Summer In the Cloud Christina Delimitrou 1 and Christos Kozyrakis 2 1 - - PowerPoint PPT Presentation

summer in the cloud
SMART_READER_LITE
LIVE PREVIEW

Summer In the Cloud Christina Delimitrou 1 and Christos Kozyrakis 2 1 - - PowerPoint PPT Presentation

Dec 29, 2022 170 likes •478 views

Bolt: I Know What You Did Last Summer In the Cloud Christina Delimitrou 1 and Christos Kozyrakis 2 1 Cornell University, 2 Stanford University ASPLOS April 12 th 2017 Executive Summary Problem: cloud resource sharing hides security

slide-1
SLIDE 1

Christina Delimitrou1 and Christos Kozyrakis2

1Cornell University, 2Stanford University

ASPLOS – April 12th 2017

Bolt: I Know What You Did Last Summer… In the Cloud

slide-2
SLIDE 2

2

 Problem: cloud resource sharing hides security vulnerabilities

 Interference from co-scheduled apps  leaks app characteristics  Enables severe performance attacks

 Bolt: adversarial runtime in public clouds

 Transparent app detection (5-10sec)  Leverages practical machine learning techniques  DoS  140x increase in latency  User study: 88% correctly identified applications  Resource partitioning is helpful but insufficient

Executive Summary

slide-3
SLIDE 3

3

Motivation

App1 App2

slide-4
SLIDE 4

4

Motivation

App1 App2

containers

slide-5
SLIDE 5

5

Motivation

App1 App2

containers memory capacity

slide-6
SLIDE 6

6

Motivation

App1 App2

containers memory capacity storage capacity/bw

slide-7
SLIDE 7

7

Motivation

App1 App2

containers memory capacity storage capacity/bw network bw

slide-8
SLIDE 8

8

Motivation

App1 App2

containers memory capacity storage capacity/bw network bw LL cache

slide-9
SLIDE 9

9

Motivation

App1 App2

containers memory capacity storage capacity/bw network bw LL cache power

slide-10
SLIDE 10

10

Motivation

App1 App2

containers memory capacity storage capacity/bw network bw LL cache power

Not all isolation techniques available Not all used/configured correctly Not all scale well Mem bw/core resources not isolated

slide-11
SLIDE 11

11

Bolt

 Key idea: Leverage lack of isolation in public clouds to

infer application characteristics

 Programming framework, algorithm, load characteristics  Exploit: enable practical, effective, and hard-to-detect

performance attacks

 DoS, RFA, VM pinpointing  Use app characteristics (sensitive resource) against it  Avoid CPU saturation  hard to detect

slide-12
SLIDE 12

12

Threat Model

 Impartial, neutral cloud provider  Active adversary but no control over VM placement

Adversary Victim

Cloud provider

slide-13
SLIDE 13

13

Bolt

Adversary Victim

Contention injection

1

App inference

3

Interference Impact measurement

2

slide-14
SLIDE 14

14

Bolt

Adversary Victim

Contention injection

1

Interference Impact measurement

2

App inference

3

Custom contention kernel

4

Performance attack

5

slide-15
SLIDE 15

15

  • 1. Contention Measurement

Adversary Victim

Contention injection 1 Interference impact measurement 2

 Set of contentious kernels (iBench)

 Compute  L1/L2/L3  Memory bw  Storage bw  Network bw  (Memory/Storage capacity)

 Sample 2-3 kernels, run in

adversarial VM

 Measure impact on performance of

kernels vs. isolation

slide-16
SLIDE 16

16

  • 2. Practical App Inference

Adversary Victim

 Infer resource pressure in non-

profiled resources

 Sparse  dense information  SGD (Collaborative filtering)  Classify unknown victim based

  • n previously-seen

applications

 Label & determine resource

sensitivity

 Content-based recommendation

Practical app inference 3

Hybrid recommender

slide-17
SLIDE 17

17

Big Data to the Rescue

1.

Infer pressure in non-profiled resources

Reconstruct sparse information

Stochastic Gradient Descent (SGD), O(mpk)

Bolt

Contention injection

uBench uBench

Data

App App

SVD+SGD

App App

Interference profile

r1 r2 r3 … rN a11 0 … a1N a22 0 … 0 … … … … … aM1 0 aM3 … 0 r1 r2 r3 … rN a11 a12 a13 … a1N a21 a22 a23 … a2N … … … … … aM1 aM2 aM3 … aMN

slide-18
SLIDE 18

18

Big Data to the Rescue

2.

Classify and label victims

Weighted Pearson Correlation Coefficients

Output: distribution of similarity scores to app classes

Bolt

Data

App App

Pearson Corr Coeff

App App

App label & characteristics

r1 r2 r3 … rN a11 a12 a13 … a1N a21 a22 a23 … a2N … … … … … aM1 aM2 aM3 … aMN

Hadoop SVM: 65% Spark ALS: 21% memcached: 11% …

slide-19
SLIDE 19

19

Inference Accuracy

 40 machine cluster (420 cores)  Training apps: 120 jobs (analytics, databases, webservers, in-

memory caching, scientific, js)  high coverage of resource space

 Testing apps: 108 latency-critical webapps, analytics  No overlap in algorithms/datasets between training and testing sets

Application class Detection accuracy (%) In-memory caching (memcached) 80% Persistent databases (Cassandra, MongoDB) 89% Hadoop jobs 92% Spark jobs 86% Webservers 91% Aggregate 89%

slide-20
SLIDE 20

20

  • 3. Practical Performance Attacks

1.

Determine the resource bottleneck of the victim

2.

Create custom contentious kernel that targets critical resource(s)

3.

Inject kernel in Bolt

 Several performance attacks

(DoS, RFAs, VM pinpointing)

 Target specific, critical resource

 low CPU pressure

Adversary Victim

Custom kernel injection

4

slide-21
SLIDE 21

21

  • 3. Practical DoS Attacks

 Launched against same 108 applications as before  On average 2.2x higher execution time and up to 9.8x  For interactive services, on average 42x increase in tail latency

and up to 140x

 Bolt does not saturate CPU  Naïve attacker gets migrated

slide-22
SLIDE 22

22

Demo

slide-23
SLIDE 23

23

User Study

 20 independent users from Stanford and Cornell  Cluster

 200 EC2 servers, c3.8xlarge (32vCPUs, 60GB memory)

 Rules:

 4vCPUs per machine for Bolt  All users have equal priority  Users use thread pinning  Users can select specific instances  Training set: 120 apps incl. analytics, webapps, scientific, etc.

slide-24
SLIDE 24

24

Accuracy of App Labeling

53 app classes (analytics, webapps, FS/OS, HLS/sim,

  • ther…)
slide-25
SLIDE 25

25

Accuracy of App Characterization

Performance attack results in the paper

slide-26
SLIDE 26

26

The Value of Isolation

 Need more scalable, fine-grain, and complete isolation

techniques 45% 14%

slide-27
SLIDE 27

27

 Bolt: highlight the security vulnerabilities from lack of isolation  Fast detection using online data mining techniques  Practical, hard-to-detect performance attacks  Current isolation helpful but insufficient

 In the paper:  Sensitivity to Bolt parameters  Sensitivity to applications and platform parameters  User study details  More performance attacks (resource freeing, VM pinpointing)

Conclusions

slide-28
SLIDE 28

28

 Bolt: highlight the security vulnerabilities from lack of isolation  Fast detection using online data mining techniques  Practical, hard-to-detect performance attacks  Current isolation helpful but insufficient

 In the paper:  Sensitivity to Bolt parameters  Sensitivity to applications and platform parameters  User study details  More performance attacks (resource freeing, VM pinpointing)

Questions?

slide-29
SLIDE 29

29

Evolving Applications

 Cloud applications change behavior  Users use the same cloud resources for several apps over time  Bolt periodically wakes up, checks if app profile has changed; if

so, reprofile & reclassify

slide-30
SLIDE 30

30

Inference Within a Framework

 Within a framework, dataset and choice of algorithm affect

resource requirements

 Bolt matches a new unknown application to apps in a

framework by distinguishing their resource needs