Determinating Timing Channels in Compute Clouds
release_o5zvaw7r5jb2pnwdkps5s7cp4e
by
Amittai Aviram, Sen Hu, Bryan Ford, Ramakrishna Gummadi
2010
Abstract
Timing side-channels represent an insidious security challenge for cloud
computing, because: (a) massive parallelism in the cloud makes timing channels
pervasive and hard to control; (b) timing channels enable one customer to steal
information from another without leaving a trail or raising alarms; (c) only
the cloud provider can feasibly detect and report such attacks, but the
provider's incentives are not to; and (d) resource partitioning schemes for
timing channel control undermine statistical sharing efficiency, and, with it,
the cloud computing business model. We propose a new approach to timing channel
control, using provider-enforced deterministic execution instead of resource
partitioning to eliminate timing channels within a shared cloud domain.
Provider-enforced determinism prevents execution timing from affecting the
results of a compute task, however large or parallel, ensuring that a task's
outputs leak no timing information apart from explicit timing inputs and total
compute duration. Experiments with a prototype OS for deterministic cloud
computing suggest that such an approach may be practical and efficient. The OS
supports deterministic versions of familiar APIs such as processes, threads,
shared memory, and file systems, and runs coarse-grained parallel tasks as
efficiently and scalably as current timing channel-ridden systems.
In text/plain
format
Archived Files and Locations
application/pdf 493.6 kB
file_uyd2n75iirhj7lmisou6ckees4
|
arxiv.org (repository) web.archive.org (webarchive) |
application/pdf 481.7 kB
file_wz3s6rkmwnfabbt6eihe3jaznu
|
archive.org (archive) web.archive.org (webarchive) core.ac.uk (web) |
1003.5303v2
access all versions, variants, and formats of this works (eg, pre-prints)