This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Limiting Cache-based Side-Channel inMulti-tenant Cloud using Dynamic Page Coloring
Jicheng Shi, Xiang Song, Haibo Chen, Binyu Zang
Parallel Processing Institute, Fudan University
{jcshi, xiangsong, hbchen, byzang}@fudan.edu.cn
Abstract
Multi-tenant cloud, which features utility-like computing resources to
tenants in a “pay-as-you-go” style, has been commercially popular for years.
As one of the sole purposes of such a cloud is maximizing resource usages
to increase its revenue, it usually uses virtualization to consolidate VMs
from different and even mutually-malicious tenants atop a powerful physical
machine. This, however, also enables a malicious tenant to steal security-
critical information such as crypto keys from victims, due to the shared
physical resources such as caches.In this paper, we show that stealing crypto keys in a virtualized cloud
may be a real threat by evaluating a cache-based side-channel attack against
an encryption process. To mitigate such attacks while not notably degrading
performance, we propose an approach that leverages dynamic cache coloring:
when an application is doing security-sensitive operations, the VMM is
notified to swap the associated data to a safe and isolated cache line.
This approach may eliminate cache-based side-channel for security-critical
operations, yet ensure efficient resource sharing during normal operations.
We demonstrate the applicability by illustrating a preliminary implementation
based on Xen and its performance overhead.
1. Introduction
Multi-tenant cloud, which usually leases computing re-
sources to tenants in the form of virtual machines (VMs), have
been adopted in various usage scenarios such as application
hosting, content delivering, e-commerce and web hosting [2].
The approach of consolidating resources using virtualization
allows the cloud infrastructure providers to achieve optimal
resource utilization while maintaining adequate isolation.
However, providing virtual isolation (i.e., VM) other than
physical isolation may also have some security implications.
For example, co-locating VMs on the same platform may lead
to implicit resource sharing (e.g., cache) among co-located
VMs, which introduces opportunities of security interference.
Previous researchers have demonstrated the applicability of
using various side-channel attacks to extract information such
as physical location and workload information [13].
Side-channel attack, which leverages low-bandwidth mes-
sage channels (e.g., timing, power, cache misses) in a system
to derive or leak security-sensitive information, has been
proven to be realistic threats to modern computer systems.
Among them, cache-based side-channel attacks have been
shown practical to steal cryptographic information within a
single operating system [4], [10], [12]. The main idea is that
cryptographic algorithms usually have data-dependent memory
access patterns, which can be revealed by observing and
analyzing the associated cache hit/miss statistics. Cache-basedattacks then can rely on certain statistics during the encryption
or decryption operations to extract the cryptographic key.
In this paper, we make the first illustration of the applicabil-
ity of mounting cache-based side-channel attacks among VMs
in multi-tenant cloud, by building a simple example of cross-
VM side-channel attacks through revealing the cache hit/miss
statistics [10]. The attack is done on an Intel i7 machine
with hyper-threading technology running the Xen VMM [3],
where the victim guest VM shares the same L1 cache with the
attacking VM. Our experiment shows that the attacking VM
can still extract the cryptography key information even in the
presence of much more interference than in a single OS.
One intuitive defense against cache-based side-channel at-
tacks across VMs is to provide strong cache isolation among
VMs such as applying static page coloring in virtual plat-
forms [7]. However, this approach will proportionally decrease
the available cache sets for use, thus may significantly degrade
the performance for not only the protected VM, but also other
VMs. Further, typical processor cores usually have limited
number of cache sets, which could limit the number of
runnable VMs within a shared cache when applying static page
coloring.
To enforce cache isolation while providing good perfor-
mance, we propose a non-intrusive, low-overhead dynamic
page coloring mechanism, named Chameleon, which provides
strict cache isolation only during security-critical operations.
A specific color (named secure color) is assigned to the secure
process so that strict cache isolation can be achieved through
dynamic page coloring. We provide a specific interface for
applications to notify the hypervisor the entering of a security-
critical section. During the security-critical section, the secure
color is only available for security-critical operations and not
usable by any other co-located VMs on the same hardware
platform.
We have implemented Chameleon based on Xen [3] with
750 lines of code changes. The prototype only requires several
lines of code changes to applications and no change to
guest OS core kernel to protect VMs from cache-based side-
channel attacks. Our preliminary performance evaluation using
a key-encryption process and Apache SSL mode shows that
Chameleon incurs negligible overhead when isolating only
security-critical operations, and still acceptable performance
overhead when isolating the entire application.
The rest of this paper is organized as follows. Section 2
describes the threat model and illustrates the applicability of
cache-based attacks using a simple experiment on a virtualized
http://aws.amazon.com/ec2/, 2011.[3] P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neuge-
bauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. InProceedings of the nineteenth ACM symposium on Operating systems
principles, page 177. ACM, 2003.[4] D. Bernstein. Cache-timing attacks on AES. 2005.[5] E. Brickell, G. Graunke, M. Neve, and J. Seifert. Software mitigations
to hedge AES against cache-based software side channel vulnerabilities.IACR ePrint Archive, Report, 52, 2006.
[6] S. Gueron and M. E. Kounavis. New processor instructions foraccelerating encryption and authentication algorithms. Intel Technology
Journal, 2009.[7] X. Jin, H. Chen, X. Wang, Z. Wang, X. Wen, Y. Luo, and X. Li. A
Simple Cache Partitioning Approach in a Virtualized Environment. InProc. IPDPS, 2009.
[8] J. Lin, Q. Lu, X. Ding, Z. Zhang, X. Zhang, and P. Sadayappan.Gaining insights into multicore cache partitioning: Bridging the gapbetween simulation and real systems. In the 14th Symposium on High-
[9] G. Neiger, A. Santoni, F. Leung, D. Rodgers, and R. Uhlig. Intelvirtualization technology: Hardware support for efficient processor vir-tualization. Intel Technology Journal, 10(3):167–177, 2006.
[10] D. Osvik, A. Shamir, and E. Tromer. Cache attacks and countermeasures:the case of aes. In RSA Conference Cryptographers Track(CT-RSA).Springer, 2006.
[11] Oswald E, Mangard S, Pramstaller N, Rijmen V. A side-channel analysisresistant description of the aes s-box. In Lecture notes in computer
science: FSE, 2005.[12] C. Percival. Cache missing for fun and profit. BSDCan 2005, 2005.[13] Ristenpart, Thomas and Tromer, Eran and Shacham, Hovav and Savage,
Stefan. Hey, you, get off of my cloud: exploring information leakage inthird-party compute clouds. In Proc. CCS, 2009.
[14] L. Soares, D. Tam, and M. Stumm. Reducing the harmful effects oflast-level cache polluters with an OS-level, software-only pollute buffer.In the 41st IEEE/ACM International Symposium on Microarchitecture,
2008. MICRO-41., pages 258–269. IEEE/ACM, 2008.[15] D. Tam, R. Azimi, L. Soares, and M. Stumm. Managing shared L2
caches on multicore systems in software. In Workshop on the Interaction
between Operating Systems and Computer Architecture. Citeseer, 2007.[16] G. Taylor, P. Davies, and M. Farmwald. The TLB slice low-cost