Outline Problem Definition Dynamic Resource Management - - PowerPoint PPT Presentation
When dynamic VM migration falls under the control of VM user Kahi hina na LAZ AZRI, Sylvie LANIEPCE, Haiming ZHENG IMT/OLPS/ASE/SEC/NPS Orange Labs, Caen Jalel Ben-Othman L2TI laboratory Paris13 Symposium sur la scurit des
unrestricted
Kahi hina na LAZ AZRI, Sylvie LANIEPCE, Haiming ZHENG
IMT/OLPS/ASE/SEC/NPS
Orange Labs, Caen Jalel Ben-Othman
L2TI laboratory
Paris13
Symposium sur la sécurité des technologies de l'information et des communications. SSTIC’14. Friday 6th June, 2014. Rennes.
unrestricted
Outline
– VMware Distributed Resource Scheduler (DRS) algorithm analysis – Attack scheme – Cluster vulnerability assessment
1
unrestricted
Scope
– Resource Overcommitment – VM Migration
1
(cross-VM)
unrestricted
Resource sharing and dynamic resource allocation
malicious manipulation of VM resource consumption
er VM migrat ation ions Cost for both the infrastructure and migrated VMs Dynamic Resource Management System
Malicio ious VM VM Input : Quantity ty of consummed resource ces (Malicious+Normal VMs) Output : Decision
Shared Resource Pool
ring Malicio ious VM VM Normal VM Normal VM Normal VM Normal VM
2
unrestricted
Distributed Resource Scheduler Algorithm (DRS, VMware)
source: VMware vSphere 4.1 HA and DRS. technical Deepdive. D.Epping et F. Denneman
Constraint Correction calculate chlsd
Ic > It
While cluster imbalanced: GetBestMove For each VM in the cluster simulate vMotion and calculate CHLSD While cluster imbalanced: GetBestMove Weight Costs vs. Benefits vs. Risks Return migration that does not exceed CBR threshold Add to migration recommendation list and give a priority rating
Re Re-ca calcul ulate Ic
Do nothing Apply migration Done
balanc nced ed unba balanc nced ed yes no no
Ic: Curr rren ent Imbalan lance ce
(chlsd: Curr rrent t Host Load S Standard Deviation tion)
It: Target et Imbalance lance
(thlsd: : Target t Host Load Standard Deviation tion)
3
unrestricted
DRS: Target Imbalance (It ) analysis It =
𝐷𝑝𝑜𝑡𝑢𝑏𝑜𝑢𝐵𝑠𝑓𝑡𝑡𝑗𝑤𝑓𝑜𝑓𝑡𝑡 𝐷𝑚𝑣𝑡𝑢𝑓𝑠 𝑇𝑗𝑨𝑓
Four Aggressiveness Levels enabling dynamic migrations:
Abusive VM Migration Attack: deliberately manipulate the quantity of resources consumed by VMs to enforce DRS to trigger VM migrations : Ic > It
4
unrestricted
Experimentation Setup
Context 5 Hosts
% Overcommitment
Resource Usage in normal VMs
DRS vMotion
vCenter Management Server (VMware)
Load Generator
Virtual Platform Analysis Tools (Orange Labs)
5
Diagnosis Monitoring
unrestricted
Abusive VM Migration Attack: one shot
6
unrestricted
Attack conditions:
between the two hosts
Coordinated Abusive VM Migration Attack: Serial Migration
Fig.1 .1 – Attacke acker VM Fig. . 2 - Imbalanc alance 7
unrestricted
Vulnerability Measurement (small cluster)
Minimum quantity of resources to be under the control of the attacker? Cluster vulnerability is high when this quantity is low
0, 0,5 1 1, 1,5 2 2, 2,5 3
2 3 4 5
Vulnera rabil ility ity increas ases s when cluster r size e increas ases Vulnera rabil ility ity increas ases s when DRS Aggr gressi sivenes ess s increas ases
5 10 10 15 15
2 3 4 5 Cluster Size (N) Minimum Required Resource
2 4 6 8 10 10 12 12
2 3 4 5 Moderate (Default) Minimum Required Resource Cluster Size (N) Minimum Required Resource Cluster Size (N)
11,5 11 11 10,5 10 10 2,5
Agressive
5
1 2 3 4 5 6
2 3 4 5 Minimum Required Resource Cluster Size (N) Moderately Aggressive Moderately Conservative
14 14
CPU (vCPU)
Memory (GB)
Context:‘one shot’ Abusive VM Migration attack, execution context described in slide 8
8
unrestricted
Demonstration
19
unrestricted
Conclusion
– Proact ctiv ive Integrating security considerations in dynamic resource management systems design? – React ctiv ive Autonomic Monitoring and detection of malicious resource consumption profiles
10
unrestricted