Abstract
Traditionally, scheduling policies used in event schedulers have been designed to optimize performance based metrics such as throughput and delay while maintaining some notion of fairness. In multi-tenancy cloud environments, it is important to ensure privacy of the users because a scheduler creates a timing based side channel through which malicious users can learn about the service usage pattern of the others. In this chapter, we demonstrate the existence of a timing side channel in shared schedulers and discuss the design of secure scheduling policies. When a processor is shared by multiple users, the delays experienced by jobs from one user are a function of the arrival pattern of jobs from other users, and the scheduling policy of the server. Consequently, a scheduling system creates a timing side channel in which information about arrival pattern from one user is inadvertently leaked to another. In this work, this information leakage is studied for a two user scheduling system. We first introduce a measure of privacy and then demonstrate that no scheduler can provide maximum privacy without idling/taking vacations, and consequently no policy can simultaneously be delay and privacy optimal.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Agat, J.: Transforming out timing leaks. In: Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL’00, Boston, pp. 40–53. ACM, New York (2000). doi:10.1145/325694.325702
Anantharam, V., Verdu, S.: Bits through queues. IEEE Trans. Inf. Theory 42(1), 4–18 (2006). doi:10.1109/18.481773
Askarov, A., Zhang, D., Myers, A.C.: Predictive black-box mitigation of timing channels. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS’10, Chicago, pp. 297–307. ACM, New York (2010). doi:10.1145/1866307.1866341
Asmussen, S.: Applied Probability and Queues. Wiley, Hoboken (1989). doi:10.1002/asm.3150050208
Bertsekas, D.P., Gallager, R.G.: Data Networks. Prentice-Hall, Englewood Cliffs (1987)
Bissias, G.D., Liberatore, M., Jensen, D., Levine, B.N.: Privacy vulnerabilities in encrypted HTTP streams. In: Proceedings of the 5th International Conference on Privacy Enhancing Technologies, PET’05, Cavtat, pp. 1–11. Springer, Berlin/Heidelberg (2006). doi:10.1007/ 11767831_1
Bortz, A.,Boneh, D.: Exposing private information by timing web applications. In: Proceedings of the 16th International Conference on World Wide Web, WWW’07, Banff, pp. 621–628. ACM, New York (2007). doi:10.1145/1242572.1242656
Brumley, D., Boneh, D.: Remote timing attacks are practical. In: Proceedings of the 12th Conference on USENIX Security Symposium, SSYM’03, Washington, DC, pp. 1–1. USENIX Association, Berkeley (2003)
Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: Proceedings of the 16th European Conference on Research in Computer Security, ESORICS’11, Leuven, pp. 355–371. Springer, Berlin/Heidelberg (2011)
Cabuk, S., Brodley, C.E., Shields, C.: IP covert timing channels: design and detection. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS’04, Washington, DC, pp. 178–187. ACM, New York (2004). doi:10.1145/1030083.1030108
Chaum, D.: Blind signatures for untraceable payments. In: Proceedings of the 1982 CRYPTO: Advances in Cryptology, CRYPTO’82, Santa Barbara, vol. 82, pp. 199–203. Plenum, New York (1983)
Crosby, S.A., Wallach, D.S., Riedi, R.H.: Opportunities and limits of remote timing attacks. ACM Trans. Inf. Syst. Secur. 12(3), 17:1–17:29 (2009). doi:10.1145/1455526.1455530
Csiszár, I., Korner, J.: Broadcast channels with confidential messages. IEEE Trans. Inf. Theory 24, 339–348 (1978)
Evans, N.S., Dingledine, R., Grothoff, C.: A practical congestion attack on tor using long paths. In: Proceedings of the 18th Conference on USENIX Security Symposium, SSYM’09, Montreal, pp. 33–50. USENIX Association, Berkeley (2009)
Felten, E.W., Schneider, M.A.: Timing attacks on web privacy. In: Proceedings of the 7th ACM Conference on Computer and Communications Security, CCS’00, Athens, pp. 25–32. ACM, New York (2000). doi:10.1145/352600.352606
Froscher, J., Payne, C.: The Handbook for the Computer Security Certification of Trusted Systems. Naval Research Laboratory, Washington, DC (1992)
Ghaderi, J., Srikant, R.: Towards a theory of anonymous networking. In: Proceedings of the 29th Conference on Information Communications, INFOCOM’10, San Diego, pp. 686–694. IEEE, Piscataway (2010)
Giles, J., Hajek, B.: An information-theoretic and game-theoretic study of timing channels. IEEE Trans. Inf. Theory 48(9), 2455–2477 (2002). doi:10.1109/TIT.2002.801405
Gong, X., Borisov, N., Kiyavash, N., Schear, N.: Website detection using remote traffic analysis. In: Proceedings of the 12th International Conference on Privacy Enhancing Technologies, PETS’12, Vigo, pp. 58–78. Springer, Berlin/Heidelberg (2012). doi:10.1007/ 978-3-642-31680-7_4
Hu, W.M.: Reducing timing channels with fuzzy time. In: Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, pp. 8–20 (1991). doi:10.1109/RISP.1991.130768
Hu, W.M.: Lattice scheduling and covert channels. In: Proceedings of the 1992 IEEE Symposium on Security and Privacy, SP’92, Oakland, pp. 52–61. IEEE Computer Society, Washington, DC (1992)
Kadloor, S., Kiyavash, N., Venkitasubramaniam, P.: Mitigating timing based information leakage in shared schedulers. In: Proceedings of the 2012 IEEE INFOCOM, INFOCOM’12, Orlando, pp. 1044–1052 (2012). doi:10.1109/INFCOM.2012.6195460
Kemmerer, R.A.: A practical approach to identifying storage and timing channels: twenty years later. In: Proceedings of the 18th Annual Computer Security Applications Conference, ACSAC’02, Los Alamitos, p. 109. IEEE Computer Society, Washington, DC (2002). doi:10.1109/CSAC.2002.1176284
Kocher, P.C.: Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In: Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO’96, Santa Barbara, pp. 104–113. Springer, London (1996)
Lam, S.: Delay analysis of a time division multiple access (TDMA) channel. IEEE Trans. Commun. 25(12), 1489–1494 (1977). doi:10.1109/TCOM.1977.1093784
Lampson, B.W.: A note on the confinement problem. Commun. ACM 16(10), 613–615 (1973). doi:10.1145/362375.362389
Liberatore, M., Levine, B.N.: Inferring the source of encrypted HTTP connections. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS’06, Alexandria, pp. 255–263. ACM, New York (2006). doi:10.1145/1180405.1180437
Liu, Y., Ghosal, D., Armknecht, F., Sadeghi, A.R., Schulz, S., Katzenbeisser, S.: Hide and seek in time: robust covert timing channels. In: Proceedings of the 14th European Conference on Research in Computer Security, ESORICS’09, Saint-Malo, pp. 120–135. Springer, Berlin/Heidelberg (2009)
McFadden, J.A.: The entropy of a point process. SIAM J. Appl. Math. 13(4), 988–994 (1965). doi:10.1137/0113066
Millen, J.K.: Covert channel capacity. In: Proceedings of the 1987 IEEE Symposium on Security and Privacy, SP’87, Oakland, pp. 60–66 (1987)
Moskowitz, I.S., Miller, A.R.: The channel capacity of a certain noisy timing channel. IEEE Trans. Inf. Theory 38(4), 1339–1344 (1992). doi:10.1109/18.144712
Murdoch, S.J., Danezis, G.: Low-cost traffic analysis of tor. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, SP’05, Oakland, pp. 183–195. IEEE Computer Society, Washington, DC (2005). doi:10.1109/SP.2005.12
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Proceedings of the 2006 The Cryptographers’ Track at the RSA Conference on Topics in Cryptology, CT-RSA’06, San Jose, pp. 1–20. Springer, Berlin/Heidelberg (2006). doi:10.1007/11605805_1
Padlipsky, M.A., Snow, D.W., Karger, P.A.: dtic.mil,ESD-TR-78-158: limitations of end-to-end encryption in secure computer networks. http://goo.gl/ujLfa (1978)
Page, D.: Theoretical use of cache memory as a cryptanalytic side-channel. Techincal Report CSTR-02-003, Department of Computer Science, University of Bristol (2002)
Percival, C.: Cache missing for fun and profit. In: Proceedings of the 2005 BSDCan, BSDCan’05, Ottawa (2005)
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS’09, Chicago, pp. 199–212. ACM, New York (2009). doi:10.1145/1653662.1653687
Rom, R., Sidi, M.: Multiple Access Protocols: Performance and Analysis. Springer, New York (1990)
Saponas, T.S., Lester, J., Hartung, C., Agarwal, S., Kohno, T.: Devices that tell on you: privacy trends in consumer ubiquitous computing. In: Proceedings of the 16th USENIX Security Symposium, SS’07, Boston, pp. 5:1–5:16 (2007)
Schinzel, S.: An efficient mitigation method for timing side channels on the web. In: Proceedings of the 2nd International Workshop on Constructive Side-Channel Analysis and Secure Design (2011)
Shah, G., Molina, A., Blaze, M.: Keyboards and covert channels. In: Proceedings of the 15th USENIX Security Symposium, USENIX-SS’06, Vancouver. USENIX Association, Berkeley (2006)
Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and timing attacks on SSH. In: Proceedings of the 10th Conference on USENIX Security Symposium, SSYM’01, Washington, DC, pp. 25–25. USENIX Association, Berkeley (2001)
Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M.: Cryptanalysis of DES implemented on computers with cache. In: Proceedings of the 2003 Cryptographic Hardware and Embedded Systems Workshop, CHES’03, Cologne, pp. 62–76. Springer, Berlin/Heidelberg (2003)
Venkitasubramaniam, P., Anantharam, V.: On the anonymity of chaum mixes. In: Proceedings of the 2008 IEEE International Symposium on Information Theory, Toronto (2008). doi:10.1109/ISIT.2008.4594929
Wagner, A.B., Anantharam, V.: NATO/ASI Workshop on Network Security and Intrusion Detection: Information Theory of Covert Timing Channels (2005)
Wang, Z., Lee, R.B.: Covert and side channels due to processor architecture. In: Proceedings of the 22nd Annual Computer Security Applications Conference, ACSAC ’06, Miami Beach, pp. 473–482. IEEE Computer Society, Washington, DC (2006). doi:10.1109/ACSAC.2006.20
Wang, Y., Moulin, P.: Perfectly secure steganography: capacity, error exponents, and code constructions. IEEE Trans. Inf. Theory 54(6), 2706–2722 (2008). doi:10.1109/TIT.2008.921684
Wang, X., Reeves, D.S.: Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS’03, Washington, DC, pp. 20–29. ACM, New York (2003). doi:10.1145/948109.948115
Wang, X., Chen, S., Jajodia, S.: Tracking anonymous peer-to-peer voip calls on the internet. In: Proceedings of the 12th ACM Conference on Computer and communications security, CCS’05, Alexandria, pp. 81–91. ACM, New York (2005). doi:10.1145/1102120.1102133
Wray, J.C.: An analysis of covert timing channels. In: Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy, Oakland, p. 2. IEEE Computer Society, Los Alamitos (1991). doi:10.1109/RISP.1991.130767
Wright, C.V., Ballard, L., Coull, S.E., Monrose, F., Masson, G.M.: Spot me if you can: uncovering spoken phrases in encrypted voip conversations. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy, SP’08, Oakland, pp. 35–49. IEEE Computer Society, Washington, DC (2008). doi:10.1109/SP.2008.21
Wyner, A.: The wiretap channel. Bell Syst. Tech. J. 54, 1355–1387 (1975)
Zhang, D., Askarov, A., Myers, A.C.: Predictive mitigation of timing channels in interactive systems. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS’11, Chicago, pp. 563–574. ACM, New York (2011). doi:10.1145/2046707.2046772
Zukerman, M., Neame, T., Addie, R.: Internet traffic modeling and future technology implications. In: Proceedings of the 22nd Annual Joint Conference of the IEEE Computer and Communications, INFOCOM’03, San Francisco, pp. 587–596 (2003). doi:10.1109/INFCOM.2003.1208709
Acknowledgements
This material is based upon work partially supported by the Air Force Office of Scientific Research (AFOSR) grants Sub TX 0200-07UI, FA9550-11-1-0016, FA9550-10-1-0573 and FA9550-10-1-0345.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer Science+Business Media New York
About this chapter
Cite this chapter
Kadloor, S., Kiyavash, N. (2014). Exploiting Timing Side Channel in Secure Cloud Scheduling. In: Han, K., Choi, BY., Song, S. (eds) High Performance Cloud Auditing and Applications. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-3296-8_6
Download citation
DOI: https://doi.org/10.1007/978-1-4614-3296-8_6
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-3295-1
Online ISBN: 978-1-4614-3296-8
eBook Packages: EngineeringEngineering (R0)