Measuring the effectiveness of containerization to prevent power draining attacks

In the last years an increasing number of attacks targeting energy consumption in computing systems have been designed and deployed. In this paper we propose a methodology that can be used to limit the effect of all types of power attacks by using the isolation properties guaranteed by virtualization systems. We describe the idea underlying our approach and we present the power consumption measurements we have carried out to validate our approach.

[1]  Mauro Iacono,et al.  Evaluating the impact of eDoS attacks to cloud facilities , 2016, EAI Endorsed Trans. Security Safety.

[2]  Francesco Palmieri,et al.  Energy-oriented denial of service attacks: an emerging menace for large cloud infrastructures , 2014, The Journal of Supercomputing.

[3]  Thanh Bui,et al.  Analysis of Docker Security , 2015, ArXiv.

[4]  Ryan Shea,et al.  Power consumption of virtual machines with network transactions: Measurement and improvements , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[5]  Xiao Ma,et al.  eDoctor : Automatically Diagnosing Abnormal Battery Drain Issues on Smartphones , 2013 .

[6]  P. Menage Adding Generic Process Containers to the Linux Kernel , 2010 .

[7]  Alessio Merlo,et al.  On energy-based profiling of malware in Android , 2014, 2014 International Conference on High Performance Computing & Simulation (HPCS).

[8]  Eric W. Biederman,et al.  Multiple Instances of the Global Linux Namespaces , 2010 .

[9]  Lei Yang,et al.  Accurate online power estimation and automatic battery behavior based power model generation for smartphones , 2010, 2010 IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[10]  Alfredo De Santis,et al.  Multimedia-based battery drain attacks for Android devices , 2014, 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC).

[11]  N. Asokan,et al.  Security of OS-Level Virtualization Technologies , 2014, NordSec.

[12]  Luigi Catuogno,et al.  On the Evaluation of Security Properties of Containerized Systems , 2016, 2016 15th International Conference on Ubiquitous Computing and Communications and 2016 International Symposium on Cyberspace and Security (IUCC-CSS).

[13]  Luigi Catuogno,et al.  Flexible and robust Enterprise Right Management , 2016, 2016 IEEE Symposium on Computers and Communication (ISCC).

[14]  Laurent Lefèvre,et al.  Energy Consumption Side-Channel Attack at Virtual Machines in a Cloud , 2011, 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing.

[15]  Daniel F. Sterne,et al.  Practical Domain and Type Enforcement for UNIX , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[16]  Michael S. Hsiao,et al.  Denial-of-service attacks on battery-powered mobile computers , 2004, Second IEEE Annual Conference on Pervasive Computing and Communications, 2004. Proceedings of the.

[17]  Lawrie Brown,et al.  Computer Security: Principles and Practice , 2007 .

[18]  Gernot Heiser,et al.  An Analysis of Power Consumption in a Smartphone , 2010, USENIX Annual Technical Conference.

[19]  Piero A. Bonatti,et al.  Event-driven RBAC , 2015, J. Comput. Secur..

[20]  Stephen Smalley,et al.  Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.