论文信息 - User-Level Side Channel Attack on Workflow System in Data-Center

User-Level Side Channel Attack on Workflow System in Data-Center

Though current workflow systems, known as the major task managing tool in data-center, use UNIX-based user/group authorization mechanisms to defend unauthorized operations, the information in workflow systems, such as DAG (Directed Acyclic Graph), could be easily exposed to any user-level malicious monitor. In this paper, we propose a type of side channel attack to data-center workflow information. By this attack, the DAG of workflow systems can be stolen through monitoring basic system characteristics, such as CPU utilization, memory accessing, disk I/O, etc, which can successfully circumvents UNIX privilege checking. Also, we present a software-diversity based measurecounter to mitigate the attack.

Meikang Qiu | Qiang Li | Yan Shen | Jihe Wang | Bing Guo

[1] Weihua Jiang,et al. A token authentication solution for hadoop based on kerberos pre-authentication , 2014, 2014 International Conference on Data Science and Advanced Analytics (DSAA).

[2] Miki Haseyama,et al. Audio signal segmentation and classification using fuzzy c-means clustering , 2006 .

[3] Markus Jakobsson,et al. Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[4] Lindsay I. Smith,et al. A tutorial on Principal Components Analysis , 2002 .

[5] Murat Kantarcioglu,et al. Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation , 2012, NDSS.

[6] David M. Eyers,et al. Information Flow Control for Secure Cloud Computing , 2014, IEEE Transactions on Network and Service Management.

[7] Gerardo Pelosi,et al. Protecting Access Confidentiality with Data Distribution and Swapping , 2014, 2014 IEEE Fourth International Conference on Big Data and Cloud Computing.

[8] M S Waterman,et al. Identification of common molecular subsequences. , 1981, Journal of molecular biology.

[9] Andreas Neumann,et al. Oozie: towards a scalable workflow management system for Hadoop , 2012, SWEET '12.

[10] Anil Somayaji,et al. Cloud Security : Attacks and Current Defenses , .

[11] Sanjay Ghemawat,et al. MapReduce: Simplified Data Processing on Large Clusters , 2004, OSDI.