747158
Wu J, Dong MX, Ota K, et al., 2018. Big data analysis-based secure cluster management for optimized control plane in software-defined networks. IEEE Trans Netw Serv Manag, 15(1):27–38. https://doi.org/10.1109/TNSM.2018.2799000
Wu JX, 2016. Research on cyber mimic defense. J Cyber Secur, 1(4):1–10 (in Chinese). https://doi.org/10.19363/j.cnki.cn10-1380/tn.2016.04.001
Yarom Y, Falkner K, 2014. FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. Proc 23rd USENIX Conf on Security Symp, p.719–732.
Zhang YL, Li M, Bai K, et al., 2012. Incentive compatible moving target defense against VM-colocation attacks in clouds. In: Gritzalis D, Furnell S, Theoharidou M (Eds.), Information Security and Privacy Research. Springer Berlin Heidelberg, Germany, p.388–399. https://doi.org/10.1007/978-3-642-30436-1_32
Zhang YQ, Reiter MK, 2013. Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud. Proc ACM SIGSAC Conf on Computer & Communications Security, p.827–838. https://doi.org/10.1145/2508859.2516741
Zhang YQ, Juels A, Reiter MK, et al., 2012. Cross-VM side channels and their use to extract private keys. Proc ACM Conf on Computer and Communications Security, p.305–316. https://doi.org/10.1145/2382196.2382230
Zhang YQ, Juels A, Reiter MK, et al., 2014. Cross-tenant side-channel attacks in PaaS clouds. Proc ACM SIGSAC Conf on Computer and Communications Security, p.990–1003. https://doi.org/10.1145/2660267.2660356
Author information
Authors and Affiliations
Corresponding author
Additional information
Project supported by the National Natural Science Foundation of China (Nos. 61521003 and 61602509), the National Key Research and Development Program of China (Nos. 2016YFB0800100 and 2016YFB0800101), and the Key Technologies Research and Development Program of Henan Province of China (No. 172102210615)
Rights and permissions
About this article
Cite this article
Yang, C., Guo, Yf., Hu, Hc. et al. Driftor: mitigating cloud-based side-channel attacks by switching and migrating multi-executor virtual machines. Frontiers Inf Technol Electronic Eng 20, 731–748 (2019). https://doi.org/10.1631/FITEE.1800526
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1631/FITEE.1800526
Key words
- Cloud computing
- Side-channel attack
- Information leakage
- Multi-executor structure
- Virtual machine switch
- Virtual machine migration