summer in the cloud
play

Summer In the Cloud Christina Delimitrou 1 and Christos Kozyrakis 2 1 - PowerPoint PPT Presentation

Dec 29, 2022 •170 likes •475 views

Bolt: I Know What You Did Last Summer In the Cloud Christina Delimitrou 1 and Christos Kozyrakis 2 1 Cornell University, 2 Stanford University ASPLOS April 12 th 2017 Executive Summary Problem: cloud resource sharing hides security

  1. Bolt: I Know What You Did Last Summer… In the Cloud Christina Delimitrou 1 and Christos Kozyrakis 2 1 Cornell University, 2 Stanford University ASPLOS – April 12 th 2017

  2. Executive Summary  Problem: cloud resource sharing hides security vulnerabilities  Interference from co-scheduled apps  leaks app characteristics  Enables severe performance attacks  Bolt: adversarial runtime in public clouds  Transparent app detection (5-10sec)  Leverages practical machine learning techniques  DoS  140x increase in latency  User study: 88% correctly identified applications  Resource partitioning is helpful but insufficient 2

  3. Motivation App1 App2 3

  4. Motivation App1 App2 containers 4

  5. Motivation App1 App2 containers memory capacity 5

  6. Motivation App1 App2 containers memory capacity storage capacity/bw 6

  7. Motivation App1 App2 containers memory capacity storage network bw capacity/bw 7

  8. Motivation App1 App2 LL cache containers memory capacity storage network bw capacity/bw 8

  9. Motivation power App1 App2 LL cache containers memory capacity storage network bw capacity/bw 9

  10. Motivation power Not all isolation techniques available App1 App2 LL cache Not all used/configured correctly containers Not all scale well Mem bw/core resources not isolated memory capacity storage network bw capacity/bw 10

  11. Bolt  Key idea: Leverage lack of isolation in public clouds to infer application characteristics  Programming framework, algorithm, load characteristics  Exploit: enable practical, effective, and hard-to-detect performance attacks  DoS, RFA, VM pinpointing  Use app characteristics (sensitive resource) against it  Avoid CPU saturation  hard to detect 11

  12. Threat Model Cloud Adversary Victim provider  Impartial, neutral cloud provider  Active adversary but no control over VM placement 12

  13. Bolt App Contention 1 3 inference injection Adversary Victim 2 Interference Impact measurement 13

  14. Bolt App Contention 1 3 inference injection Custom 4 contention Adversary Victim kernel Performance attack 5 2 Interference Impact measurement 14

  15. 1. Contention Measurement  Set of contentious kernels (iBench) 1 Contention injection  Compute  L1/L2/L3 Adversary Victim  Memory bw 2 Interference  Storage bw impact  Network bw measurement  (Memory/Storage capacity)  Sample 2-3 kernels, run in adversarial VM  Measure impact on performance of kernels vs. isolation 15

  16. 2. Practical App Inference Practical app inference  Infer resource pressure in non- 3 profiled resources  Sparse  dense information Adversary Victim  SGD (Collaborative filtering)  Classify unknown victim based on previously-seen applications  Label & determine resource sensitivity  Content-based recommendation Hybrid recommender 16

  17. Big Data to the Rescue Infer pressure in non-profiled resources 1. Reconstruct sparse information  Stochastic Gradient Descent (SGD), O(mpk)  Contention injection Bolt uBench uBench Data Interference App App App profile App SVD+SGD r 1 r 2 r 3 … r N r 1 r 2 r 3 … r N a 11 0 0 … a 1N a 11 a 12 a 13 … a 1N 0 a 22 0 … 0 a 21 a 22 a 23 … a 2N … … … … … … … … … … 17 a M1 0 a M3 … 0 a M1 a M2 a M3 … a MN

  18. Big Data to the Rescue Classify and label victims 2. Weighted Pearson Correlation Coefficients  Output: distribution of similarity scores to app classes  Bolt Data App label & App App characteristics App App Pearson Corr Coeff r 1 r 2 r 3 … r N Hadoop SVM: 65% a 11 a 12 a 13 … a 1N Spark ALS: 21% a 21 a 22 a 23 … a 2N memcached: 11% … … … … … … a M1 a M2 a M3 … a MN 18

  19. Inference Accuracy  40 machine cluster (420 cores)  Training apps: 120 jobs (analytics, databases, webservers, in- memory caching, scientific, js)  high coverage of resource space  Testing apps: 108 latency-critical webapps, analytics  No overlap in algorithms/datasets between training and testing sets Application class Detection accuracy (%) In-memory caching (memcached) 80% Persistent databases (Cassandra, MongoDB) 89% Hadoop jobs 92% Spark jobs 86% Webservers 91% Aggregate 89% 19

  20. 3. Practical Performance Attacks Custom kernel 4 Determine the resource injection 1. bottleneck of the victim Create custom contentious 2. Adversary Victim kernel that targets critical resource(s) Inject kernel in Bolt 3.  Several performance attacks (DoS, RFAs, VM pinpointing)  Target specific, critical resource  low CPU pressure 20

  21. 3. Practical DoS Attacks  Launched against same 108 applications as before  On average 2.2x higher execution time and up to 9.8x  For interactive services, on average 42x increase in tail latency and up to 140x  Bolt does not saturate CPU  Naïve attacker gets migrated 21

  22. Demo 22

  23. User Study  20 independent users from Stanford and Cornell  Cluster  200 EC2 servers, c3.8xlarge (32vCPUs, 60GB memory)  Rules:  4vCPUs per machine for Bolt  All users have equal priority  Users use thread pinning  Users can select specific instances  Training set: 120 apps incl. analytics, webapps, scientific, etc. 23

  24. Accuracy of App Labeling 53 app classes (analytics, webapps, FS/OS, HLS/sim, other…) 24

  25. Accuracy of App Characterization Performance attack results in the paper 25

  26. The Value of Isolation 45% 14%  Need more scalable, fine-grain, and complete isolation techniques 26

  27. Conclusions  Bolt: highlight the security vulnerabilities from lack of isolation  Fast detection using online data mining techniques  Practical, hard-to-detect performance attacks  Current isolation helpful but insufficient  In the paper:  Sensitivity to Bolt parameters  Sensitivity to applications and platform parameters  User study details  More performance attacks (resource freeing, VM pinpointing) 27

  28. Questions?  Bolt: highlight the security vulnerabilities from lack of isolation  Fast detection using online data mining techniques  Practical, hard-to-detect performance attacks  Current isolation helpful but insufficient  In the paper:  Sensitivity to Bolt parameters  Sensitivity to applications and platform parameters  User study details  More performance attacks (resource freeing, VM pinpointing) 28

  29. Evolving Applications  Cloud applications change behavior  Users use the same cloud resources for several apps over time  Bolt periodically wakes up, checks if app profile has changed; if so, reprofile & reclassify 29

  30. Inference Within a Framework  Within a framework, dataset and choice of algorithm affect resource requirements  Bolt matches a new unknown application to apps in a framework by distinguishing their resource needs 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Program Update Summer/Early Fall 2017 W Summer/Early Fall

Program Update Summer/Early Fall 2017 W Summer/Early Fall

Cloud Transformation Program Executive Sponsor Roadshow Program Update Summer/Early Fall 2017 W Summer/Early Fall Cloud Program Update! Overview of of the UIT Cloud 1 Todays Agenda Transformation Program

603 views • 17 slides
Helix Nebula, the Science Cloud CloudCom SCC-Computing Summer Symposium on EU-China- North

Helix Nebula, the Science Cloud CloudCom SCC-Computing Summer Symposium on EU-China- North

Helix Nebula, the Science Cloud CloudCom SCC-Computing Summer Symposium on EU-China- North America Collaboration on HPC, Cloud and Big Data Stavanger, 20-21 June 2013 Maryline Lengert, ESA Why is Helix Nebula relevant for HPC? Started with

383 views • 22 slides
Flaring up of the Compact Cloud G2 during the Close Encounter with Sgr A* in 2013 Summer

Flaring up of the Compact Cloud G2 during the Close Encounter with Sgr A* in 2013 Summer

ALMA 2013/01/26-28 Flaring up of the Compact Cloud G2 during the Close Encounter with Sgr A* in 2013 Summer Takayuki Saitoh Tokyo Institute of Technology CollaboratorsJunichiro Makino(Titech),

493 views • 32 slides
I & E Future Cloud Summer School Bjorn Hovstadius Boris Nordenstrm I&E I & E

I & E Future Cloud Summer School Bjorn Hovstadius Boris Nordenstrm I&E I & E

I & E Future Cloud Summer School Bjorn Hovstadius Boris Nordenstrm I&E I & E People Bjrn Hovstadius Business development at SICS and EIT Digital Microsoft Entrepreneur started and mentored several companies

323 views • 10 slides
We know what you did this summer Android Banking Trojans Exposing Its Sins in The Cloud

We know what you did this summer Android Banking Trojans Exposing Its Sins in The Cloud

We know what you did this summer Android Banking Trojans Exposing Its Sins in The Cloud Siegfried Rasthofer (TU Darmstadt / CASED) Eric Bodden (TU Darmstadt / Fraunhofer SIT) Carlos Castillo (Intel Security) Alex Hinchliffe (Intel

510 views • 39 slides
We know what you did this summer: Android Banking Trojan exposing its sins in the cloud

We know what you did this summer: Android Banking Trojan exposing its sins in the cloud

We know what you did this summer: Android Banking Trojan exposing its sins in the cloud Siegfried Rasthofer (TU Darmstadt / CASED) Eric Bodden (TU Darmstadt / Fraunhofer SIT) Carlos Castillo (Intel Security) Alex Hinchliffe (Intel Security)

626 views • 34 slides
EIT ICT Labs Summer School on Cloud and Big Data - The Mentimeter Case Johnny Warstrm, CEO

EIT ICT Labs Summer School on Cloud and Big Data - The Mentimeter Case Johnny Warstrm, CEO

EIT ICT Labs Summer School on Cloud and Big Data - The Mentimeter Case Johnny Warstrm, CEO & Co-founder Mentimeter - Awkward family photo Summary of Mentimeter Why we do it: We want to give everyone a chance to share their opinion How we

651 views • 7 slides
Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come

Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come

Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come from? Why Cloud? Cloud for small, medium, enterprise, and government Barriers to adoption Embracing Cloud Social Mobile Cloud

972 views • 45 slides
SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud

SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud

SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud Tour of the buzzwords, myths and realities Whats in store for me, the boss, the company, the industry? Your cloud, our cloud their

224 views • 19 slides
Apache Spark Tutorial Future Cloud Summer School Paco Nathan @pacoid 2015-08-06

Apache Spark Tutorial Future Cloud Summer School Paco Nathan @pacoid 2015-08-06

Apache Spark Tutorial Future Cloud Summer School Paco Nathan @pacoid 2015-08-06 http://cdn.liber118.com/workshop/fcss_spark.pdf Getting Started s e g a k c a P X h p a G r b l i L M k a r p S g n m i L a Q

1.74k views • 147 slides
CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

Cornell CS5412 Cloud Computing (Spring 2015) 1 CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is cheaper! The cloud business model is growing at an unparalleled pace without any limit in sight

632 views • 45 slides
CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

1 CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is cheaper The cloud business model is growing at an unparalleled pace without any limit in sight In the future everything will be on the cloud

945 views • 65 slides
Spark Machine Learning Future Cloud Summer School Paco Nathan @pacoid 2015-08-08

Spark Machine Learning Future Cloud Summer School Paco Nathan @pacoid 2015-08-08

Spark Machine Learning Future Cloud Summer School Paco Nathan @pacoid 2015-08-08 http://cdn.liber118.com/workshop/fcss_ml.pdf ML Background ML: Background A Visual Guide to Machine Learning Stephanie Yee , Tony Chu

1.07k views • 80 slides
The Cloud Is Big! The Cloud Is Hot! IT industry Constitutes about 2% of total US energy

The Cloud Is Big! The Cloud Is Hot! IT industry Constitutes about 2% of total US energy

The Data Furnace: Heating Up with Cloud Computing Jie Liu , Michel Goraczko, Jiakang Lu Sean James, Christian Belady Kamin Whitehouse Microsoft University of Virginia The Cloud Is Big! The Cloud Is Hot! IT industry Constitutes about 2%

551 views • 16 slides
Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing Understanding: Distributed Application Design Resource Management Automation Virtualized Computing Environments High-performance Computing

1.02k views • 49 slides
Second XtreemOS Summer School Reisensburg Castle, University of Ulm 2 Acknowlegments

Second XtreemOS Summer School Reisensburg Castle, University of Ulm 2 Acknowlegments

XtremOS tutorial on security XtreemOS: Evolving from a Grid to a Cloud Computing System Christine Morin XtreemOS scientific coordinator INRIA Rennes-Bretagne Atlantique Second XtreemOS Summer School July 5, 2010 XtreemOS IP project is

652 views • 30 slides
Collaboration is Key Emma Dunbar, Head of Engagement, Innovation & Entrepreneurship

Collaboration is Key Emma Dunbar, Head of Engagement, Innovation & Entrepreneurship

Collaboration is Key Emma Dunbar, Head of Engagement, Innovation & Entrepreneurship Stakeholders @ Swansea Students & Colleges Students Investors Societies & Networks Student Santander Union Stakeholders Professional

263 views • 10 slides
Be The Spark to Success: Fostering Cultural Inclusion Through Positive Relationships Richland

Be The Spark to Success: Fostering Cultural Inclusion Through Positive Relationships Richland

Be The Spark to Success: Fostering Cultural Inclusion Through Positive Relationships Richland School District Two Inservice Training October 14, 2016 Presented by: Dr. Helen Grant, Chief Diversity and Multicultural Inclusion Officer Ms.

243 views • 22 slides
Spark Emilie Zermatten SNSF 24.05.2019 - 28 Research creates knowledge. Aims Fund

Spark Emilie Zermatten SNSF 24.05.2019 - 28 Research creates knowledge. Aims Fund

Spark Emilie Zermatten SNSF 24.05.2019 - 28 Research creates knowledge. Aims Fund rapid testing or development of new scientific ideas Projects with unconventional thinking, unique approach High originality , only basic (if

438 views • 9 slides
Validation for Distributed Systems with Apache Spark & Beam Melinda Seckington Now

Validation for Distributed Systems with Apache Spark & Beam Melinda Seckington Now

Validation for Distributed Systems with Apache Spark & Beam Melinda Seckington Now mostly works* Holden: My name is Holden Karau Prefered pronouns are she/her Developer Advocate at Google Apache Spark PMC,

956 views • 60 slides
Fourth Quarter and Full Year 2016 Investor Update Conference Call February 10, 2017 Safe Harbor

Fourth Quarter and Full Year 2016 Investor Update Conference Call February 10, 2017 Safe Harbor

Fourth Quarter and Full Year 2016 Investor Update Conference Call February 10, 2017 Safe Harbor Statement Forward-Looking Statements The information contained in this presentation includes certain estimates, projections and other

504 views • 32 slides
Tomorrows Railway and Climate Change Adapta7on (T1009) Presenta7on for Transport Day Break-out

Tomorrows Railway and Climate Change Adapta7on (T1009) Presenta7on for Transport Day Break-out

Tomorrows Railway and Climate Change Adapta7on (T1009) Presenta7on for Transport Day Break-out session: Transport and Adapta7on to Climate Change: Impacts, Policy, and Finance Sunday 6 th December 2015 Michael Woods, John Dora RSSB What is

232 views • 20 slides
Spatial Resolution Assessment from Real Image Data Ralf Reulke (Institute for Robotics and

Spatial Resolution Assessment from Real Image Data Ralf Reulke (Institute for Robotics and

Spatial Resolution Assessment from Real Image Data Ralf Reulke (Institute for Robotics and Mechatronics, DLR, Germany) Andreas Brunn, Horst Weichelt (RapidEye AG, Brandenburg/Havel, Germany) Institute for Robotics and Mechatronics Optical

901 views • 30 slides
Solar and Wind Resource Data for use in the Systems Advisor Model Anthony Lopez Senior

Solar and Wind Resource Data for use in the Systems Advisor Model Anthony Lopez Senior

Solar and Wind Resource Data for use in the Systems Advisor Model Anthony Lopez Senior Geospatial Data Scientist Introduction Focus is primarily on freely available, large spatiotemporal resource data for use in SAM This is not an

142 views • 10 slides

More recommend