Catalogo dei prodotti della ricerca

In the quest for efficiency and performance, edge-computing providers replace process isolation with sandboxes, to support a high number of tenants per machine. While secure against software vulnerabilities, microarchitectural attacks can bypass these sandboxes. In this paper, we present a Spectre attack leaking secrets from co-located tenants in edge computing. Our remote Spectre attack, using amplification techniques and a remote timing server, leaks 2bit/min. This motivates our main contribution, DyPrIs, a scalable process-isolation mechanism that only isolates suspicious worker scripts following a lightweight detection mechanism. In the worst case, DyPrIs boils down to process isolation. Our proof-of-concept implementation augments real-world cloud infrastructure used in production at large scale, Cloudflare Workers. With a false-positive rate of only 0.61%, we demonstrate that DyPrIs outperforms strict process isolation while statistically maintaining its security guarantees, fully mitigating cross-tenant Spectre attacks.

Robust and Scalable Process Isolation Against Spectre in the Cloud / Schwarzl, Martin; Borrello, Pietro; Kogler, Andreas; Varda, Kenton; Schuster, Thomas; Schwarz, Michael; Gruss, Daniel. - 13555:(2022), pp. 167-186. (Intervento presentato al convegno ESORICS tenutosi a Copenhagen; Denmark) [10.1007/978-3-031-17146-8_9].

Robust and Scalable Process Isolation Against Spectre in the Cloud

Borrello, Pietro
Secondo
;
2022

Abstract

In the quest for efficiency and performance, edge-computing providers replace process isolation with sandboxes, to support a high number of tenants per machine. While secure against software vulnerabilities, microarchitectural attacks can bypass these sandboxes. In this paper, we present a Spectre attack leaking secrets from co-located tenants in edge computing. Our remote Spectre attack, using amplification techniques and a remote timing server, leaks 2bit/min. This motivates our main contribution, DyPrIs, a scalable process-isolation mechanism that only isolates suspicious worker scripts following a lightweight detection mechanism. In the worst case, DyPrIs boils down to process isolation. Our proof-of-concept implementation augments real-world cloud infrastructure used in production at large scale, Cloudflare Workers. With a false-positive rate of only 0.61%, we demonstrate that DyPrIs outperforms strict process isolation while statistically maintaining its security guarantees, fully mitigating cross-tenant Spectre attacks.
2022
ESORICS
cpu; spectre; cloud; security;
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
Robust and Scalable Process Isolation Against Spectre in the Cloud / Schwarzl, Martin; Borrello, Pietro; Kogler, Andreas; Varda, Kenton; Schuster, Thomas; Schwarz, Michael; Gruss, Daniel. - 13555:(2022), pp. 167-186. (Intervento presentato al convegno ESORICS tenutosi a Copenhagen; Denmark) [10.1007/978-3-031-17146-8_9].
04b Atto di convegno in volume
File allegati a questo prodotto
File Dimensione Formato  
Matin_preprint_Robust_2022.pdf

accesso aperto

Note: https://link.springer.com/chapter/10.1007/978-3-031-17146-8_9
Tipologia: Documento in Post-print (versione successiva alla peer review e accettata per la pubblicazione)
Licenza: Creative commons
Dimensione 372.89 kB
Formato Adobe PDF
372.89 kB Adobe PDF
Matin_Robust_2022.pdf

solo gestori archivio

Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 40.47 MB
Formato Adobe PDF
  Contatta l'autore
40.47 MB Adobe PDF   Contatta l'autore

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1657458
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 8
  • ???jsp.display-item.citation.isi??? 7
social impact