Determinating Timing Channels in Compute Clouds release_o5zvaw7r5jb2pnwdkps5s7cp4e

by Amittai Aviram, Sen Hu, Bryan Ford, Ramakrishna Gummadi

Released as a article .

2010  

Abstract

Timing side-channels represent an insidious security challenge for cloud computing, because: (a) massive parallelism in the cloud makes timing channels pervasive and hard to control; (b) timing channels enable one customer to steal information from another without leaving a trail or raising alarms; (c) only the cloud provider can feasibly detect and report such attacks, but the provider's incentives are not to; and (d) resource partitioning schemes for timing channel control undermine statistical sharing efficiency, and, with it, the cloud computing business model. We propose a new approach to timing channel control, using provider-enforced deterministic execution instead of resource partitioning to eliminate timing channels within a shared cloud domain. Provider-enforced determinism prevents execution timing from affecting the results of a compute task, however large or parallel, ensuring that a task's outputs leak no timing information apart from explicit timing inputs and total compute duration. Experiments with a prototype OS for deterministic cloud computing suggest that such an approach may be practical and efficient. The OS supports deterministic versions of familiar APIs such as processes, threads, shared memory, and file systems, and runs coarse-grained parallel tasks as efficiently and scalably as current timing channel-ridden systems.
In text/plain format

Archived Files and Locations

application/pdf  493.6 kB
file_uyd2n75iirhj7lmisou6ckees4
arxiv.org (repository)
web.archive.org (webarchive)
application/pdf  481.7 kB
file_wz3s6rkmwnfabbt6eihe3jaznu
archive.org (archive)
web.archive.org (webarchive)
core.ac.uk (web)
Read Archived PDF
Preserved and Accessible
Type  article
Stage   submitted
Date   2010-07-25
Version   v2
Language   en ?
arXiv  1003.5303v2
Work Entity
access all versions, variants, and formats of this works (eg, pre-prints)
Catalog Record
Revision: 7766900c-7c81-4d30-afd0-28bdf5a9464f
API URL: JSON