Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
An Overview of Issues and Recent Developments in Cloud Computing and Storage Security Kapitel lesen Erstes Kapitel lesen

2014 | OriginalPaper | Buchkapitel

Exploiting Timing Side Channel in Secure Cloud Scheduling

verfasst von : Sachin Kadloor, Negar Kiyavash

Erschienen in: High Performance Cloud Auditing and Applications

Verlag: Springer New York

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Traditionally, scheduling policies used in event schedulers have been designed to optimize performance based metrics such as throughput and delay while maintaining some notion of fairness. In multi-tenancy cloud environments, it is important to ensure privacy of the users because a scheduler creates a timing based side channel through which malicious users can learn about the service usage pattern of the others. In this chapter, we demonstrate the existence of a timing side channel in shared schedulers and discuss the design of secure scheduling policies. When a processor is shared by multiple users, the delays experienced by jobs from one user are a function of the arrival pattern of jobs from other users, and the scheduling policy of the server. Consequently, a scheduling system creates a timing side channel in which information about arrival pattern from one user is inadvertently leaked to another. In this work, this information leakage is studied for a two user scheduling system. We first introduce a measure of privacy and then demonstrate that no scheduler can provide maximum privacy without idling/taking vacations, and consequently no policy can simultaneously be delay and privacy optimal.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Diagnosing Vulnerability Patterns in Cloud Audit Logs
Nächstes Kapitel Federated Cloud Security Architecture for Secure and Agile Clouds
Literatur
1.
Agat, J.: Transforming out timing leaks. In: Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL’00, Boston, pp. 40–53. ACM, New York (2000). doi:10.1145/325694.325702
2.
Anantharam, V., Verdu, S.: Bits through queues. IEEE Trans. Inf. Theory 42(1), 4–18 (2006). doi:10.1109/18.481773CrossRef
3.
Askarov, A., Zhang, D., Myers, A.C.: Predictive black-box mitigation of timing channels. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS’10, Chicago, pp. 297–307. ACM, New York (2010). doi:10.1145/1866307.1866341
4.
Asmussen, S.: Applied Probability and Queues. Wiley, Hoboken (1989). doi:10.1002/asm.3150050208
5.
Bertsekas, D.P., Gallager, R.G.: Data Networks. Prentice-Hall, Englewood Cliffs (1987)
6.
Bissias, G.D., Liberatore, M., Jensen, D., Levine, B.N.: Privacy vulnerabilities in encrypted HTTP streams. In: Proceedings of the 5th International Conference on Privacy Enhancing Technologies, PET’05, Cavtat, pp. 1–11. Springer, Berlin/Heidelberg (2006). doi:10.1007/ 11767831_1
7.
Bortz, A.,Boneh, D.: Exposing private information by timing web applications. In: Proceedings of the 16th International Conference on World Wide Web, WWW’07, Banff, pp. 621–628. ACM, New York (2007). doi:10.1145/1242572.1242656
8.
Brumley, D., Boneh, D.: Remote timing attacks are practical. In: Proceedings of the 12th Conference on USENIX Security Symposium, SSYM’03, Washington, DC, pp. 1–1. USENIX Association, Berkeley (2003)
9.
Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: Proceedings of the 16th European Conference on Research in Computer Security, ESORICS’11, Leuven, pp. 355–371. Springer, Berlin/Heidelberg (2011)
10.
Cabuk, S., Brodley, C.E., Shields, C.: IP covert timing channels: design and detection. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS’04, Washington, DC, pp. 178–187. ACM, New York (2004). doi:10.1145/1030083.1030108
11.
Chaum, D.: Blind signatures for untraceable payments. In: Proceedings of the 1982 CRYPTO: Advances in Cryptology, CRYPTO’82, Santa Barbara, vol. 82, pp. 199–203. Plenum, New York (1983)
12.
Crosby, S.A., Wallach, D.S., Riedi, R.H.: Opportunities and limits of remote timing attacks. ACM Trans. Inf. Syst. Secur. 12(3), 17:1–17:29 (2009). doi:10.1145/1455526.1455530
13.
Csiszár, I., Korner, J.: Broadcast channels with confidential messages. IEEE Trans. Inf. Theory 24, 339–348 (1978)CrossRefMATH
14.
Evans, N.S., Dingledine, R., Grothoff, C.: A practical congestion attack on tor using long paths. In: Proceedings of the 18th Conference on USENIX Security Symposium, SSYM’09, Montreal, pp. 33–50. USENIX Association, Berkeley (2009)
15.
Felten, E.W., Schneider, M.A.: Timing attacks on web privacy. In: Proceedings of the 7th ACM Conference on Computer and Communications Security, CCS’00, Athens, pp. 25–32. ACM, New York (2000). doi:10.1145/352600.352606
16.
Froscher, J., Payne, C.: The Handbook for the Computer Security Certification of Trusted Systems. Naval Research Laboratory, Washington, DC (1992)
17.
Ghaderi, J., Srikant, R.: Towards a theory of anonymous networking. In: Proceedings of the 29th Conference on Information Communications, INFOCOM’10, San Diego, pp. 686–694. IEEE, Piscataway (2010)
18.
Giles, J., Hajek, B.: An information-theoretic and game-theoretic study of timing channels. IEEE Trans. Inf. Theory 48(9), 2455–2477 (2002). doi:10.1109/TIT.2002.801405MathSciNetCrossRefMATH
19.
Gong, X., Borisov, N., Kiyavash, N., Schear, N.: Website detection using remote traffic analysis. In: Proceedings of the 12th International Conference on Privacy Enhancing Technologies, PETS’12, Vigo, pp. 58–78. Springer, Berlin/Heidelberg (2012). doi:10.1007/ 978-3-642-31680-7_4
20.
Hu, W.M.: Reducing timing channels with fuzzy time. In: Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, pp. 8–20 (1991). doi:10.1109/RISP.1991.130768
21.
Hu, W.M.: Lattice scheduling and covert channels. In: Proceedings of the 1992 IEEE Symposium on Security and Privacy, SP’92, Oakland, pp. 52–61. IEEE Computer Society, Washington, DC (1992)
22.
Kadloor, S., Kiyavash, N., Venkitasubramaniam, P.: Mitigating timing based information leakage in shared schedulers. In: Proceedings of the 2012 IEEE INFOCOM, INFOCOM’12, Orlando, pp. 1044–1052 (2012). doi:10.1109/INFCOM.2012.6195460
23.
Kemmerer, R.A.: A practical approach to identifying storage and timing channels: twenty years later. In: Proceedings of the 18th Annual Computer Security Applications Conference, ACSAC’02, Los Alamitos, p. 109. IEEE Computer Society, Washington, DC (2002). doi:10.1109/CSAC.2002.1176284
24.
Kocher, P.C.: Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In: Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO’96, Santa Barbara, pp. 104–113. Springer, London (1996)
25.
Lam, S.: Delay analysis of a time division multiple access (TDMA) channel. IEEE Trans. Commun. 25(12), 1489–1494 (1977). doi:10.1109/TCOM.1977.1093784CrossRef
26.
Lampson, B.W.: A note on the confinement problem. Commun. ACM 16(10), 613–615 (1973). doi:10.1145/362375.362389CrossRef
27.
Liberatore, M., Levine, B.N.: Inferring the source of encrypted HTTP connections. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS’06, Alexandria, pp. 255–263. ACM, New York (2006). doi:10.1145/1180405.1180437
28.
Liu, Y., Ghosal, D., Armknecht, F., Sadeghi, A.R., Schulz, S., Katzenbeisser, S.: Hide and seek in time: robust covert timing channels. In: Proceedings of the 14th European Conference on Research in Computer Security, ESORICS’09, Saint-Malo, pp. 120–135. Springer, Berlin/Heidelberg (2009)
29.
30.
Millen, J.K.: Covert channel capacity. In: Proceedings of the 1987 IEEE Symposium on Security and Privacy, SP’87, Oakland, pp. 60–66 (1987)
31.
Moskowitz, I.S., Miller, A.R.: The channel capacity of a certain noisy timing channel. IEEE Trans. Inf. Theory 38(4), 1339–1344 (1992). doi:10.1109/18.144712CrossRefMATH
32.
Murdoch, S.J., Danezis, G.: Low-cost traffic analysis of tor. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, SP’05, Oakland, pp. 183–195. IEEE Computer Society, Washington, DC (2005). doi:10.1109/SP.2005.12
33.
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Proceedings of the 2006 The Cryptographers’ Track at the RSA Conference on Topics in Cryptology, CT-RSA’06, San Jose, pp. 1–20. Springer, Berlin/Heidelberg (2006). doi:10.1007/11605805_1
34.
Padlipsky, M.A., Snow, D.W., Karger, P.A.: dtic.mil,ESD-TR-78-158: limitations of end-to-end encryption in secure computer networks. http://​goo.​gl/​ujLfa (1978)
35.
Page, D.: Theoretical use of cache memory as a cryptanalytic side-channel. Techincal Report CSTR-02-003, Department of Computer Science, University of Bristol (2002)
36.
Percival, C.: Cache missing for fun and profit. In: Proceedings of the 2005 BSDCan, BSDCan’05, Ottawa (2005)
37.
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS’09, Chicago, pp. 199–212. ACM, New York (2009). doi:10.1145/1653662.1653687
38.
Rom, R., Sidi, M.: Multiple Access Protocols: Performance and Analysis. Springer, New York (1990)CrossRefMATH
39.
Saponas, T.S., Lester, J., Hartung, C., Agarwal, S., Kohno, T.: Devices that tell on you: privacy trends in consumer ubiquitous computing. In: Proceedings of the 16th USENIX Security Symposium, SS’07, Boston, pp. 5:1–5:16 (2007)
40.
Schinzel, S.: An efficient mitigation method for timing side channels on the web. In: Proceedings of the 2nd International Workshop on Constructive Side-Channel Analysis and Secure Design (2011)
41.
Shah, G., Molina, A., Blaze, M.: Keyboards and covert channels. In: Proceedings of the 15th USENIX Security Symposium, USENIX-SS’06, Vancouver. USENIX Association, Berkeley (2006)
42.
Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and timing attacks on SSH. In: Proceedings of the 10th Conference on USENIX Security Symposium, SSYM’01, Washington, DC, pp. 25–25. USENIX Association, Berkeley (2001)
43.
Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M.: Cryptanalysis of DES implemented on computers with cache. In: Proceedings of the 2003 Cryptographic Hardware and Embedded Systems Workshop, CHES’03, Cologne, pp. 62–76. Springer, Berlin/Heidelberg (2003)
44.
Venkitasubramaniam, P., Anantharam, V.: On the anonymity of chaum mixes. In: Proceedings of the 2008 IEEE International Symposium on Information Theory, Toronto (2008). doi:10.1109/ISIT.2008.4594929
45.
Wagner, A.B., Anantharam, V.: NATO/ASI Workshop on Network Security and Intrusion Detection: Information Theory of Covert Timing Channels (2005)
46.
Wang, Z., Lee, R.B.: Covert and side channels due to processor architecture. In: Proceedings of the 22nd Annual Computer Security Applications Conference, ACSAC ’06, Miami Beach, pp. 473–482. IEEE Computer Society, Washington, DC (2006). doi:10.1109/ACSAC.2006.20
47.
Wang, Y., Moulin, P.: Perfectly secure steganography: capacity, error exponents, and code constructions. IEEE Trans. Inf. Theory 54(6), 2706–2722 (2008). doi:10.1109/TIT.2008.921684MathSciNetCrossRef
48.
Wang, X., Reeves, D.S.: Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS’03, Washington, DC, pp. 20–29. ACM, New York (2003). doi:10.1145/948109.948115
49.
Wang, X., Chen, S., Jajodia, S.: Tracking anonymous peer-to-peer voip calls on the internet. In: Proceedings of the 12th ACM Conference on Computer and communications security, CCS’05, Alexandria, pp. 81–91. ACM, New York (2005). doi:10.1145/1102120.1102133
50.
Wray, J.C.: An analysis of covert timing channels. In: Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy, Oakland, p. 2. IEEE Computer Society, Los Alamitos (1991). doi:10.1109/RISP.1991.130767
51.
Wright, C.V., Ballard, L., Coull, S.E., Monrose, F., Masson, G.M.: Spot me if you can: uncovering spoken phrases in encrypted voip conversations. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy, SP’08, Oakland, pp. 35–49. IEEE Computer Society, Washington, DC (2008). doi:10.1109/SP.2008.21
52.
53.
Zhang, D., Askarov, A., Myers, A.C.: Predictive mitigation of timing channels in interactive systems. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS’11, Chicago, pp. 563–574. ACM, New York (2011). doi:10.1145/2046707.2046772
54.
Zukerman, M., Neame, T., Addie, R.: Internet traffic modeling and future technology implications. In: Proceedings of the 22nd Annual Joint Conference of the IEEE Computer and Communications, INFOCOM’03, San Francisco, pp. 587–596 (2003). doi:10.1109/INFCOM.2003.1208709
Metadaten
Titel
Exploiting Timing Side Channel in Secure Cloud Scheduling
verfasst von
Sachin Kadloor
Negar Kiyavash
Copyright-Jahr
2014
Verlag
Springer New York
Buch
High Performance Cloud Auditing and Applications

Print ISBN: 978-1-4614-3295-1

Electronic ISBN: 978-1-4614-3296-8

Copyright-Jahr: 2014

DOI
https://doi.org/10.1007/978-1-4614-3296-8_6

Premium Partner

    Bildnachweise