why some like it loud
play

Why Some Like It Loud: Timing Power Attacks in Multi-tenant Data - PowerPoint PPT Presentation

Dec 10, 2022 •130 likes •445 views

Why Some Like It Loud: Timing Power Attacks in Multi-tenant Data Centers Using an Acoustic Side Channel Mohammad A. Islam, Luting Yang, Kiran Ranganath, and Shaolei Ren Acknowledgement: This work was supported in part by NSF under grants

  1. Why Some Like It Loud: Timing Power Attacks in Multi-tenant Data Centers Using an Acoustic Side Channel Mohammad A. Islam, Luting Yang, Kiran Ranganath, and Shaolei Ren Acknowledgement: This work was supported in part by NSF under grants CNS-1551661 and ECCS-1610471.

  2. This talk is NOT about multi-tenant clouds; it’s about multi -tenant data centers! 2

  3. This talk is NOT about multi-tenant clouds; it’s about multi -tenant data centers! P D vs U UPS P D U Tenant = virtual machines Tenant = physical servers 2

  4. Multi- tenant data centers are everywhere… Apple houses 25% of its servers in multi- tenant data centers… 3

  5. Multi- tenant data centers are everywhere… Google, Amazon, MS, Fb… :7.8% Multi-tenant: Enterprise: 37% 53% Percentage of electricity usage by data center type (source: NRDC 2015) 3

  6. An overview of multi-tenant data center P D Utility U UPS ATS P D Generator U Managed by operator 4

  7. An overview of multi-tenant data center P D Utility U UPS ATS P D Generator U Managed by operator Managed by tenants 4

  8. An overview of multi-tenant data center P D Utility U UPS ATS Securing the cyberspace P D • DDoS attack, network intrusion, privacy Generator U protection, etc. [Mirkovic, Sigcomm’04][Zhang CCS’12][Moon CCS’15][Dong CCS’17]… Managed by operator Managed by tenants 4

  9. P D U UPS ATS P D U Generator 5

  10. How to attack the physical infrastructure? P D U UPS ATS P D U Generator 5

  11. How to attack the physical infrastructure? P D U UPS ATS P D U Generator Power Overload using Human intrusion server power Hacking control systems 5

  12. How to attack the physical infrastructure? P D U Our focus UPS ATS P D U Generator Power Overload using Human intrusion server power Hacking control systems 5

  13. P D U UPS ATS P D U Generator 6

  14. P D U UPS ATS P D U Generator 6

  15. Power attack: Well-timed power injection to overload the shared P data center capacity, subject to all applicable usage D U constraints set by the operator UPS ATS P Malicious D Tenant U Generator Malicious load 6

  16. Cost analysis More likely to have an outage during overloads (e.g., risk increases by ~280 times for a Tier-IV data center ) Million $/MW/year 25 20 15.6 15 8.7 10 3.5 5 0 Tier-II Tier-III Tier-IV Estimated cost based on 5% overloads and a data center of 1MW-10,00sqft 7

  17. Cost analysis More likely to have an outage during overloads (e.g., risk increases by ~280 times for a Tier-IV data center ) Million $/MW/year 25 Annual cost > $2 billion 20 15.6 (if only 10% of the U.S. data centers 15 are affected) 8.7 10 3.5 5 0 Tier-II Tier-III Tier-IV Estimated cost based on 5% overloads and a data center of 1MW-10,00sqft 7

  18. How to precisely time power attacks? 8

  19. How to precisely time power attacks? • Random attacks are unlikely to be successful, while constant full power is prohibited 8

  20. How to precisely time power attacks? • Random attacks are unlikely to be successful, while constant full power is prohibited • Coarse timing (e.g., based on “peak” hours) is ineffective 8

  21. Server power  Heat  Cold Airflow  Fan Speed  Noise Dell PowerEdge servers 9

  22. Server power  Heat  Cold Airflow  Fan Speed  Noise Dell PowerEdge servers 9

  23. Server power  Heat  Cold Airflow  Fan Speed  Noise Dell PowerEdge servers 9

  24. There are challenges…! 10

  25. Suppressing the loud AC noise Serves in a data center Serves noise 11

  26. Suppressing the loud AC noise Serves in a data center Serves noise A high-pass filter reveals the server noise pattern 11

  27. Unknown 𝑭 (𝑵×𝑳) 𝒀 (𝑶×𝑳) 𝑩 (𝑵×𝑶) 𝒁 (𝑵×𝑳) Interest Observation 12

  28. Unknown 𝑭 (𝑵×𝑳) 𝒀 (𝑶×𝑳) 𝑩 (𝑵×𝑶) 𝒁 (𝑵×𝑳) Interest Observation Solution: Blind source separation using non-negative matrix factorization (NMF) 12

  29. Experimental evaluation • Experimental settings • Run real workload traces in a university data center • True positive: % of attack opportunities detected • Precision: % of an attack being successful 13

  30. Experimental evaluation • Experimental settings • Run real workload traces in a university data center • True positive: % of attack opportunities detected • Precision: % of an attack being successful 13

  31. Physical co-residence and space sharing result in physical side channels Can be exploited to compromise data center physical security! Thanks! 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

C loud A pp P rofiler: T elco C loud A pplications T racing and M onitoring CTPD Project By:

C loud A pp P rofiler: T elco C loud A pplications T racing and M onitoring CTPD Project By:

C loud A pp P rofiler: T elco C loud A pplications T racing and M onitoring CTPD Project By: Sarra KHAZRI / / /Pr Mohamed CHERIET / Montreal, December 11, 2013 Outline Outline Outline Outline 2 Issue Objectives Review of

476 views • 22 slides
What is noise? Loud sounds if they are over 85 dB can be damaging. How do I know if I am

What is noise? Loud sounds if they are over 85 dB can be damaging. How do I know if I am

Protect Your Hearing! What is noise? Loud sounds if they are over 85 dB can be damaging. How do I know if I am listening to levels above 85dB? It is invisible, tasteless, odorless, and IGNORED as a form of pollution. Did you know?

444 views • 19 slides
Loud Voices in the China Field Loud Voices in the China Field A recent debate in Eurasian

Loud Voices in the China Field Loud Voices in the China Field A recent debate in Eurasian

Loud Voices in the China Field Loud Voices in the China Field A recent debate in Eurasian economic history Debate Debate Eurasian economic history has been dominated in the past several years by a sustained debate over the developmental

446 views • 44 slides
4/6/2020 Revelation 19 - 20 19 After this I heard what seemed to be the loud voice of a great

4/6/2020 Revelation 19 - 20 19 After this I heard what seemed to be the loud voice of a great

4/6/2020 Revelation 19 - 20 19 After this I heard what seemed to be the loud voice of a great multitude in heaven, saying, Hallelujah! Salvation and glory and power to our God, 2 for his judgments are true and just; he has judged the

233 views • 11 slides
3 3 years years Rev. 16:1, Then I heard a loud voice from the temple saying to

3 3 years years Rev. 16:1, Then I heard a loud voice from the temple saying to

The Seven Thunders Rev. 10:4 Sealed up and unwritten 3 3 years years Rev. 16:1, Then I heard a loud voice from the temple saying to the seven angels, Go and pour out the bowls of the wrath of God on the earth.

538 views • 12 slides
Architecting for the Clo loud @axelfontaine About Axel Fontaine Founder and CEO of Boxfuse

Architecting for the Clo loud @axelfontaine About Axel Fontaine Founder and CEO of Boxfuse

Architecting for the Clo loud @axelfontaine About Axel Fontaine Founder and CEO of Boxfuse Over 15 years industry experience Continuous Delivery expert Regular speaker at tech conferences JavaOne RockStar in 2014

1.17k views • 72 slides
I N C LOUD C OMPUTING Christina Delimitrou Stanford University Defense May 26 th

I N C LOUD C OMPUTING Christina Delimitrou Stanford University Defense May 26 th

I MPROVING R ESOURCE E FFICIENCY I N C LOUD C OMPUTING Christina Delimitrou Stanford University Defense May 26 th 2015 Resource efficiency is a first-order system constraint How efficiently do we utilize resources?

986 views • 81 slides
Championing participation & standards An increasingly loud voice... CBI First Steps : A new

Championing participation & standards An increasingly loud voice... CBI First Steps : A new

Championing participation & standards An increasingly loud voice... CBI First Steps : A new approach for schools (2013) Social Mobility and Child Poverty Commission (2014) DEMOS : Character Nation (2015) Education Endowment Foundation

365 views • 8 slides
Artificial In Intelligence& Clo loud technology in the library ry transformation

Artificial In Intelligence& Clo loud technology in the library ry transformation

Artificial In Intelligence& Clo loud technology in the library ry transformation Vice President Huawei Cloud Thailand Office AI I

1.23k views • 83 slides
Revelation 12:10 And I heard a loud voice in heaven, saying, Now the salvation and the power

Revelation 12:10 And I heard a loud voice in heaven, saying, Now the salvation and the power

Revelation 12:10 And I heard a loud voice in heaven, saying, Now the salvation and the power and the kingdom of our God and the authority of his Christ have come, for the accuser of our brothers has been thrown down, who accuses them day

453 views • 24 slides
Rev 18:2, And he cried mightily with a loud voice, saying, Babylon the great is fallen, is

Rev 18:2, And he cried mightily with a loud voice, saying, Babylon the great is fallen, is

Rev 18:2, And he cried mightily with a loud voice, saying, Babylon the great is fallen, is fallen, and has become a dwelling place of demons, a prison for every foul spirit, and a cage for every unclean and hated bird! The

971 views • 69 slides
O PTIMUS C LOUD : Heterogeneous Configuration Optimization for Distributed Databases in the Cloud

O PTIMUS C LOUD : Heterogeneous Configuration Optimization for Distributed Databases in the Cloud

O PTIMUS C LOUD : Heterogeneous Configuration Optimization for Distributed Databases in the Cloud Ashraf Mahgoub 1 , Alexander Medoff 1 , Rakesh Kumar 2 , Subrata Mitra 3 , Ana Klimovic 4 , Somali Chaterji 1 , Saurabh Bagchi 1 1: Purdue

634 views • 19 slides
GPU-B ASED D EEP L EARNING IN C LOUD AND E MBEDDED S YSTEMS F REDERICK S OO , CTO April 4, 2016

GPU-B ASED D EEP L EARNING IN C LOUD AND E MBEDDED S YSTEMS F REDERICK S OO , CTO April 4, 2016

GPU-B ASED D EEP L EARNING IN C LOUD AND E MBEDDED S YSTEMS F REDERICK S OO , CTO April 4, 2016 Confidential and Proprietary Nauto is launching a connected camera for professional drivers Drive more than most consumers Exposed to

320 views • 17 slides
Detection of radio quasi-periodic oscillations in the -ray-loud X-ray binary LS I +61 303

Detection of radio quasi-periodic oscillations in the -ray-loud X-ray binary LS I +61 303

Detection of radio quasi-periodic oscillations in the -ray-loud X-ray binary LS I +61 303 Fr ed eric Jaron Max-Planck-Institute for Radio Astronomy Institute of Geodesy and Geoinformation, University of Bonn Effelsberg Science

206 views • 20 slides
S TATISTICAL M ODELING OF S POT I NSTANCE P RICES IN P UBLIC C LOUD E NVIRONMENTS Bahman Javadi ,

S TATISTICAL M ODELING OF S POT I NSTANCE P RICES IN P UBLIC C LOUD E NVIRONMENTS Bahman Javadi ,

S TATISTICAL M ODELING OF S POT I NSTANCE P RICES IN P UBLIC C LOUD E NVIRONMENTS Bahman Javadi , Ruppa K. Thulasiram , and Rajkumar Buyya Cloud Computing and Distributed Systems (CLOUDS) Laboratory Department of Computer Science and Software

611 views • 23 slides
Approaches for Resilience Against Cascading Fail ilures in in Clo loud Datacenters Haoyu Wang,

Approaches for Resilience Against Cascading Fail ilures in in Clo loud Datacenters Haoyu Wang,

Approaches for Resilience Against Cascading Fail ilures in in Clo loud Datacenters Haoyu Wang, Haiying Shen and Zhuozhao Li Univ iversit ity of of Vir irginia 2018 IEE IEEE IC ICDCS, Vien ienna, Austr tria ia Pre resen ented ed by

526 views • 23 slides
SI425 : NLP Set 3 Language Models Fall 2017 : Chambers Language Modeling Which sentence is

SI425 : NLP Set 3 Language Models Fall 2017 : Chambers Language Modeling Which sentence is

SI425 : NLP Set 3 Language Models Fall 2017 : Chambers Language Modeling Which sentence is most likely (most probable)? I saw this dog running across the street. Saw dog this I running across street the. Why? You have a language model in

835 views • 30 slides
Pairwise alignment using HMMs - Ch.4 Durbin et al. Recall the Needleman-Wunsch algorithm for

Pairwise alignment using HMMs - Ch.4 Durbin et al. Recall the Needleman-Wunsch algorithm for

1 Pairwise alignment using HMMs - Ch.4 Durbin et al. Recall the Needleman-Wunsch algorithm for affine gap penalty: V M ( i 1 , j 1) V M ( i, j ) = s ( x i , y j ) + max V X ( i 1 , j 1) V Y ( i 1 , j

591 views • 22 slides
Classifying fake news using supervised learning with NLP Katharine Jarmul Founder, kjamistan

Classifying fake news using supervised learning with NLP Katharine Jarmul Founder, kjamistan

DataCamp Introduction to Natural Language Processing in Python INTRODUCTION TO NATURAL LANGUAGE PROCESSING IN PYTHON Classifying fake news using supervised learning with NLP Katharine Jarmul Founder, kjamistan DataCamp Introduction to

308 views • 20 slides
The Curious Robot: Learning Visual Representa6ons via Physical Interac6ons Lerrel Pinto, Dhiraj

The Curious Robot: Learning Visual Representa6ons via Physical Interac6ons Lerrel Pinto, Dhiraj

The Curious Robot: Learning Visual Representa6ons via Physical Interac6ons Lerrel Pinto, Dhiraj Gandhi, Yuanfeng Han, Yong-Lae Park, Abhinav Gupta ECCV 2016 Presenter: Ginevra Gaudioso R B Problem Learning visual representa-ons of objects

532 views • 21 slides
Vasco Carvalho Starting at 11.30AM ESCoE COVID-19 ECONOMIC MEASUREMENT WEBINARS Tracking the

Vasco Carvalho Starting at 11.30AM ESCoE COVID-19 ECONOMIC MEASUREMENT WEBINARS Tracking the

Tracking the Covid-19 crisis with high-resolution transaction data Vasco Carvalho Starting at 11.30AM ESCoE COVID-19 ECONOMIC MEASUREMENT WEBINARS Tracking the COVID-19 Crisis with High Resolution Transaction Data Vasco M. Carvalho 1 , Juan

636 views • 36 slides
Luxury sector 12m forward PE valuation vs. sales growth 26 14% 24 12% 22 10% 20 8% 18 6%

Luxury sector 12m forward PE valuation vs. sales growth 26 14% 24 12% 22 10% 20 8% 18 6%

Luxury sector 12m forward PE valuation vs. sales growth 26 14% 24 12% 22 10% 20 8% 18 6% 16 4% 14 2% 12 10 0% Jan 12 Apr 12 Jul 12 Oct 12 Jan 13 Apr 13 Jul 13 Oct 13 Jan 14 Apr 14 Jul 14 Oct 14 Jan 15 Apr 15 Jul 15

217 views • 4 slides
Allocation of Time and Consumption-Equivalent Welfare: A Case of South Korea IARIW-BOK Special

Allocation of Time and Consumption-Equivalent Welfare: A Case of South Korea IARIW-BOK Special

Allocation of Time and Consumption-Equivalent Welfare: A Case of South Korea IARIW-BOK Special Conference Ki Young Park Soohyon Kim (presenter) School of Economics Yonsei University April 27, 2017 Park and Kim April 27, 2017 1 / 39

538 views • 38 slides
Introduction First we will look at the current U.S. situation in household income,

Introduction First we will look at the current U.S. situation in household income,

Introduction First we will look at the current U.S. situation in household income, expenditure, saving, and borrowing. Here when we talk about savings we are using this term as the opposite of consumption. Whatever you dont consume is

425 views • 7 slides

More recommend