Chongzhou Fang, Najmeh Nazari, Behnam Omidi, Han Wang, Aditya Puri, Manish Arora, S. Rafatirad, H. Homayoun, Khaled N. Khasawneh
{"title":"异构评分:评估和缓解异构带来的云安全威胁","authors":"Chongzhou Fang, Najmeh Nazari, Behnam Omidi, Han Wang, Aditya Puri, Manish Arora, S. Rafatirad, H. Homayoun, Khaled N. Khasawneh","doi":"10.14722/ndss.2023.24996","DOIUrl":null,"url":null,"abstract":"—Cloud computing has emerged as a critical part of commercial computing infrastructure due to its computing power, data storage capabilities, scalability, software/API integration, and convenient billing features. At the early stage of cloud computing, the majority of clouds are homogeneous, i.e., most ma- chines are identical. It has been proven that heterogeneity in the cloud, where a variety of machine configurations exist, provides higher performance and power efficiency for applications. This is because heterogeneity enables applications to run in more suitable hardware/software environments. In recent years, the adoption of heterogeneous cloud has increased with the integration of a variety of hardware into cloud systems to serve the requirements of increasingly diversified user applications. At the same time, the emergence of security threats, such as micro-architectural attacks, is becoming a more critical problem for cloud users and providers. It has been demonstrated (e.g., Repttack and Cloak & Co-locate) that the prerequisite of micro-architectural attacks, the co-location of attack and victim instances, is easier to achieve in the heterogeneous cloud. This also means that the ease of attack is not just related to the heterogeneity of the cloud but increases with the degree of heterogeneity. However, there is a lack of numerical metrics to define, quantify or compare the heterogeneity of one cloud environment with another. In this paper, we propose a novel metric called Heterogeneity Score (HeteroScore), which quantitatively evaluates the heterogeneity of a cluster. We demonstrate that HeteroScore is closely connected to security against co-location attacks. Furthermore, we propose mitigation techniques to trade- off heterogeneity offered with security. We believe this is the first quantitative study that evaluates cloud heterogeneity and links heterogeneity to infrastructure security.","PeriodicalId":199733,"journal":{"name":"Proceedings 2023 Network and Distributed System Security Symposium","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"HeteroScore: Evaluating and Mitigating Cloud Security Threats Brought by Heterogeneity\",\"authors\":\"Chongzhou Fang, Najmeh Nazari, Behnam Omidi, Han Wang, Aditya Puri, Manish Arora, S. Rafatirad, H. Homayoun, Khaled N. Khasawneh\",\"doi\":\"10.14722/ndss.2023.24996\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"—Cloud computing has emerged as a critical part of commercial computing infrastructure due to its computing power, data storage capabilities, scalability, software/API integration, and convenient billing features. At the early stage of cloud computing, the majority of clouds are homogeneous, i.e., most ma- chines are identical. It has been proven that heterogeneity in the cloud, where a variety of machine configurations exist, provides higher performance and power efficiency for applications. This is because heterogeneity enables applications to run in more suitable hardware/software environments. In recent years, the adoption of heterogeneous cloud has increased with the integration of a variety of hardware into cloud systems to serve the requirements of increasingly diversified user applications. At the same time, the emergence of security threats, such as micro-architectural attacks, is becoming a more critical problem for cloud users and providers. It has been demonstrated (e.g., Repttack and Cloak & Co-locate) that the prerequisite of micro-architectural attacks, the co-location of attack and victim instances, is easier to achieve in the heterogeneous cloud. This also means that the ease of attack is not just related to the heterogeneity of the cloud but increases with the degree of heterogeneity. However, there is a lack of numerical metrics to define, quantify or compare the heterogeneity of one cloud environment with another. In this paper, we propose a novel metric called Heterogeneity Score (HeteroScore), which quantitatively evaluates the heterogeneity of a cluster. We demonstrate that HeteroScore is closely connected to security against co-location attacks. Furthermore, we propose mitigation techniques to trade- off heterogeneity offered with security. We believe this is the first quantitative study that evaluates cloud heterogeneity and links heterogeneity to infrastructure security.\",\"PeriodicalId\":199733,\"journal\":{\"name\":\"Proceedings 2023 Network and Distributed System Security Symposium\",\"volume\":\"22 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings 2023 Network and Distributed System Security Symposium\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.14722/ndss.2023.24996\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 2023 Network and Distributed System Security Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14722/ndss.2023.24996","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
HeteroScore: Evaluating and Mitigating Cloud Security Threats Brought by Heterogeneity
—Cloud computing has emerged as a critical part of commercial computing infrastructure due to its computing power, data storage capabilities, scalability, software/API integration, and convenient billing features. At the early stage of cloud computing, the majority of clouds are homogeneous, i.e., most ma- chines are identical. It has been proven that heterogeneity in the cloud, where a variety of machine configurations exist, provides higher performance and power efficiency for applications. This is because heterogeneity enables applications to run in more suitable hardware/software environments. In recent years, the adoption of heterogeneous cloud has increased with the integration of a variety of hardware into cloud systems to serve the requirements of increasingly diversified user applications. At the same time, the emergence of security threats, such as micro-architectural attacks, is becoming a more critical problem for cloud users and providers. It has been demonstrated (e.g., Repttack and Cloak & Co-locate) that the prerequisite of micro-architectural attacks, the co-location of attack and victim instances, is easier to achieve in the heterogeneous cloud. This also means that the ease of attack is not just related to the heterogeneity of the cloud but increases with the degree of heterogeneity. However, there is a lack of numerical metrics to define, quantify or compare the heterogeneity of one cloud environment with another. In this paper, we propose a novel metric called Heterogeneity Score (HeteroScore), which quantitatively evaluates the heterogeneity of a cluster. We demonstrate that HeteroScore is closely connected to security against co-location attacks. Furthermore, we propose mitigation techniques to trade- off heterogeneity offered with security. We believe this is the first quantitative study that evaluates cloud heterogeneity and links heterogeneity to infrastructure security.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
