Nomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration
|
|
- Diane Jennings
- 5 years ago
- Views:
Transcription
1 Nomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar Michael K. Reiter
2 Context: Infrastructure-as-a-Service Clouds Client API Cloud Controller Machine Machine Machine
3 Information Leakage via Co-Residency Co-Residency Cloud Controller Machine
4 Information Leakage via Co-Residency Co-Residency Cloud Controller Shared resources Machine Shared Resources
5 Information Leakage via Co-Residency Co-Residency Cloud Controller Shared resources Side Channels Machine Shared Resources
6 Information Leakage via Co-Residency Co-Residency Cloud Controller Shared resources Side Channels Machine Shared Resources Information Leakage
7 Limitations of Current Defenses 1. Requires significant/detailed upgrades OS OS e.g., Noise injection Hypervisor Hardware e.g., Deterministic execution e.g., New cache design 2. Attack-specific Proposed defense includes but not limited to: Y. Zhang et al., CCS2013; T. Kim et al., USENIXSec 2012; F. Liu and R. Lee, Micro 2014
8 Limitations of Current Defenses 1. Requires significant/detailed upgrades OS OS e.g., Noise injection Hypervisor Hardware e.g., Deterministic execution e.g., New cache design 2. Attack-specific What about future side-channel attacks? Proposed defense includes but not limited to: Y. Zhang et al., CCS2013; T. Kim et al., USENIXSec 2012; F. Liu and R. Lee, Micro 2014
9 Ideal Properties 1) General 2) Immediately deployable
10 Ideal Properties 1) General 2) Immediately deployable Single-tenancy?
11 Ideal Properties 1) General 2) Immediately deployable Single-tenancy?
12 Nomad Ideas 1) General 2) Immediately deployable
13 Nomad Ideas 1) General Tackle root-cause Minimize co-residency 2) Immediately deployable
14 Nomad Ideas 1) General Tackle root-cause Minimize co-residency 2) Immediately deployable Migration
15 Nomad Vision: Migration-as-a-Service Provider-assisted Cloud Controller Machine Machine Machine
16 Nomad Vision: Migration-as-a-Service Provider-assisted Cloud Controller Move s { } Machine Machine Machine
17 Nomad Vision: Migration-as-a-Service Opt-in Service Cloud Provider Service offering Opt-in? Clients Provider-assisted Cloud Controller Move s { } Machine Machine Machine
18 Nomad Practical Challenges Logic Characterize information leakage due to co-residency Cloud Controller Machine Machine Machine
19 Nomad Practical Challenges Logic Characterize information leakage due to co-residency Scalable Design e.g., can Amazon EC2 run this? Cloud Controller Machine Machine Machine
20 Nomad Practical Challenges Logic Characterize information leakage due to co-residency Cloud Controller Scalable Design e.g., can Amazon EC2 run this? Practical Impact (cloud) Minimal modifications? Machine Machine Machine
21 Nomad Practical Challenges Logic Characterize information leakage due to co-residency Cloud Controller Scalable Design e.g., can Amazon EC2 run this? Practical Impact (cloud) Minimal modifications? Machine Machine Machine Practical Impact (applications) 1) Advancement of migration techniques 2) Many cloud workloads with in-built resilience to migration
22 1. Idea General side-channel defense via migration Our Work
23 Our Work 1. Idea General side-channel defense via migration 2. Logic Characterize information leakage due to co-residency
24 Our Work 1. Idea General side-channel defense via migration 2. Logic Characterize information leakage due to co-residency 3. Scalable Design Scalable migration strategy that can handle large cloud deployments
25 Our Work 1. Idea General side-channel defense via migration 2. Logic Characterize information leakage due to co-residency 3. Scalable Design Scalable migration strategy that can handle large cloud deployments 4. Practical Impact Practical OpenStack implementation with minimal modifications
26 Our Work 1. Idea General side-channel defense via migration 2. Logic Characterize information leakage due to co-residency 3. Scalable Design Scalable migration strategy that can handle large cloud deployments 4. Practical Impact Practical OpenStack implementation with minimal modifications
27 Threat Model Objective: Extract secrets via co-residency Can use any kind of resource Can launch/terminate s at will s of a given client can collaborate
28 Threat Model Objective: Extract secrets via co-residency Can use any kind of resource Can launch/terminate s at will s of a given client can collaborate Cannot control placement No info. sharing across distinct clients
29 Threat Model Objective: Extract secrets via co-residency Can use any kind of resource Can launch/terminate s at will s of a given client can collaborate Cannot control placement No info. sharing across distinct clients? Provider Don t know which other clients are malicious
30 Information Leakage (InfoLeak) Model Clients InfoLeak?
31 Information Leakage (InfoLeak) Model Clients InfoLeak? Replicated? (R or NR) -level view B1 B2 R
32 Information Leakage (InfoLeak) Model Clients InfoLeak? Replicated? (R or NR) -level view B1 B1 B2 B2 R NR
33 Information Leakage (InfoLeak) Model Clients InfoLeak? Replicated? (R or NR) Collaborating? (C or NC) -level view B1 B1 B2 B2 R NR C R1 R2
34 Information Leakage (InfoLeak) Model Clients InfoLeak? Replicated? (R or NR) Collaborating? (C or NC) -level view B1 B1 B2 B2 R NR C NC R1 R1 R2 R2
35 Information Leakage (InfoLeak) Model NR Replicated? R NC Collaborating? C <NR,NC> Least InfoLeak <NR,C> <R,NC> Most InfoLeak <R,C>
36 Our Work 1. Idea General side-channel defense via migration 2. Logic Characterize information leakage due to co-residency 3. Scalable Design Scalable migration strategy that can handle large cloud deployments 4. Practical Impact Practical OpenStack implementation with minimal modifications
37 System Overview Cloud Controller Move s { } Machine Machine Machine
38 System Overview Cloud Provider Deployment model (e.g., <NR,NC>) Opt-in? Clients Cloud Controller Move s { } Machine Machine Machine
39 Operational Timeline 1 epoch = D time units Time (epoch) Sliding Window of epochs Run placement algorithm every epoch
40 Operational Timeline 1 epoch = D time units Time (epoch) Sliding Window of epochs Run placement algorithm every epoch Side-channel Parameters: K: Information leakage rate (i.e., bits per time unit) P: secret length (i.e., bits)
41 Operational Timeline 1 epoch = D time units Time (epoch) Sliding Window of epochs Run placement algorithm every epoch Extracted secret (bits) if two s are co-resident for epochs Provider chooses D and to AT LEAST satisfy: D * * K < P
42 Placement Algorithm Deployment Model (e.g.,<nr,nc>) Recent Placements Client Workloads & Constraints Placement Algorithm Placement
43 Placement Algorithm Deployment Model (e.g.,<nr,nc>) Recent Placements Client Workloads & Constraints Placement Algorithm Goal (per epoch): Minimize a global sum of a clientpair InfoLeak across past epochs i.e.,! InfoLeak * * -([t, t]) *,*7 subject to a fixed migration budget Placement
44 Placement Algorithm Deployment Model (e.g.,<nr,nc>) Recent Placements Client Workloads & Constraints F(Deployment Model) Placement Algorithm Goal (per epoch): Minimize a global sum of a clientpair InfoLeak across past epochs i.e.,! InfoLeak * * -([t, t]) *,*7 subject to a fixed migration budget Placement
45 Placement Algorithm Deployment Model (e.g.,<nr,nc>) Recent Placements Client Workloads & Constraints F(Deployment Model) Placement Algorithm Placement Goal (per epoch): Minimize a global sum of a clientpair InfoLeak across past epochs i.e.,! InfoLeak * * -([t, t]) *,*7 subject to a fixed migration budget F(Network Capacity)
46 Challenge: Scalability Inputs Should handle tens of thousands of servers Placement Algorithm Placement
47 Challenge: Scalability Inputs Should handle tens of thousands of servers Placement Algorithm ILP (Integer Linear Programming) For 40 machines, D > 1 day Placement
48 Challenge: Scalability Inputs Should handle tens of thousands of servers Placement Algorithm ILP (Integer Linear Programming) For 40 machines, D > 1 day Placement
49 Challenge: Scalability Inputs Should handle tens of thousands of servers Placement Algorithm ILP (Integer Linear Programming) For 40 machines, D > 1 day Basic Greedy For 400 machines, D > 1 day Placement
50 Challenge: Scalability Inputs Should handle tens of thousands of servers Placement Algorithm ILP (Integer Linear Programming) For 40 machines, D > 1 day Basic Greedy For 400 machines, D > 1 day Placement
51 Challenge: Scalability Inputs Should handle tens of thousands of servers Placement Algorithm Placement ILP (Integer Linear Programming) For 40 machines, D > 1 day Basic Greedy For 400 machines, D > 1 day Basic Greedy with our optimizations
52 Why is Basic Greedy not scalable? Generate Moves Compute Benefit (total reduction in infoleak) Pairwise Swap: 1-2 -> 2-1 N-way Swap: No Pick Best Move Make Move totalnummove > Budget Yes Exit
53 Why is Basic Greedy not scalable? Generate Moves Compute Benefit (total reduction in infoleak) Free Insert: 1 -> M1 Bottleneck #1: Pairwise Swap: 1-2 -> 2-1 Large Search Space N-way Swap: No Pick Best Move Make Move totalnummove > Budget Yes Exit
54 Why is Basic Greedy not scalable? No Generate Moves Compute Benefit (total reduction in infoleak) Pick Best Move Free Insert: 1 -> M1 Bottleneck #1: Pairwise Swap: 1-2 -> 2-1 Large Search Space N-way Swap: Bottleneck #2: Computing InfoLeak across all clients Make Move totalnummove > Budget Yes Exit
55 Why is Basic Greedy not scalable? Bottleneck #3: No Generate Moves Compute Benefit (total reduction in infoleak) Re-generating Pick Best Move move table after each move Make Move Free Insert: 1 -> M1 Bottleneck #1: Pairwise Swap: 1-2 -> 2-1 Large Search Space N-way Swap: Bottleneck #2: Computing InfoLeak across all clients totalnummove > Budget Yes Exit
56 Our Approach Bottlenecks Large Search Space Our Approach Prune Search Space Computing InfoLeak across all clients Incremental Benefit Computation Re-generating move table after each move Intra-Epoch Lazy Evaluation
57 Our Approach Bottlenecks Large Search Space Our Approach Prune Search Space Computing InfoLeak across all clients Incremental Benefit Computation Re-generating move table after each move Intra-Epoch Lazy Evaluation
58 Prune #1: Pruning Move Space Sets of all moves Insert 1 -> M1... Pairwise Swap 1-2 -> 2-1 N-way Swap.
59 Prune #1: Pruning Move Space Sets of all moves Insert 1 -> M1... Pairwise Swap 1-2 -> 2-1 N-way Swap. Nomad sets of all moves Free Insert 1 -> M1 Pairwise Swap 1-2 -> 2-1
60 Prune #2: Hierarchical Decomposition Sets of all free inserts Clients Machines M1 C1.. C1000 M2... M50000
61 Prune #2: Hierarchical Decomposition Sets of all free inserts Clients Machines M1 C1.. C1000 M2... M50000
62 Prune #2: Hierarchical Decomposition Sets of all free inserts Nomad sets of all free inserts Clients Machines M1 C1. C1000 Cluster1. Cluster25 C1.. C1000 M2... M50000
63 Prune #2: Hierarchical Decomposition Sets of all free inserts Nomad sets of all free inserts Clients Machines M1 C1. C1000 Cluster1. Cluster25 C1.. C1000 M2... M50000 C1 M1 M2.. M2000 Cluster1...
64 Our Work 1. Idea General side-channel defense via migration 2. Logic Characterize information leakage due to co-residency 3. Scalable Design Scalable migration strategy that can handle large cloud deployments 4. Practical Impact Practical OpenStack implementation with minimal modifications
65 System Implementation OpenStack v. Icehouse Clients in Cluster 1 Cloud Controller Clients in Cluster N Cluster 1 Placement Algorithm Cluster N Placement Algorithm Placements for Cluster 1 Placements for Cluster 1
66 System Implementation (One Cluster) Cluster 1 Placement Algorithm General Placement Computation OpenStack-specific Migration Engine Custom C++ ~2000 LOC OpenStack Icehouse: ~200 LOC in Controller Scheduler code Placement
67 System Implementation (One Cluster) Cluster 1 Placement Algorithm General Placement Computation OpenStack-specific Migration Engine Custom C++ ~2000 LOC OpenStack Icehouse: ~200 LOC in Controller Scheduler code Placement Requires minimal modifications to existing deployments
68 Key Evaluation Questions Information leakage resilience Scalability Impact on cloud applications Benefit/Cost of each design idea Resilience to strategic adversary
69 Information Leakage resilience <R,C>: Problem size of 20-machines Metric: InfoLeak * * -([t, t]) Nomad brings ~4.5x reduction in InfoLeak for 98 th percentile compared to static w.r.t. ILP.
70 Scalability Nomad placement algorithm is scalable to large deployments
71 Impact on cloud applications Replicated web-server (Wikibench) Each client : 3 replicated web servers, 1 worker In one epoch, at least 1 server migrates Norm. Throughput (Norm. T) = T B/D T B T B/D x 100 Overhead (Norm. T) ~0% for 95 th Norm T % for 50 th (median) Norm. T. 1.8% for 5 th Norm. T
72 Discussion Fast side-channel attacks Need out-of-band defense e.g., introduce cache noise, refresh secret Network Impact With techniques like incremental diffs, the transfer size is much less than base image Incentives for adoption Security-conscious clients opt-in Providers have new revenue streams More opportunities Fairness across clients
73 Conclusions Co-residency side-channel attacks: real/growing threats Current World : No Migration 1. Per-attack fixes 2. Require significant upgrades Nomad: Migration-as-a-Service 1. General solution 2. Needs minimal changes Nomad achieves: Information leakage resilience close to the ILP Scalable placement algorithm Practical system atop OpenStack with minimal modifications
Nomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration
Nomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar Michael K. Reiter Co-residency side-channel attacks in clouds Stealing secrets (e.g., keys) VM VM
More informationOracle Solaris 11: No-Compromise Virtualization
Oracle Solaris 11: No-Compromise Virtualization Oracle Solaris 11 is a complete, integrated, and open platform engineered for large-scale enterprise environments. Its built-in virtualization provides a
More informationDATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure
DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure AlienVault USM Anywhere accelerates and centralizes threat detection, incident response,
More informationMark Sandstrom ThroughPuter, Inc.
Hardware Implemented Scheduler, Placer, Inter-Task Communications and IO System Functions for Many Processors Dynamically Shared among Multiple Applications Mark Sandstrom ThroughPuter, Inc mark@throughputercom
More informationCLOUD MANAGEMENT AND SECURITY
CLOUD MANAGEMENT AND SECURITY Imad M. Abbadi University of Oxford, UK Wiley Contents About the Author Preface Acknowledgments Acronyms xi xiii xix xxi 1 Introduction 1 1.1 Overview 1 1.2 Cloud Definition
More informationPreventing Cryptographic Key Leakage in Cloud Virtual Machines
UT DALLAS Erik Jonsson School of Engineering & Computer Science Preventing Cryptographic Key Leakage in Cloud Virtual Machines Erman Pattuk Murat Kantarcioglu Zhiqiang Lin Huseyin Ulusoy Move to Cloud
More informationVblock Infrastructure Packages: Accelerating Deployment of the Private Cloud
Vblock Infrastructure Packages: Accelerating Deployment of the Private Cloud Roberto Missana - Channel Product Sales Specialist Data Center, Cisco 1 IT is undergoing a transformation Enterprise IT solutions
More informationMove, manage, and run SAP applications in the cloud. SAP-Certified Infrastructure from IBM Cloud
Move, manage, and run SAP applications in the cloud SAP-Certified Infrastructure from IBM Cloud 02 SAP Applications in the IBM Cloud Introduction The pace of business is skyrocketing. Data ingestion rates
More informationThe Google File System
The Google File System Sanjay Ghemawat, Howard Gobioff and Shun Tak Leung Google* Shivesh Kumar Sharma fl4164@wayne.edu Fall 2015 004395771 Overview Google file system is a scalable distributed file system
More informationJoe Butler, Principal Engineer, Director Cloud Services Lab. Nov , OpenStack Summit Paris.
Telemetry the foundation of intelligent cloud orchestration. Joe Butler, Principal Engineer, Director Cloud Services Lab. Nov 3 2014, OpenStack Summit Paris. http://sched.co/1xj2lm9 Datacenter Trends and
More information5 Steps to Government IT Modernization
5 Steps to Government IT Modernization 1 WHY MODERNIZE? IT modernization is intimidating, but it s necessary. What are the advantages of modernization? Enhance citizen experience and service delivery Lower
More informationMIGRATING SAP WORKLOADS TO AWS CLOUD
MIGRATING SAP WORKLOADS TO AWS CLOUD Cloud is an increasingly credible and powerful infrastructure alternative for critical business applications. It s a great way to avoid capital expenses and maintenance
More informationSichere Applikations- dienste
Sichere Applikations- dienste Innovate, Expand, Deliver Manny Rivelo Für SaaS und traditionelle Service-Modelle EVP, Strategic Solutions Carsten Langerbein Field Systems Engineer c.langerbein@f5.com Es
More informationENTERPRISE-GRADE MANAGEMENT FOR OPENSTACK WITH RED HAT CLOUDFORMS
TECHNOLOGY DETAIL ENTERPRISE-GRADE MANAGEMENT FOR OPENSTACK WITH RED HAT CLOUDFORMS ABSTRACT Enterprises engaged in deploying, managing, and scaling out Red Hat Enterprise Linux OpenStack Platform have
More informationBuilding High Performance Apps using NoSQL. Swami Sivasubramanian General Manager, AWS NoSQL
Building High Performance Apps using NoSQL Swami Sivasubramanian General Manager, AWS NoSQL Building high performance apps There is a lot to building high performance apps Scalability Performance at high
More informationTo Filter or to Authorize: Network-Layer DoS Defense against Multimillion-node Botnets. Xiaowei Yang Duke Unversity
To Filter or to Authorize: Network-Layer DoS Defense against Multimillion-node Botnets Xiaowei Yang Duke Unversity Denial of Service (DoS) flooding attacks Send packet floods to a targeted victim Exhaust
More informationNaaS Network-as-a-Service in the Cloud
NaaS Network-as-a-Service in the Cloud joint work with Matteo Migliavacca, Peter Pietzuch, and Alexander L. Wolf costa@imperial.ac.uk Motivation Mismatch between app. abstractions & network How the programmers
More informationREFERENCE ARCHITECTURE Quantum StorNext and Cloudian HyperStore
REFERENCE ARCHITECTURE Quantum StorNext and Cloudian HyperStore CLOUDIAN + QUANTUM REFERENCE ARCHITECTURE 1 Table of Contents Introduction to Quantum StorNext 3 Introduction to Cloudian HyperStore 3 Audience
More informationCLOUD COMPUTING IT0530. G.JEYA BHARATHI Asst.Prof.(O.G) Department of IT SRM University
CLOUD COMPUTING IT0530 G.JEYA BHARATHI Asst.Prof.(O.G) Department of IT SRM University What is virtualization? Virtualization is way to run multiple operating systems and user applications on the same
More informationLocality Aware Fair Scheduling for Hammr
Locality Aware Fair Scheduling for Hammr Li Jin January 12, 2012 Abstract Hammr is a distributed execution engine for data parallel applications modeled after Dryad. In this report, we present a locality
More informationDistributed Filesystem
Distributed Filesystem 1 How do we get data to the workers? NAS Compute Nodes SAN 2 Distributing Code! Don t move data to workers move workers to the data! - Store data on the local disks of nodes in the
More informationEnabling Efficient and Scalable Zero-Trust Security
WHITE PAPER Enabling Efficient and Scalable Zero-Trust Security FOR CLOUD DATA CENTERS WITH AGILIO SMARTNICS THE NEED FOR ZERO-TRUST SECURITY The rapid evolution of cloud-based data centers to support
More informationCloud Performance Simulations
Peter Altevogt (IBM Systems Group Boeblingen) Cloud Performance Simulations 04.09.2015 2015 IBM Corporation Contents: Cloud Performance & Scalabilty Cloud Performance Simulations The IBM Performance Simulation
More informationIBM ProtecTIER and Netbackup OpenStorage (OST)
IBM ProtecTIER and Netbackup OpenStorage (OST) Samuel Krikler Program Director, ProtecTIER Development SS B11 1 The pressures on backup administrators are growing More new data coming Backup takes longer
More informationThe Google File System
The Google File System By Ghemawat, Gobioff and Leung Outline Overview Assumption Design of GFS System Interactions Master Operations Fault Tolerance Measurements Overview GFS: Scalable distributed file
More informationDell EMC Hyper-Converged Infrastructure
Dell EMC Hyper-Converged Infrastructure New normal for the modern data center Nikolaos.Nikolaou@dell.com Sr. Systems Engineer Greece, Cyprus & Malta GLOBAL SPONSORS Traditional infrastructure and processes
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. reserved. Insert Information Protection Policy Classification from Slide 8
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material,
More informationWe make hybrid cloud deliver the business outcomes you require
We make hybrid cloud deliver the business outcomes you require Leverage the optimum venues for your applications and workloads and accelerate your transformation as a digital business The business outcomes
More informationEucalyptus Overview The most widely deployed on-premise cloud computing platform
Eucalyptus Overview The most widely deployed on-premise cloud computing platform Vision Value Proposition Solution Highlights Ecosystem Background We bring the power of cloud to your business The world
More informationTales of the Tail Hardware, OS, and Application-level Sources of Tail Latency
Tales of the Tail Hardware, OS, and Application-level Sources of Tail Latency Jialin Li, Naveen Kr. Sharma, Dan R. K. Ports and Steven D. Gribble February 2, 2015 1 Introduction What is Tail Latency? What
More informationNext-Generation Cloud Platform
Next-Generation Cloud Platform Jangwoo Kim Jun 24, 2013 E-mail: jangwoo@postech.ac.kr High Performance Computing Lab Department of Computer Science & Engineering Pohang University of Science and Technology
More informationImperva SecureSphere Appliances
Imperva SecureSphere Appliances DATASHEET Scalable. Reliable. Flexible. Imperva SecureSphere appliances provide superior and resiliency for demanding data center environments. With fail open interfaces,
More informationSystem-centric Solutions to
System-centric Solutions to Micro-architectural and System-level Side Channels Yinqian Zhang, Ph.D. The Ohio State University Micro-architectural and System-level Side Channels Micro-architectural side
More informationDeveloping Microsoft Azure Solutions
Course 20532C: Developing Microsoft Azure Solutions Course details Course Outline Module 1: OVERVIEW OF THE MICROSOFT AZURE PLATFORM This module reviews the services available in the Azure platform and
More informationRepair Pipelining for Erasure-Coded Storage
Repair Pipelining for Erasure-Coded Storage Runhui Li, Xiaolu Li, Patrick P. C. Lee, Qun Huang The Chinese University of Hong Kong USENIX ATC 2017 1 Introduction Fault tolerance for distributed storage
More informationCloud Essentials for Architects using OpenStack
Cloud Essentials for Architects using OpenStack Course Overview Start Date 5th March 2015 Duration 2 Days Location Dublin Course Code SS15-13 Programme Overview Cloud Computing is gaining increasing attention
More informationMONITORING AND MANAGING NETWORK FLOWS IN VMWARE ENVIRONMENTS
WHITEPAPER MONITORING AND MANAGING NETWORK FLOWS IN VMWARE ENVIRONMENTS By Trevor Pott www.apcon.com onitoring and managing network flows is a critical part of a secure and efficient approach to IT. Unfortunately,
More informationMaximize the All-Flash Data Center with Brocade Gen 6 Fibre Channel
WHITE PAPER Maximize the All-Flash Data Center with Brocade Gen 6 Fibre Channel Introduction The flash and hybrid takeover of the data center storage market has quickly gained momentum. In fact, the adoption
More informationOPT: LIGHTWEIGHT SOURCE AUTHENTICATION & PATH VALIDATION
OPT: LIGHTWEIGHT SOURCE AUTHENTICATION & PATH VALIATION Tiffany Hyun- Jin Kim, 1 Cris(na Basescu, 2 Limin Jia, 1 Soo Bum Lee, 3 Yih- Chun Hu, 4 and Adrian Perrig 2 1 Carnegie Mellon University, 2 ETH Zurich,
More informationApache Hadoop 3. Balazs Gaspar Sales Engineer CEE & CIS Cloudera, Inc. All rights reserved.
Apache Hadoop 3 Balazs Gaspar Sales Engineer CEE & CIS balazs@cloudera.com 1 We believe data can make what is impossible today, possible tomorrow 2 We empower people to transform complex data into clear
More informationDATACENTER AS A SERVICE. We unburden you at the level you desire
DATACENTER AS A SERVICE We unburden you at the level you desire MARKET TREND BY VARIOUS ANALYSTS The concept of flexible and scalable computing is a key reason to create a Cloud based architecture 77%
More informationMarket Report. Scale-out 2.0: Simple, Scalable, Services- Oriented Storage. Scale-out Storage Meets the Enterprise. June 2010.
Market Report Scale-out 2.0: Simple, Scalable, Services- Oriented Storage Scale-out Storage Meets the Enterprise By Terri McClure June 2010 Market Report: Scale-out 2.0: Simple, Scalable, Services-Oriented
More informationReal-Time Cache Management for Multi-Core Virtualization
Real-Time Cache Management for Multi-Core Virtualization Hyoseung Kim 1,2 Raj Rajkumar 2 1 University of Riverside, California 2 Carnegie Mellon University Benefits of Multi-Core Processors Consolidation
More informationI Heard It through the Firewall: Exploiting Cloud Management Services as an Information Leakage Channel
I Heard It through the Firewall: Exploiting Cloud Management Services as an Information Leakage Channel Hyunwook Baek, Eric Eide, Robert Ricci, Jacobus Van der Merwe University of Utah 1 Motivation Information
More informationDell EMC Hyper-Converged Infrastructure
Dell EMC Hyper-Converged Infrastructure New normal for the modern data center GLOBAL SPONSORS Traditional infrastructure and processes are unsustainable Expensive tech refreshes, risky data migrations
More informationA Cloud Gateway - A Large Scale Company s First Line of Defense. Mikey Cohen Manager - Edge Gateway Netflix
A Cloud - A Large Scale Company s First Line of Defense Mikey Cohen Manager - Edge Netflix Today, more than 36% of North America s internet traffic is controlled by systems in the Amazon Cloud Global
More informationScalable Distributed Training with Parameter Hub: a whirlwind tour
Scalable Distributed Training with Parameter Hub: a whirlwind tour TVM Stack Optimization High-Level Differentiable IR Tensor Expression IR AutoTVM LLVM, CUDA, Metal VTA AutoVTA Edge FPGA Cloud FPGA ASIC
More informationTHE FUTURE IS HYBRID. Patrick Harr. Global Vice President, Cloud Strategy and Solutions Hewlett-Packard Company
THE FUTURE IS HYBRID Patrick Harr Global Vice President, Cloud Strategy and Solutions Hewlett-Packard Company 2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject
More informationAdobe Digital Marketing s IT Transformation with OpenStack
Adobe Digital Marketing s IT Transformation with OpenStack OPENSTACK CASE STUDY Contributors: Frans van Rooyen, Compute Platform Architect, Adobe Systems Timothy Gelter, Compute Platform Systems Engineer,
More informationDRIZZLE: FAST AND Adaptable STREAM PROCESSING AT SCALE
DRIZZLE: FAST AND Adaptable STREAM PROCESSING AT SCALE Shivaram Venkataraman, Aurojit Panda, Kay Ousterhout, Michael Armbrust, Ali Ghodsi, Michael Franklin, Benjamin Recht, Ion Stoica STREAMING WORKLOADS
More informationValidating the Security of the Borderless Infrastructure
SESSION ID: CDS-R01 Validating the Security of the Borderless Infrastructure David DeSanto Director, Product Management Spirent Communications, Inc. @david_desanto Agenda 2 The Adversary The Adversary
More informationExploring Cloud Security, Operational Visibility & Elastic Datacenters. Kiran Mohandas Consulting Engineer
Exploring Cloud Security, Operational Visibility & Elastic Datacenters Kiran Mohandas Consulting Engineer The Ideal Goal of Network Access Policies People (Developers, Net Ops, CISO, ) V I S I O N Provide
More informationStellar performance for a virtualized world
IBM Systems and Technology IBM System Storage Stellar performance for a virtualized world IBM storage systems leverage VMware technology 2 Stellar performance for a virtualized world Highlights Leverages
More informationWhen (and how) to move applications from VMware to Cisco Metacloud
White Paper When (and how) to move applications from VMware to Cisco Metacloud What You Will Learn This white paper will explain when to migrate various applications running in VMware virtual machines
More informationTROPIC: Transactional Resource Orchestration Platform In the Cloud
TROPIC: Transactional Resource Orchestration Platform In the Cloud Changbin Liu, Yun Mao*, Xu Chen*, Mary Fernandez*, Boon Thau Loo, Jacobus Van der Merwe* * netdb.cis.upenn.edu/dmf 1 Motivation Infrastructure
More informationNew Fresh Storage Approach for New IT Challenges Laurent Denel Philippe Nicolas OpenIO
New Fresh Storage Approach for New IT Challenges Laurent Denel Philippe Nicolas OpenIO Agenda Company profile and background Business and Users needs OpenIO approach Competition Conclusion Company profile
More informationCloud Connect. Gain highly secure, performance-optimized access to third-party public and private cloud providers
Cloud Connect Gain highly secure, performance-optimized access to third-party public and private cloud providers of the workload to run in the cloud by 2018 1 60 % Today s enterprise WAN environments demand
More informationNATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES
NATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES DOCUMENT DETAIL Security Classification Unclassified Authority National Information Technology Authority - Uganda
More information60 GHz Indoor Networking Through Flexible Beams: A Link-Level Profiling Sanjib Sur, Vignesh Venkateswaran, Xinyu Zhang, Parmesh Ramanathan
60 GHz Indoor Networking Through Flexible Beams: A Link-Level Profiling Sanjib Sur, Vignesh Venkateswaran, Xinyu Zhang, Parmesh Ramanathan University of Wisconsin - Madison http://xyzhang.ece.wisc.edu
More informationContainerization Dockers / Mesospere. Arno Keller HPE
Containerization Dockers / Mesospere Arno Keller HPE What is the Container technology Hypervisor vs. Containers (Huis vs artement) A container doesn't "boot" an OS instead it loads the application and
More informationSecure Mission-Centric Operations in Cloud Computing
Secure Mission-Centric Operations in Cloud Computing Massimiliano Albanese, Sushil Jajodia, Ravi Jhawar, Vincenzo Piuri George Mason University, USA Università degli Studi di Milano, Italy ARO Workshop
More informationDistributing OpenStack on top of a Key/Value store
Distributing OpenStack on top of a Key/Value store Jonathan Pastor (Inria, Ascola, Ecole des Mines de Nantes) PhD candidate, under the supervision of Adrien Lebre and Frédéric Desprez Journée Cloud 2015
More informationOn-Premises Cloud Platform. Bringing the public cloud, on-premises
On-Premises Cloud Platform Bringing the public cloud, on-premises How Cloudistics came to be 2 Cloudistics On-Premises Cloud Platform Complete Cloud Platform Simple Management Application Specific Flexibility
More informationMobile Edge Computing
Mobile Edge Computing 기술동향 Sung-Yeon Kim, Ph.D. Sung-Yeon.Kim@InterDigital.com 1 Outline Mobile Edge Computing Overview Mobile Edge Computing Architecture Mobile Edge Computing Application Mobile Edge
More informationSURVEY PAPER ON CLOUD COMPUTING
SURVEY PAPER ON CLOUD COMPUTING Kalpana Tiwari 1, Er. Sachin Chaudhary 2, Er. Kumar Shanu 3 1,2,3 Department of Computer Science and Engineering Bhagwant Institute of Technology, Muzaffarnagar, Uttar Pradesh
More informationNetwork Wide Policy Enforcement. Michael K. Reiter (joint work with V. Sekar, R. Krishnaswamy, A. Gupta)
Network Wide Policy Enforcement Michael K. Reiter (joint work with V. Sekar, R. Krishnaswamy, A. Gupta) 1 Enforcing Policy in Future Networks MF vision includes enforcement of rich policies in the network
More informationElevate the Conversation: Put IT Resilience into Practice for Cloud Service Providers
Elevate the Conversation: Put IT Resilience into Practice for Cloud Service Providers Don Wales, VP, Global Cloud Sales Mariah West, Director, Global Marketing Programs & Operations IT Resilience Protect
More informationSparrow. Distributed Low-Latency Spark Scheduling. Kay Ousterhout, Patrick Wendell, Matei Zaharia, Ion Stoica
Sparrow Distributed Low-Latency Spark Scheduling Kay Ousterhout, Patrick Wendell, Matei Zaharia, Ion Stoica Outline The Spark scheduling bottleneck Sparrow s fully distributed, fault-tolerant technique
More informationAn introductory look. cloud computing in education
An introductory look cloud computing in education An introductory look cloud computing in education Today, the question for education IT managers is not whether to adopt cloud computing, but when. With
More informationSystems Infrastructure for Data Science. Web Science Group Uni Freiburg WS 2014/15
Systems Infrastructure for Data Science Web Science Group Uni Freiburg WS 2014/15 Lecture X: Parallel Databases Topics Motivation and Goals Architectures Data placement Query processing Load balancing
More informationTCC, so your business continues
TCC, so your business continues 1 Whitepaper Executive summary The TCC (Tuxis Cloud Concept) is a smart way to build hosting infrastructures for your private cloud and virtual datacenter. It natively integrates
More informationModel-Driven Geo-Elasticity In Database Clouds
Model-Driven Geo-Elasticity In Database Clouds Tian Guo, Prashant Shenoy College of Information and Computer Sciences University of Massachusetts, Amherst This work is supported by NSF grant 1345300, 1229059
More informationSecuring Your Amazon Web Services Virtual Networks
Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,
More informationOverview. Application security - the never-ending story
RIVERBED STINGRAY APPLICATION FIREWALL Securing Cloud Applications with a Distributed Web Application Firewall Overview Responsibility over IT security is moving away from the network and IT infrastructure
More informationKubernetes made easy with Docker EE. Patrick van der Bleek Sr. Solutions Engineer NEMEA
Kubernetes made easy with Docker EE Patrick van der Bleek Sr. Solutions Engineer NEMEA Docker Enterprise Edition is More than Containers + Orchestration... DOCKER ENTERPRISE EDITION Kubernetes integration
More informationMinimizing the Risks of OpenStack Adoption
Minimizing the Risks of OpenStack Adoption White Paper Minimizing the Risks of OpenStack Adoption Introduction Over the last five years, OpenStack has become a solution of choice for enterprise private
More informationFlex Tenancy :48:27 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement
Flex Tenancy 2015-04-28 17:48:27 UTC 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Contents Flex Tenancy... 3 Flex Tenancy... 4 Understanding the Flex Tenancy
More informationDemystifying the Cloud With a Look at Hybrid Hosting and OpenStack
Demystifying the Cloud With a Look at Hybrid Hosting and OpenStack Robert Collazo Systems Engineer Rackspace Hosting The Rackspace Vision Agenda Truly a New Era of Computing 70 s 80 s Mainframe Era 90
More informationand public cloud infrastructure, including Amazon Web Services (AWS) and AWS GovCloud, Microsoft Azure and Azure Government Cloud.
DATA SHEET vthunder SOFTWARE FOR VIRTUAL & CLOUD INFRASTRUCTURE A10 vthunder software appliances enable organizations to SUPPORTED SOLUTIONS gain flexible, easy-to-deploy and high-performance secure application
More informationiocontrol Reference Architecture for VMware Horizon View 1 W W W. F U S I O N I O. C O M
1 W W W. F U S I O N I O. C O M iocontrol Reference Architecture for VMware Horizon View iocontrol Reference Architecture for VMware Horizon View Introduction Desktop management at any scale is a tedious
More informationDelivering High-Throughput SAN with Brocade Gen 6 Fibre Channel. Friedrich Hartmann SE Manager DACH & BeNeLux
Delivering High-Throughput SAN with Brocade Gen 6 Fibre Channel Friedrich Hartmann SE Manager DACH & BeNeLux 28.02.2018 Agenda Broadcom Acquisition Update Storage Trends Brocade Automation SAN Analytics
More informationCloudVision Macro-Segmentation Service
CloudVision Macro-Segmentation Service Inside Address network-based security as a pool of resources, stitch security to applications and transactions, scale on-demand, automate deployment and mitigation,
More informationA Universal Micro-Server Ecosystem Exceeding the Energy and Performance Scaling Boundaries
A Universal Micro-Server Ecosystem Exceeding the Energy and Performance Scaling Boundaries www.uniserver2020.eu UniServer facilitates the advent of IoT solutions through the adoption of a distributed infrastructure
More informationSafe Harbor Statement
Safe Harbor Statement The following is intended to outline the general direction of Pivotal's offerings. It is intended for information purposes only and may not be incorporated into any contract. Any
More informationMultiprocessors and Thread-Level Parallelism. Department of Electrical & Electronics Engineering, Amrita School of Engineering
Multiprocessors and Thread-Level Parallelism Multithreading Increasing performance by ILP has the great advantage that it is reasonable transparent to the programmer, ILP can be quite limited or hard to
More informationIBM Cloud for VMware Solutions
Introduction 2 IBM Cloud IBM Cloud for VMware Solutions Zeb Ahmed Senior Offering Manager VMware on IBM Cloud Mehran Hadipour Director Business Development - Zerto Internal Use Only Do not distribute 3
More informationAppEnsure s End User Centric APM Product Overview
AppEnsure s End User Centric APM Product Overview January 2017 2017 AppEnsure Inc. Overview AppEnsure provides application performance management (APM) for IT Operations to proactively provide the best
More informationHorizontal or vertical scalability? Horizontal scaling is challenging. Today. Scaling Out Key-Value Storage
Horizontal or vertical scalability? Scaling Out Key-Value Storage COS 418: Distributed Systems Lecture 8 Kyle Jamieson Vertical Scaling Horizontal Scaling [Selected content adapted from M. Freedman, B.
More informationLabel-based Defenses Against Side Channel Attacks in PaaS Cloud Infrastructure
Label-based Defenses Against Side Channel Attacks in PaaS Cloud Infrastructure Read Sprabery, Konstantin Evchenko, Abhilash Raj*, Shivana Wanjara*, Sibin Mohan, Rakesh Bobba*, Roy H. Campbell University
More informationScaling Out Key-Value Storage
Scaling Out Key-Value Storage COS 418: Distributed Systems Logan Stafman [Adapted from K. Jamieson, M. Freedman, B. Karp] Horizontal or vertical scalability? Vertical Scaling Horizontal Scaling 2 Horizontal
More informationDocument Sub Title. Yotpo. Technical Overview 07/18/ Yotpo
Document Sub Title Yotpo Technical Overview 07/18/2016 2015 Yotpo Contents Introduction... 3 Yotpo Architecture... 4 Yotpo Back Office (or B2B)... 4 Yotpo On-Site Presence... 4 Technologies... 5 Real-Time
More informationLecture 7: Data Center Networks
Lecture 7: Data Center Networks CSE 222A: Computer Communication Networks Alex C. Snoeren Thanks: Nick Feamster Lecture 7 Overview Project discussion Data Centers overview Fat Tree paper discussion CSE
More informationSelf Checking Network Protocols: A Monitor Based Approach
Self Checking Network Protocols: A Monitor Based Approach Gunjan Khanna, Padma Varadharajan, Saurabh Bagchi Dependable Computing Systems Lab School of Electrical and Computer Engineering Purdue University
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationThe Google File System
The Google File System Sanjay Ghemawat, Howard Gobioff, and Shun-Tak Leung Google* 정학수, 최주영 1 Outline Introduction Design Overview System Interactions Master Operation Fault Tolerance and Diagnosis Conclusions
More informationCorrelation based File Prefetching Approach for Hadoop
IEEE 2nd International Conference on Cloud Computing Technology and Science Correlation based File Prefetching Approach for Hadoop Bo Dong 1, Xiao Zhong 2, Qinghua Zheng 1, Lirong Jian 2, Jian Liu 1, Jie
More informationA Study on Load Balancing in Cloud Computing * Parveen Kumar,* Er.Mandeep Kaur Guru kashi University, Talwandi Sabo
A Study on Load Balancing in Cloud Computing * Parveen Kumar,* Er.Mandeep Kaur Guru kashi University, Talwandi Sabo Abstract: Load Balancing is a computer networking method to distribute workload across
More informationMiddleware and Distributed Systems. System Models. Dr. Martin v. Löwis
Middleware and Distributed Systems System Models Dr. Martin v. Löwis System Models (Coulouris et al.) Architectural models of distributed systems placement of parts and relationships between them e.g.
More informationEssential Features of an Integration Solution
Essential Features of an Integration Solution September 2017 WHITE PAPER Essential Features of an Integration Solution When an enterprise uses multiple applications, it needs to connect them for a variety
More informationpowered by Cloudian and Veritas
Lenovo Storage DX8200C powered by Cloudian and Veritas On-site data protection for Amazon S3-compliant cloud storage. assistance from Lenovo s world-class support organization, which is rated #1 for overall
More information