Power Attack Defense: Securing Battery-Backed Data Centers

Chao Li, Zhenhua Wang, Xiaofeng Hou, Hao-peng Chen, Xiaoyao Liang, M. Guo
{"title":"Power Attack Defense: Securing Battery-Backed Data Centers","authors":"Chao Li, Zhenhua Wang, Xiaofeng Hou, Hao-peng Chen, Xiaoyao Liang, M. Guo","doi":"10.1145/3007787.3001189","DOIUrl":null,"url":null,"abstract":"Battery systems are crucial components for mission-critical data centers. Without secure energy backup, existing under-provisioned data centers are largely unguarded targets for cyber criminals. Particularly for today's scale-out servers, power oversubscription unavoidably taxes a data center's backup energy resources, leaving very little room for dealing with emergency. Besides, the emerging trend towards deploying distributed energy storage architecture causes the associated energy backup of each rack to shrink, making servers vulnerable to power anomalies. As a result, an attacker can generate power peaks to easily crash or disrupt a power-constrained system. This study aims at securing data centers from malicious loads that seek to drain their precious energy storage and overload server racks without prior detection. We term such load as Power Virus (PV) and demonstrate its basic two-phase attacking model and characterize its behaviors on real systems. The PV can learn the victim rack's battery characteristics by disguising as benign loads. Once gaining enough information, the PV can be mutated to generate hidden power spikes that have a high chance to overload the system. To defend against PV, we propose power attack defense (PAD), a novel energy management patch built on lightweight software and hardware mechanisms. PAD not only increases the attacking cost considerably by hiding vulnerable racks from visible spikes, it also strengthens the last line of defense against hidden spikes. Using Google cluster traces we show that PAD can effectively raise the bar of a successful power attack: compared to prior arts, it increases the data center survival time by 1.6~11X and provides better performance guarantee. It enables modern data centers to safely exploit the benefits that power oversubscription may provide, with the slightest cost overhead.","PeriodicalId":6634,"journal":{"name":"2016 ACM/IEEE 43rd Annual International Symposium on Computer Architecture (ISCA)","volume":"12 1","pages":"493-505"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"44","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 ACM/IEEE 43rd Annual International Symposium on Computer Architecture (ISCA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3007787.3001189","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 44

Abstract

Battery systems are crucial components for mission-critical data centers. Without secure energy backup, existing under-provisioned data centers are largely unguarded targets for cyber criminals. Particularly for today's scale-out servers, power oversubscription unavoidably taxes a data center's backup energy resources, leaving very little room for dealing with emergency. Besides, the emerging trend towards deploying distributed energy storage architecture causes the associated energy backup of each rack to shrink, making servers vulnerable to power anomalies. As a result, an attacker can generate power peaks to easily crash or disrupt a power-constrained system. This study aims at securing data centers from malicious loads that seek to drain their precious energy storage and overload server racks without prior detection. We term such load as Power Virus (PV) and demonstrate its basic two-phase attacking model and characterize its behaviors on real systems. The PV can learn the victim rack's battery characteristics by disguising as benign loads. Once gaining enough information, the PV can be mutated to generate hidden power spikes that have a high chance to overload the system. To defend against PV, we propose power attack defense (PAD), a novel energy management patch built on lightweight software and hardware mechanisms. PAD not only increases the attacking cost considerably by hiding vulnerable racks from visible spikes, it also strengthens the last line of defense against hidden spikes. Using Google cluster traces we show that PAD can effectively raise the bar of a successful power attack: compared to prior arts, it increases the data center survival time by 1.6~11X and provides better performance guarantee. It enables modern data centers to safely exploit the benefits that power oversubscription may provide, with the slightest cost overhead.
电力攻击防御:保护电池支持的数据中心
电池系统是关键任务数据中心的关键组件。如果没有安全的能源备份,现有的供应不足的数据中心在很大程度上是网络犯罪分子毫无防备的目标。特别是对于今天的横向扩展服务器来说,电力超额订阅不可避免地会给数据中心的备用能源造成负担,因此留给处理紧急情况的空间非常小。此外,分布式储能架构的部署趋势使得每个机架的关联能量备份减少,使服务器容易受到电源异常的影响。因此,攻击者可以产生功率峰值,从而很容易地使功率受限的系统崩溃或中断。这项研究旨在保护数据中心免受恶意负载的侵害,这些恶意负载试图耗尽其宝贵的能量存储,并在没有事先检测的情况下使服务器机架过载。本文将这种负载称为Power Virus (PV),给出了其两阶段攻击的基本模型,并对其在实际系统上的行为进行了表征。PV可以通过伪装成良性负载来学习受害者机架的电池特性。一旦获得足够的信息,PV就可以发生突变,产生隐藏的功率峰值,这很有可能使系统过载。为了防御PV,我们提出了power attack defense (PAD),这是一种基于轻量级软硬件机制的新型能源管理补丁。PAD不仅通过隐藏脆弱的机架以躲避可见的尖峰而大大增加了攻击成本,而且还加强了对隐藏尖峰的最后一道防线。通过使用Google集群跟踪,我们发现PAD可以有效地提高成功的功率攻击的标准:与现有技术相比,它将数据中心的生存时间提高了1.6~11X,并提供了更好的性能保证。它使现代数据中心能够安全地利用电力超额订阅可能提供的好处,而成本开销最小。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信