Supporting Security Sensitive Tenants in a Bare-Metal Cloud

Bolted is a new architecture for bare-metal clouds that enables tenants to control tradeoffs between security, price, and performance. Security-sensitive tenants can minimize their trust in the public cloud provider and achieve similar levels of security and control that they can obtain in their own private data centers. At the same time, Bolted neither imposes overhead on tenants that are security insensitive nor compromises the flexibility or operational efficiency of the provider. Our prototype exploits a novel provisioning system and specialized firmware to enable elasticity similar to virtualized clouds. Experimentally we quantify the cost of different levels of security for a variety of workloads and demonstrate the value of giving control to the tenant.

[1]  David H. Bailey,et al.  The Nas Parallel Benchmarks , 1991, Int. J. High Perform. Comput. Appl..

[2]  Michael Hamburg,et al.  Meltdown , 2018, meltdownattack.com.

[3]  Virtual Bridged,et al.  IEEE Standards for Local and Metropolitan Area Networks: Specification for 802.3 Full Duplex Operation , 1997, IEEE Std 802.3x-1997 and IEEE Std 802.3y-1997 (Supplement to ISO/IEC 8802-3: 1996/ANSI/IEEE Std 802.3, 1996 Edition).

[4]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[5]  Helen J. Wang,et al.  SubVirt: implementing malware with virtual machines , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[6]  John Heasman Rootkits: Rootkit threats , 2006 .

[7]  Mike Hibler,et al.  Automatic Online Validation of Network Configuration in the Emulab Network Testbed , 2006, 2006 IEEE International Conference on Autonomic Computing.

[8]  Carlos Maltzahn,et al.  Ceph: a scalable, high-performance distributed file system , 2006, OSDI '06.

[9]  Aaron Weiss Trusted computing , 2006, NTWK.

[10]  J. Aaron Pendergrass,et al.  Linux kernel integrity measurement using contextual inspection , 2007, STC '07.

[11]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[12]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[13]  Ahmad-Reza Sadeghi,et al.  Trusted Computing , 2010, Handbook of Financial Cryptography and Security.

[14]  Scott Shenker,et al.  Spark: Cluster Computing with Working Sets , 2010, HotCloud.

[15]  T. Fujita tgt: Framework for Storage Target Drivers , 2010 .

[16]  Ruby B. Lee,et al.  Characterizing hypervisor vulnerabilities in cloud computing servers , 2013, Cloud Computing '13.

[17]  Xeno Kovah,et al.  BIOS chronomancy: fixing the core root of trust for measurement , 2013, CCS.

[18]  Ruby B. Lee,et al.  Cyber defenses for physical attacks and insider threats in cloud computing , 2014, AsiaCCS.

[19]  Xeno Kovah,et al.  SENTER Sandman: Using Intel TXT to Attack BIOSes , 2014 .

[20]  Larry Rudolph,et al.  Thunderstrike: EFI firmware bootkits for Apple MacBooks , 2015, SYSTOR.

[21]  Gernot Heiser,et al.  Last-Level Cache Side-Channel Attacks are Practical , 2015, 2015 IEEE Symposium on Security and Privacy.

[22]  Kazuhiko Kato,et al.  Improving Agility and Elasticity in Bare-metal Clouds , 2015, ASPLOS.

[23]  William W. Streilein,et al.  Timely Rerandomization for Mitigating Memory Disclosures , 2015, CCS.

[24]  Abhinav Srivastava,et al.  Hardening OpenStack Cloud Platforms against Compute Node Compromises , 2016, AsiaCCS.

[25]  Nabil Schear,et al.  Bootstrapping and maintaining trust in the cloud , 2016, ACSAC.

[26]  Robert Ricci,et al.  Precursors: Emulab , 2016, The GENI Book.

[27]  Erez Zadok,et al.  Filebench: A Flexible Framework for File System Benchmarking , 2016, login Usenix Mag..

[28]  Peter Desnoyers,et al.  HIL: Designing an Exokernel for the Data Center , 2016, SoCC.

[29]  Herbert Bos,et al.  Flip Feng Shui: Hammering a Needle in the Software Stack , 2016, USENIX Security Symposium.

[30]  Vincent Nicomette,et al.  Bypassing IOMMU Protection against I/O Attacks , 2016, 2016 Seventh Latin-American Symposium on Dependable Computing (LADC).

[31]  Kazuhiko Kato,et al.  BMCArmor: A Hardware Protection Scheme for Bare-Metal Clouds , 2017, 2017 IEEE International Conference on Cloud Computing Technology and Science (CloudCom).

[32]  Kashif Kifayat,et al.  Preventing and detecting cache side-channel attacks in cloud computing , 2017, ICC.

[33]  Mathias Payer,et al.  Control-Flow Integrity , 2017, ACM Comput. Surv..

[34]  Srikanth V. Krishnamurthy,et al.  Malicious co-residency on the cloud: Attacks and defense , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[35]  Ricardo Bianchini,et al.  Resource Central: Understanding and Predicting Workloads for Improved Resource Management in Large Cloud Platforms , 2017, SOSP.

[36]  Peter Desnoyers,et al.  M2: Malleable Metal as a Service , 2018, 2018 IEEE International Conference on Cloud Engineering (IC2E).

[37]  Peter Desnoyers,et al.  A Secure Cloud with Minimal Provider Trust , 2019, HotCloud.

[38]  Andrew R. Regenscheid Platform Firmware Resiliency Guidelines , 2018 .

[39]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[40]  Ran Canetti,et al.  On the Universally Composable Security of OpenStack , 2019, 2019 IEEE Cybersecurity Development (SecDev).

[41]  Mordechai Guri,et al.  PowerHammer: Exfiltrating Data From Air-Gapped Computers Through Power Lines , 2018, IEEE Transactions on Information Forensics and Security.