placement security of
play

Placement Security of New IaaS Cloud Providers SCSE01 Pan Yue - PowerPoint PPT Presentation

Mar 20, 2023 •539 likes •838 views

A Method for Evaluating Placement Security of New IaaS Cloud Providers SCSE01 Pan Yue Mentor: Dr. Ta Nguyen Binh Duong Overview Introduction to Problem Background research Experimental methodology Results and analysis Future development

  1. A Method for Evaluating Placement Security of New IaaS Cloud Providers SCSE01 Pan Yue Mentor: Dr. Ta Nguyen Binh Duong

  2. Overview Introduction to Problem Background research Experimental methodology Results and analysis Future development

  3. Introduction to Problem

  4. IaaS clouds -a popular model of cloud computing • Configurable computing resources shared over the internet • Hosts Virtual Machines (VM) on shared physical infrastructure (Multi-tenancy)

  5. Co-location Attacks - a security risk in IaaS Clouds data • Launched on victim VMs on the same physical host as attacker • Extract confidential data or degrade performance of victim

  6. Aims of research I. Examine an evaluation technique of IaaS cloud placement security (memory-bus locking) II. Explore how the findings can be applied to evaluate commercial IaaS cloud providers

  7. Background Research

  8. Co-location Attack Mechanism Victim VM Attacker VM Co-location Detection Request VM Attacker

  9. Co-location Detection • Covert side channel detection  create contention in shared hardware resources of host  cause observable performance degradation in victim Attacker Victim Intensive Normal Request request request delayed Shared hardware resource

  10. Co-location Detection • Memory bus locking  create contention in memory bus of host  observe degraded performance in accessing main memory Attacker Victim Continuous Access access to memory delayed main memory bus

  11. Evaluating Placement Security Susceptibility to co-location attacks indicates Susceptibility to co-location detection MAY test for memory bus locking

  12. Hypothesis Memory bus locking can achieve accurate co-location detection in both cooperative and uncooperative cases, and hence prove useful for evaluating placement security of IaaS cloud providers.

  13. Experimental Methodology

  14. Cooperative memory-bus locking • Lock and Probe model • two VMs set up on same local host • one locks memory-bus (attacker), one performs and measures affected task(victim)

  15. Cooperative experiment set-up memory shared bus hardware

  16. Locking: Implementation reference: github.com/jacnel/co-res

  17. Probing: Implementation reference: Varadarajan et al., 2017

  18. Uncooperative memory-bus locking • Lock and Probe model, revised • Attacker and victim VMs set up retained • Does not assume control over victim (cannot measure own performance) • A third VM (evaluator) on unknown host to measure victim’s performance

  19. Uncooperative experiment set-up • Victim: web server • Virtual host with public domain OR local host domain • Apache 2 • Evaluator • Accesses victim’s domain • Measures server performance • Apache Jmeter

  20. Experiment summary Attacker locks memory bus by executing Locking code cooperative uncooperative Victim performs task and Victim performs task and Evaluator measures own performance measures performance Observe performance degradation in victim to detect co-location

  21. Results and Analysis

  22. Cooperative experiment results Data collected as the number of CPU clock cycles required to execute one run of the probe program, taken for 100 runs

  23. Cooperative experiment results The average runtime with locking instance sees a 70% increase compared to without locking.  Performance degradation is apparent  Co-location successfully detected

  24. Conclusion for cooperative detection • Memory-bus locking can accurately detect co-location in the cooperative case • Hence, it can evaluate the placement security of IaaS clouds if a dedicated server can be purchased to ensure the co-location of lock and probe VMs

  25. Overall Conclusion Memory bus locking is an effective co-location detection technique in the cooperative case, which can be used for evaluating placement security in cloud providers under controlled conditions.

  26. Future Developments

  27. Future developments • Complete experiments for the uncooperative case • Apply memory-bus locking detection technique to commercial cloud providers

  28. Thank You

  29. Main References Varadarajan, V. (2015). A Placement Vulnerability Study in Multi-Tenant Public Clouds. USENIX. Delimitrou, C., & Kozyrakis, C. (2017). Bolt: I Know What You Did Last Summer...In the Cloud. ACM SIGOPS Operating Systems Review,51(2), 599-613. doi:10.1145/3093315.3037703 Han, Y., Chan, J., Alpcan, T., & Leckie, C. (2015). Using Virtual Machine Allocation Policies to Defend against Co-resident Attacks in Cloud Computing. IEEE Transactions on Dependable and Secure Computing,1-1. doi:10.1109/tdsc.2015.2429132 Nelson, J. (2017). Co-residency Detection and Memory Bus Locking. Ristenpart, T. (n.d.). Hey, You, Get Off of My Cloud: Exploring Information ... Retrieved from https://hovav.net/ucsd/dist/cloudsec.pdf Alibaba Cloud Ranks the World's Third Largest Cloud Services Provider for Two Consecutive Years. (n.d.). Retrieved from https://www.alibabacloud.com/press-room/alibaba-cloud-ranks- the-worlds-third-largest-cloud-services-provider-for-two-consecutive- time?spm=a2c5t.10695662.1996646101.searchclickresult.4a645316ZjqxGh

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

TimberWolf 7.0 Placement Perform TimberWolf placement Based on the given standard cell

TimberWolf 7.0 Placement Perform TimberWolf placement Based on the given standard cell

TimberWolf 7.0 Placement Perform TimberWolf placement Based on the given standard cell placement Initial HPBB wirelength = 23 Practical Problems in VLSI Physical Design TimberWolf Placement (1/16) First Swap Swap node b and e

340 views • 16 slides
Fertilizer Deep Placement Technology A Useful Tool in Food Security Improvement Presentation

Fertilizer Deep Placement Technology A Useful Tool in Food Security Improvement Presentation

Fertilizer Deep Placement Technology A Useful Tool in Food Security Improvement Presentation Transcript April 24, 2013 Presenters Samba Kawa USAID/BFS Upendra Singh IFDC John H. Allgood IFDC Sponsor United States Agency for International

441 views • 18 slides
Automatic Placement of Authorization Hooks in the Linux Security Modules Framework Vinod

Automatic Placement of Authorization Hooks in the Linux Security Modules Framework Vinod

Automatic Placement of Authorization Hooks in the Linux Security Modules Framework Vinod Ganapathy vg@cs.wisc.edu University of Wisconsin, Madison Joint work with Trent Jaeger Somesh Jha tjaeger@cse.psu.edu jha@cs.wisc.edu Pennsylvania

604 views • 41 slides
VLSI Placement Sadiq M. Sait & Habib Youssef December 1995 Placement Placement is the

VLSI Placement Sadiq M. Sait & Habib Youssef December 1995 Placement Placement is the

King Fahd University of Petroleum & Minerals College of Computer Sciences & Engineering Department of Computer Engineering VLSI Placement Sadiq M. Sait & Habib Youssef December 1995 Placement Placement is the process of

1.15k views • 52 slides
ADVANCED PLACEMENT The purpose of the Advanced Placement program is to provide the students with

ADVANCED PLACEMENT The purpose of the Advanced Placement program is to provide the students with

ADVANCED PLACEMENT The purpose of the Advanced Placement program is to provide the students with challenging coursework that culminates with an external examination. BENEFITS OF ADVANCED PLACEMENT Possible College Credit Early completion

601 views • 6 slides
Outline Motivation Seeing the Forest and the Why current placement tools are outdated

Outline Motivation Seeing the Forest and the Why current placement tools are outdated

Outline Motivation Seeing the Forest and the Why current placement tools are outdated Trees: Steiner Wirelength Analysis of placement objectives Optimization in Placement A nave attempt at optimization Our placement

219 views • 8 slides
INCREASING CIRCULATION BOOK DISPLAYS THROUGH 2 Placement PLACEMENT LIBRARY GEOGRAPHY

INCREASING CIRCULATION BOOK DISPLAYS THROUGH 2 Placement PLACEMENT LIBRARY GEOGRAPHY

INCREASING CIRCULATION BOOK DISPLAYS THROUGH 2 Placement PLACEMENT LIBRARY GEOGRAPHY Front of the Library Power Aisle Endcaps & Small tables High Traffic Areas 3 PLACEMENT FRONT OF THE LIBRARY First

384 views • 27 slides
GORDIAN Placement Perform GORDIAN placement Uniform area and net weight, area balance

GORDIAN Placement Perform GORDIAN placement Uniform area and net weight, area balance

GORDIAN Placement Perform GORDIAN placement Uniform area and net weight, area balance factor = 0.5 Undirected graph model: each edge in k -clique gets weight 2/ k Practical Problems in VLSI Physical Design GORDIAN Placement (1/21) IO

672 views • 21 slides
BonnPlace : A Self-Stabilizing Placement Framework Ulrich Brenner, Anna Hermann, Nils Hoppmann,

BonnPlace : A Self-Stabilizing Placement Framework Ulrich Brenner, Anna Hermann, Nils Hoppmann,

BonnPlace : A Self-Stabilizing Placement Framework Ulrich Brenner, Anna Hermann, Nils Hoppmann, Philipp Ochsendorf Research Institute for Discrete Mathematics, University of Bonn ISPD 2015 1 Placement Problem Placement Problem Placement area

282 views • 26 slides
CS137: Today Electronic Design Automation Placement Problem Partitioning Placement

CS137: Today Electronic Design Automation Placement Problem Partitioning Placement

CS137: Today Electronic Design Automation Placement Problem Partitioning Placement Quadrisection Day 16: November 9, 2005 Refinement Placement (Intro, Constructive) 1 2 CALTECH CS137 Fall2005 -- DeHon CALTECH CS137

295 views • 7 slides
Advanced Placement Physics 1 Advanced Placement Physics 2 Dr. Matt Frederickson Dr. Kevin

Advanced Placement Physics 1 Advanced Placement Physics 2 Dr. Matt Frederickson Dr. Kevin

Advanced Placement Physics 1 Advanced Placement Physics 2 Dr. Matt Frederickson Dr. Kevin McColgan Advanced Placement Physics 1&2 Revisions at a Glance WHY from College Board? AP has implemented key recommendations of the NRC

66 views • 6 slides
Placement Introduction A very important step in physical design cycle. A poor placement

Placement Introduction A very important step in physical design cycle. A poor placement

Placement Introduction A very important step in physical design cycle. A poor placement requires larger area. Also results in performance degradation. It is the process of arranging a set of modules on the layout surface. Each

428 views • 41 slides
Student Placement Task Force Student placement option presentation Maize Board of Education |

Student Placement Task Force Student placement option presentation Maize Board of Education |

Student Placement Task Force Student placement option presentation Maize Board of Education | Feb. 10, 2014 Introduction: Peggy McNeive, Commissioner Federal Mediation and Conciliation Service Student Placement Task Force members

662 views • 50 slides
Placement and Beyond in Honor of Ernest S. Kuh C. K. Cheng UC San Diego UC San Diego March 28,

Placement and Beyond in Honor of Ernest S. Kuh C. K. Cheng UC San Diego UC San Diego March 28,

Placement and Beyond in Honor of Ernest S. Kuh C. K. Cheng UC San Diego UC San Diego March 28, 2011 Placement and Beyond Placement and Beyond Ernest S. Kuh is a pioneer and giant in physical layout. Board of Directors, Cadence Design

512 views • 15 slides
The ISPD 2006 Placement Contest and Benchmark Suite Gi-Joon Nam, Charles J. Alpert, Paul G.

The ISPD 2006 Placement Contest and Benchmark Suite Gi-Joon Nam, Charles J. Alpert, Paul G.

The ISPD 2006 Placement Contest and Benchmark Suite Gi-Joon Nam, Charles J. Alpert, Paul G. Villarrubia IBM Corp. 1 Summary of ISPD 2005 Placement Contest 9 academic placement tools participated Good coverage of placement tools

591 views • 23 slides
HHS Advanced Placement / Dual Credit Information Night Why Take Advanced Placement or Dual

HHS Advanced Placement / Dual Credit Information Night Why Take Advanced Placement or Dual

HHS Advanced Placement / Dual Credit Information Night Why Take Advanced Placement or Dual Credit? Jump start on earning college credit. Huge savings versus what a student (parent) will pay once they graduate HHS. Helps prepare students

630 views • 26 slides
A Study on Smart Card Security A Study on Smart Card Security Evaluation Criteria for Evaluation

A Study on Smart Card Security A Study on Smart Card Security Evaluation Criteria for Evaluation

[ICCSA 2004] 2004] [ICCSA A Study on Smart Card Security A Study on Smart Card Security Evaluation Criteria for Evaluation Criteria for Side Channel Attacks Side Channel Attacks Presented at the workshop ICCSA ICCSA 200 2004 4, ,

404 views • 26 slides
TV1-SF-SET Australia Opportunity Overview May 2013 [PRELIMINARY DRAFT] Executive Summary Sony

TV1-SF-SET Australia Opportunity Overview May 2013 [PRELIMINARY DRAFT] Executive Summary Sony

TV1-SF-SET Australia Opportunity Overview May 2013 [PRELIMINARY DRAFT] Executive Summary Sony Pictures Television (SPT) is seeking approval to take over the assets and liabilities of the TV1 and Sci-Fi (SF) partnership and utilize the

409 views • 12 slides
Presenter: Charles Kamhoua, Ph.D. Air Force Research Laboratory Cyber Assurance Branch April 2,

Presenter: Charles Kamhoua, Ph.D. Air Force Research Laboratory Cyber Assurance Branch April 2,

Game Theoretic Modeling of Security and Interdependency in a Public Cloud Presenter: Charles Kamhoua, Ph.D. Air Force Research Laboratory Cyber Assurance Branch April 2, 2014 Collaborators: Kevin Kwiat (AFRL/RIGA) Joon S. Park (Syracuse

589 views • 22 slides
WTS 2015 Papers Presented Friday, April 17, 2015 Friday, April 17 Holiday Inn Midtown 57 th Street

WTS 2015 Papers Presented Friday, April 17, 2015 Friday, April 17 Holiday Inn Midtown 57 th Street

WTS 2015 Papers Presented Friday, April 17, 2015 Friday, April 17 Holiday Inn Midtown 57 th Street Paper Presentation Session (I - A) Wireless Modeling, Algorithms and Simulations I Chair: Jan Holub. Czech Technical University Symbol Request

77 views • 7 slides
#GTSHAWAII 1 2019 Market Outlook & Activities: Europe Amanda Hills Niamh Walsh President

#GTSHAWAII 1 2019 Market Outlook & Activities: Europe Amanda Hills Niamh Walsh President

#GTSHAWAII 1 2019 Market Outlook & Activities: Europe Amanda Hills Niamh Walsh President Sales & Marketing Director Hawaii Tourism Europe Hawaii Tourism Europe amandah@hillsbalfour.com niamhw@hillsbalfour.com #GTSHAWAII

692 views • 41 slides
Sovereign SCA Based Sovereign SCA Based Waveform Development Waveform Development p Mark

Sovereign SCA Based Sovereign SCA Based Waveform Development Waveform Development p Mark

Military Tactical Communications Military Tactical Communications Practical Experience and Practical Experience and Guidance for Guidance for Sovereign SCA Based Sovereign SCA Based Waveform Development Waveform Development p Mark Turner

680 views • 30 slides
Logical Form and Quantifier Raising What is Logical Form In the late 1970s, Noam Chomsky and

Logical Form and Quantifier Raising What is Logical Form In the late 1970s, Noam Chomsky and

Referat: Robert May (1977) The Syntax-Semantics Interface WS 07/08, Uni Potsdam Logical Form and Quantifier Raising What is Logical Form In the late 1970s, Noam Chomsky and Robert May developed a new, third level of syntactic representation,

184 views • 4 slides
Digital Signatures for e-Government Challenges a Long-Term Security Architecture Mediated

Digital Signatures for e-Government Challenges a Long-Term Security Architecture Mediated

Signatures for e-Government Ba skiewicz, Kubiak, Kutyowski Digital Signatures for e-Government Challenges a Long-Term Security Architecture Mediated RSA Floating exponents Strong mRSA Przemysaw Ba skiewicz, Przemysaw

580 views • 20 slides

More recommend