Time-Stealer: A Stealthy Threat for Virtualization Scheduler and Its Countermeasures

Third-party Cloud Computing, Amazon's Elastic Compute Cloud (EC2) for instance, provides Infrastructure as a Service (IaaS) solutions that pack multiple customer virtual machines (VMs) onto the same physical server with hardware virtualization technology. Xen is widely used in virtualization which charges VMs by wall clock time rather than resources consumed. Under this model, manipulation of the scheduler vulnerability may allow theft-of-service at the expense of other customers. Recent research has shown that attacker's VM can consume more CPU time than fair share on Amazon EC2 in that Xen 3.x default Credit Scheduler's resolution was rather coarse. Although considerable changes have been made in Xen 4.x Credit Scheduler to improve the performance in case of such stealing attacks, we've found another alternative attack called Time-Stealer which can obtain up to 96.6% CPU cycles stealthily under some circumstances on XenServer6.0.2 platform by analyzing the source code thoroughly. Detection methods using benchmarks as well as a series of countermeasures are proposed and experimental results have demonstrated the effectiveness of these defense techniques.

[1]  Steven McCanne,et al.  A Randomized Sampling Clock for CPU Utilization Estimation and Code Profiling , 1993, USENIX Winter.

[2]  Anoop Gupta,et al.  Performance isolation: sharing and isolation in shared-memory multiprocessors , 1998, ASPLOS VIII.

[3]  Amin Vahdat,et al.  Dynamic Scheduling of Virtual Machines Running HPC Workloads in Scientific Grids , 2007, 2009 3rd International Conference on New Technologies, Mobility and Security.

[4]  Benjamin Farley,et al.  Resource-freeing attacks: improve your cloud performance (at your neighbor's expense) , 2012, CCS.

[5]  A. B. M. Shawkat Ali,et al.  A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing , 2012, Future Gener. Comput. Syst..

[6]  Zhuolin Yang,et al.  Virtualization security for cloud computing service , 2011, 2011 International Conference on Cloud and Service Computing.

[7]  Peter J. Varman,et al.  mClock: Handling Throughput Variability for Hypervisor IO Scheduling , 2010, OSDI.

[8]  Dan Tsafrir,et al.  Secretly Monopolizing the CPU Without Superuser Privileges , 2007, USENIX Security Symposium.

[9]  Albert G. Greenberg,et al.  Seawall: Performance Isolation for Cloud Datacenter Networks , 2010, HotCloud.

[10]  David Chisnall,et al.  The Definitive Guide to the Xen Hypervisor , 2007 .

[11]  Paul England,et al.  Resource management for isolation enhanced cloud services , 2009, CCSW '09.

[12]  Alexandra Fedorova,et al.  Addressing shared resource contention in multicore processors via scheduling , 2010, ASPLOS 2010.

[13]  Minglu Li,et al.  The hybrid scheduling framework for virtual machine systems , 2009, VEE '09.

[14]  Sally A. McKee,et al.  An approach to resource-aware co-scheduling for CMPs , 2010, ICS '10.

[15]  Anand Sivasubramaniam,et al.  Xen and co.: communication-aware CPU scheduling for consolidated xen-based hosting platforms , 2007, VEE '07.

[16]  David E. Williams Chapter 2 – Introducing xen , 2007 .

[17]  Peter Desnoyers,et al.  Scheduler Vulnerabilities and Coordinated Attacks in Cloud Computing , 2011, 2011 IEEE 10th International Symposium on Network Computing and Applications.

[18]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[19]  Heeseung Jo,et al.  Task-aware virtual machine scheduling for I/O performance. , 2009, VEE '09.

[20]  Matti A. Hiltunen,et al.  An exploration of L2 cache covert channels in virtualized environments , 2011, CCSW '11.

[21]  Peter Desnoyers,et al.  Scheduler Vulnerabilities and Attacks in Cloud Computing , 2011, ArXiv.

[22]  Frank Bellosa,et al.  Resource-conscious scheduling for energy efficiency on multicore processors , 2010, EuroSys '10.

[23]  Michael K. Reiter,et al.  HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis , 2011, 2011 IEEE Symposium on Security and Privacy.

[24]  Alan L. Cox,et al.  Scheduling I/O in virtual machine monitors , 2008, VEE '08.

[25]  Steven J. Vaughan-Nichols,et al.  Virtualization Sparks Security Concerns , 2008, Computer.