Scotch: Combining Software Guard Extensions and System Management Mode to Monitor Cloud Resource Usage

Similar documents
Scotch: Combining Software Guard Extensions and System Management Mode to Monitor Cloud Resource Usage

A Comparison Study of Intel SGX and AMD Memory Encryption Technology

STM/PE & XHIM. Eugene D. Myers Trust Mechanisms Information Assurance Research NSA/CSS Research Directorate May 24, 2018

Introduction to SGX (Software Guard Extensions) and SGX Virtualization. Kai Huang, Jun Nakajima (Speaker) July 12, 2017

CS-580K/480K Advanced Topics in Cloud Computing. VM Virtualization II

SoK: A Study of Using Hardwareassisted. Environments for Security. Fengwei Zhang and Hongwei Zhang. Wayne State University Detroit, Michigan, USA

OS Security IV: Virtualization and Trusted Computing

Securing Cloud Computing

Secure Containers with EPT Isolation

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?

MultiLanes: Providing Virtualized Storage for OS-level Virtualization on Many Cores

Virtually Impossible

SGX memory oversubscription

Tailoring TrustZone as SMM Equivalent

Operating System Security

Back To The Future: A Radical Insecure Design of KVM on ARM

ReVirt: Enabling Intrusion Analysis through Virtual Machine Logging and Replay

CIS 4360 Secure Computer Systems SGX

Nested Virtualization and Server Consolidation

Virtualization. Pradipta De

CSC 5930/9010 Cloud S & P: Virtualization

VT-d Posted Interrupts. Feng Wu, Jun Nakajima <Speaker> Intel Corporation

Virtual Machines Disco and Xen (Lecture 10, cs262a) Ion Stoica & Ali Ghodsi UC Berkeley February 26, 2018

An Introduction to Platform Security

CSE543 - Computer and Network Security Module: Virtualization

Chapter 5 C. Virtual machines

Who Watches the Watcher? Detecting Hypervisor Introspection from Unprivileged Guests

Knut Omang Ifi/Oracle 20 Oct, Introduction to virtualization (Virtual machines) Aspects of network virtualization:

HP Sure Start Gen3. Table of contents. Available on HP Elite products equipped with 7th generation Intel Core TM processors September 2017

Intel Software Guard Extensions

Cloud Computing Virtualization

Virtual Machine Monitors!

The Architecture of Virtual Machines Lecture for the Embedded Systems Course CSD, University of Crete (April 29, 2014)

Enhance your Cloud Security with AMD EPYC Hardware Memory Encryption

Distributed Systems COMP 212. Lecture 18 Othon Michail

Varys. Protecting SGX Enclaves From Practical Side-Channel Attacks. Oleksii Oleksenko, Bohdan Trach. Mark Silberstein

The Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36

Research and Design of Crypto Card Virtualization Framework Lei SUN, Ze-wu WANG and Rui-chen SUN

CSE 120 Principles of Operating Systems

Virtual Machine Security

CS 350 Winter 2011 Current Topics: Virtual Machines + Solid State Drives

VIRTUALIZATION technologies have become the de facto

Advanced Operating Systems (CS 202) Virtualization

Project CIP Modifications

Virtualization. Michael Tsai 2018/4/16

CS 550 Operating Systems Spring Introduction to Virtual Machines

Cauldron: A Framework to Defend Against Cache-based Side-channel Attacks in Clouds

From bottom to top: Exploiting hardware side channels in web browsers

CSE543 - Computer and Network Security Module: Virtualization

Problem System administration tasks on a VM from the outside, e.g., issue administrative commands such as hostname and rmmod. One step ahead tradition

Micro VMMs and Nested Virtualization

SGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut

Virtual Machines. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University

Operating system hardening

Virtualisation on Mobile Devices {Hugo Marques, Nuno Conceição, Luis Pereira}

Intel s s Security Vision for Xen

Implications of Cache Asymmetry on Server Consolidation Performance

Meltdown and Spectre - understanding and mitigating the threats

Hypervisor security. Evgeny Yakovlev, DEFCON NN, 2017

Scalable Architectural Support for Trusted Software

Locking Down the Processor via the Rowhammer Attack

Deconstructing Xen. Lei Shi, Yuming Wu, Yubin Xia, Nathan Dautenhahn, Haibo Chen, Binyu Zang, Haibing Guan, Jinming Li

Monitoring Hypervisor Integrity at Runtime. Student: Cuong Pham PIs: Prof. Zbigniew Kalbarczyk, Prof. Ravi K. Iyer ACC Meeting, Oct 2015

T-SGX: Eradicating Controlled-Channel

COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy

Copyright

Mitigating Exploits, Rootkits and Advanced Persistent Threats

Intel VMX technology

CSE543 - Computer and Network Security Module: Virtualization


Meltdown and Spectre - understanding and mitigating the threats (Part Deux)

SentinelOne Technical Brief

Increasing Cloud Power Efficiency through Consolidation Techniques

Computer Architecture Background

Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand

CSE Computer Security

ViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project

DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S. TANENBAUM MAARTEN VAN STEEN. Chapter 3 Processes

Intel SGX Virtualization

Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races. CS 563 Young Li 10/31/18

SCONE: Secure Linux Container Environments with Intel SGX

MANAGEMENT OF TASKS IN VIRTUALIZED ENVIRONMENTS

COMS: Customer Oriented Migration Service

Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms

CS 356 Operating System Security. Fall 2013

SGXBounds Memory Safety for Shielded Execution

Fakultät Informatik Institut für Systemarchitektur, Betriebssysteme THE NOVA KERNEL API. Julian Stecklina

CLOUD COMPUTING IT0530. G.JEYA BHARATHI Asst.Prof.(O.G) Department of IT SRM University

Detection and Mitigation of Performance Attacks in Multi-Tenant Cloud Computing

CS Project Report

Distributed File Systems Issues. NFS (Network File System) AFS: Namespace. The Andrew File System (AFS) Operating Systems 11/19/2012 CSC 256/456 1

Operating Systems 4/27/2015

Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles

Security versus Energy Tradeoffs in Host-Based Mobile Malware Detection

Xen and the Art of Virtualization. Nikola Gvozdiev Georgian Mihaila

Article Summary of: Understanding Cloud Computing Vulnerabilities. Michael R. Eldridge

BUILDING SECURE (CLOUD) APPLICATIONS USING INTEL S SGX

Automated Control for Elastic Storage Harold Lim, Shivnath Babu, Jeff Chase Duke University

BUILDING A PRIVATE CLOUD. By Mark Black Jay Muelhoefer Parviz Peiravi Marco Righini

Performance Evaluation of Virtualization Technologies

Transcription:

Scotch: Combining Software Guard Extensions and System Management Mode to Monitor Cloud Resource Usage Kevin Leach 1, Fengwei Zhang 2, and Westley Weimer 1 1 University of Michigan, 2 Wayne State University Leach, Zhang, & Weimer 1 / 19

Summary We use Intel Software Guard Extensions (SGX) and System Management Mode (SMM) to accurately monitor resource consumption of virtual machines (VMs) in the presence of a compromised VM or hypervisor Leach, Zhang, & Weimer 2 / 19

Motivation Multi-tenant cloud computing increases utilization Client agrees to pay Cloud provider for a particular service level e.g., $1 per hour of CPU time Leach, Zhang, & Weimer 3 / 19

Motivation Multi-tenant cloud computing increases utilization Client agrees to pay Cloud provider for a particular service level e.g., $1 per hour of CPU time Cloud provider depends on hypervisor/virtual machine monitor (VMM) platform to distribute resources Xen, QEMU, etc. Cloud VMM VM 1 VM 2 VM 3 Leach, Zhang, & Weimer 3 / 19

Motivation Multi-tenant cloud computing increases utilization Client agrees to pay Cloud provider for a particular service level e.g., $1 per hour of CPU time Cloud provider depends on hypervisor/virtual machine monitor (VMM) platform to distribute resources Xen, QEMU, etc. 1 Cloud VMM 1 3 CPU 3 CPU 3 CPU VM 1 VM 2 VM 3 If all 3 VMs peg the CPU, the VMM must decide how to allocate CPU time based on each client s service level. Leach, Zhang, & Weimer 3 / 19 1

Motivation Cloud provider depends on VMM platform to distribute resources Leach, Zhang, & Weimer 4 / 19

Motivation Cloud provider depends on VMM platform to distribute resources Two issues Leach, Zhang, & Weimer 4 / 19

Motivation Cloud provider depends on VMM platform to distribute resources Two issues 1. What if the VMM/cloud provider is malicious? Manipulate resource consumption to bill customers more Leach, Zhang, & Weimer 4 / 19

Motivation Cloud provider depends on VMM platform to distribute resources Two issues 1. What if the VMM/cloud provider is malicious? Manipulate resource consumption to bill customers more 2. What if the VMM is vulnerable to malicious VMs? Malicious VM manipulates resource consumption to steal resources from benign customers Leach, Zhang, & Weimer 4 / 19

Resource Accounting Attacks Benign Behavior VMM decides to bill a guest: 1 2 1 2 1 2 1 1 2 1 2 1 2 1... 0ms 30ms 60ms 90ms 120ms 150ms 180ms CPU time The Xen hypervisor regularly checks which VM is active to determine how much CPU time each VM uses Leach, Zhang, & Weimer 5 / 19

Resource Accounting Attacks Malicious Behavior VMM decides to bill a guest: 1 1 1 1 1 2 1 2 1 2 1... 0ms 30ms 60ms 90ms 120ms 150ms 180ms CPU time A malicious VM (2) with knowledge of the VMM can affect the appearance of resource consumption by itself and benign VMs. Leach, Zhang, & Weimer 6 / 19

Resource Interference Attacks Attacker can take advantage of known victim behavior Malicious VM Flood HTTP server Victim VM (webserver) Free CPU cycles Thrash from I/O Malicious VM can cause benign VM to free up resources for itself Leach, Zhang, & Weimer 7 / 19

VM Escape Attack Malicious VM can exploit buggy VMM implementation, allowing code execution with VMM privilege Could potentially alter resource consumption to hide itself Leach, Zhang, & Weimer 8 / 19

Scotch: Transparent Cloud Resource Accounting Two desired properties 1. Transparent The underlying VMM and VMs are not aware accounting occurs 2. Tamper-resistant A malicious VMM or VM guest cannot reliably alter accounting data Leach, Zhang, & Weimer 9 / 19

Insights for Scotch System Management Mode High priority System Management Interrupt causes CPU to atomically execute SMM handler code Leach, Zhang, & Weimer 10 / 19

Insights for Scotch System Management Mode High priority System Management Interrupt causes CPU to atomically execute SMM handler code Use SMM to collect raw resource consumption data Leach, Zhang, & Weimer 10 / 19

Insights for Scotch System Management Mode High priority System Management Interrupt causes CPU to atomically execute SMM handler code Use SMM to collect raw resource consumption data SMM logically collects data, then relays it to SGX enclave Leach, Zhang, & Weimer 10 / 19

Insights for Scotch Software Guard Extensions Enclave-based trusted execution environment (TEE); userspace code runs in isolation Leach, Zhang, & Weimer 11 / 19

Insights for Scotch Software Guard Extensions Enclave-based trusted execution environment (TEE); userspace code runs in isolation Use SGX enclave so that benign user can monitor and verify their resource consumption Leach, Zhang, & Weimer 11 / 19

Insights for Scotch Software Guard Extensions Enclave-based trusted execution environment (TEE); userspace code runs in isolation Use SGX enclave so that benign user can monitor and verify their resource consumption Raw data collected by SMM is relayed to SGX enclave Leach, Zhang, & Weimer 11 / 19

Scotch: Transparent Cloud Resource Accounting Protected System 2 1 VMM (e.g., Xen) VM1 VM2 VM3 4 SGX Enclave SGX Enclave VM1 data VM2 data VM3 data True timer 3 SMI Handler Data 5 1. VMM decides to switch between VM guests Leach, Zhang, & Weimer 12 / 19

Scotch: Transparent Cloud Resource Accounting Protected System 2 1 VMM (e.g., Xen) VM1 VM2 VM3 4 SGX Enclave SGX Enclave VM1 data VM2 data VM3 data True timer 3 SMI Handler Data 5 2. Scotch measures resource consumption by invoking SMM every context switch Leach, Zhang, & Weimer 12 / 19

Scotch: Transparent Cloud Resource Accounting Protected System 2 1 VMM (e.g., Xen) VM1 VM2 VM3 4 SGX Enclave SGX Enclave VM1 data VM2 data VM3 data True timer 3 SMI Handler Data 5 3. SMM handler executes resource accounting in isolation Leach, Zhang, & Weimer 12 / 19

Scotch: Transparent Cloud Resource Accounting Protected System 2 1 VMM (e.g., Xen) VM1 VM2 VM3 4 SGX Enclave SGX Enclave VM1 data VM2 data VM3 data True timer 3 SMI Handler Data 5 4. Data is marshalled to SGX enclave within VM Leach, Zhang, & Weimer 12 / 19

Scotch: Transparent Cloud Resource Accounting Protected System 2 1 VMM (e.g., Xen) VM1 VM2 VM3 4 SGX Enclave SGX Enclave VM1 data VM2 data VM3 data True timer 3 SMI Handler Data 5 5. Benign VM can monitor resource accounting data with high integrity Leach, Zhang, & Weimer 12 / 19

Evaluation Research Questions RQ1: Can we maintain accurate accounting during scheduler attacks? RQ2: What is our overhead on benign workloads? RQ3: Can we maintain accurate accounting during resource interference attacks? RQ4: Can we maintain accurate accounting during VM escape attacks? Leach, Zhang, & Weimer 13 / 19

RQ1: Scheduler Attacks Implement controllable scheduler Simulate attacker by altering the CPU time allocation by a varying degree Leach, Zhang, & Weimer 14 / 19

RQ1: Scheduler Attacks Implement controllable scheduler Simulate attacker by altering the CPU time allocation by a varying degree Run two VMs, one simulated attacker and one benign Both are computing indicative workloads: pi, gzip, and the PARSEC benchmarks Leach, Zhang, & Weimer 14 / 19

RQ1: Scheduler Attacks Implement controllable scheduler Simulate attacker by altering the CPU time allocation by a varying degree Run two VMs, one simulated attacker and one benign Both are computing indicative workloads: pi, gzip, and the PARSEC benchmarks Compare observed CPU time consumption presented by Xen vs. Scotch Leach, Zhang, & Weimer 14 / 19

RQ1: Scheduler Attacks Implement controllable scheduler Simulate attacker by altering the CPU time allocation by a varying degree Run two VMs, one simulated attacker and one benign Both are computing indicative workloads: pi, gzip, and the PARSEC benchmarks Compare observed CPU time consumption presented by Xen vs. Scotch TL;DR Scotch shows significant difference in allocated CPU time Leach, Zhang, & Weimer 14 / 19

RQ1: Scheduler Attacks Table : Ratio of attacker VM CPU time to guest VM CPU time. Scheduler attack severity level Benign 1 3 5 7 9 10 Scotch 1.00 1.04 1.10 1.17 1.26 1.36 1.41 ground truth 0.99 1.05 1.12 1.17 1.25 1.35 1.39 Leach, Zhang, & Weimer 15 / 19

RQ1: Scheduler Attacks Table : Ratio of attacker VM CPU time to guest VM CPU time. Scheduler attack severity level Benign 1 3 5 7 9 10 Scotch 1.00 1.04 1.10 1.17 1.26 1.36 1.41 ground truth 0.99 1.05 1.12 1.17 1.25 1.35 1.39 The attacker receives disproportionate CPU time. Ground truth obtained with Xentrace. Leach, Zhang, & Weimer 15 / 19

RQ2: Overhead Invoking SMIs to run accounting code can be costly Leach, Zhang, & Weimer 16 / 19

RQ2: Overhead Invoking SMIs to run accounting code can be costly Accounting code takes 2248 ± 69 cycles to execute Roughly 1µs incurred every context switch Leach, Zhang, & Weimer 16 / 19

RQ2: Overhead Invoking SMIs to run accounting code can be costly Accounting code takes 2248 ± 69 cycles to execute Roughly 1µs incurred every context switch Xen takes roughly 20,000 cycles (7.1µs) per context switch Leach, Zhang, & Weimer 16 / 19

RQ2: Overhead Invoking SMIs to run accounting code can be costly Accounting code takes 2248 ± 69 cycles to execute Roughly 1µs incurred every context switch Xen takes roughly 20,000 cycles (7.1µs) per context switch Scotch adds 14% overhead per context switch Leach, Zhang, & Weimer 16 / 19

RQ2: Overhead Invoking SMIs to run accounting code can be costly Accounting code takes 2248 ± 69 cycles to execute Roughly 1µs incurred every context switch Xen takes roughly 20,000 cycles (7.1µs) per context switch Scotch adds 14% overhead per context switch.0033% system overhead on CPU-bound workloads Leach, Zhang, & Weimer 16 / 19

RQ3: Resource Interference Attacks By construction, Scotch provides accurate accounting information Leach, Zhang, & Weimer 17 / 19

RQ3: Resource Interference Attacks By construction, Scotch provides accurate accounting information Scotch does not automatically detect Resource Interference Attacks Leach, Zhang, & Weimer 17 / 19

RQ3: Resource Interference Attacks By construction, Scotch provides accurate accounting information Scotch does not automatically detect Resource Interference Attacks However, SGX allows userspace access to reliable accounting information Client can monitor their resource usage and perform their own analysis for their case Leach, Zhang, & Weimer 17 / 19

RQ4: VM Escape Attacks Accounting code stored in isolated SMRAM and SGX enclave Leach, Zhang, & Weimer 18 / 19

RQ4: VM Escape Attacks Accounting code stored in isolated SMRAM and SGX enclave Even if attacker roots hypervisor, they cannot change the accounting code Leach, Zhang, & Weimer 18 / 19

RQ4: VM Escape Attacks Accounting code stored in isolated SMRAM and SGX enclave Even if attacker roots hypervisor, they cannot change the accounting code BIOS locks SMRAM, so no opportunity for attacker to infiltrate SMM if BIOS is trusted Leach, Zhang, & Weimer 18 / 19

Conclusion Scotch is an SMM- and SGX-based framework for accurately accounting resource consumption in cloud infrastructure Leach, Zhang, & Weimer 19 / 19

Conclusion Scotch is an SMM- and SGX-based framework for accurately accounting resource consumption in cloud infrastructure Scotch accounts for resource usage every context switch, introducing minimal overhead on indicative workloads Leach, Zhang, & Weimer 19 / 19

Conclusion Scotch is an SMM- and SGX-based framework for accurately accounting resource consumption in cloud infrastructure Scotch accounts for resource usage every context switch, introducing minimal overhead on indicative workloads Scotch accurately accounts for CPU time consumption in the presence of scheduler attack Porting drivers to SMM would readily admit incorporating accounting for additional types of resources, such as network usage Leach, Zhang, & Weimer 19 / 19

Conclusion Scotch is an SMM- and SGX-based framework for accurately accounting resource consumption in cloud infrastructure Scotch accounts for resource usage every context switch, introducing minimal overhead on indicative workloads Scotch accurately accounts for CPU time consumption in the presence of scheduler attack Porting drivers to SMM would readily admit incorporating accounting for additional types of resources, such as network usage By construction, Scotch protects the hypervisor from VM escape and other control hijacking attacks Leach, Zhang, & Weimer 19 / 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback