Resource-freeing attacks
- 16 October 2012
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM) in Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12
- p. 281-292
- https://doi.org/10.1145/2382196.2382228
Abstract
Cloud computing promises great efficiencies by multiplexing resources among disparate customers. For example, Amazon's Elastic Compute Cloud (EC2), Microsoft Azure, Google's Compute Engine, and Rack-space Hosting all offer Infrastructure as a Service (IaaS) solutions that pack multiple customer virtual machines (VMs) onto the same physical server. The gained efficiencies have some cost: past work has shown that the performance of one customer's VM can suffer due to interference from another. In experiments on a local testbed, we found that the performance of a cache-sensitive benchmark can degrade by more than 80% because of interference from another VM. This interference incentivizes a new class of attacks, that we call resource-freeing attacks (RFAs). The goal is to modify the workload of a victim VM in a way that frees up resources for the attacker's VM. We explore in depth a particular example of an RFA. Counter-intuitively, by adding load to a co-resident victim, the attack speeds up a class of cache-bound workloads. In a controlled lab setting we show that this can improve performance of synthetic benchmarks by up to 60% over not running the attack. In the noisier setting of Amazon's EC2, we still show improvements of up to 13%.Keywords
This publication has 19 references indexed in Scilit:
- An exploration of L2 cache covert channels in virtualized environmentsPublished by Association for Computing Machinery (ACM) ,2011
- Runtime measurements in the cloudProceedings of the VLDB Endowment, 2010
- Hey, you, get off of my cloudPublished by Association for Computing Machinery (ACM) ,2009
- Comparison of the three CPU schedulers in XenACM SIGMETRICS Performance Evaluation Review, 2007
- Virtual private cachesACM SIGARCH Computer Architecture News, 2007
- SPEC CPU2006 benchmark descriptionsACM SIGARCH Computer Architecture News, 2006
- Xen and the art of virtualizationPublished by Association for Computing Machinery (ACM) ,2003
- Symbiotic jobscheduling with priorities for a simultaneous multithreading processorACM SIGMETRICS Performance Evaluation Review, 2002
- Performance isolationACM SIGPLAN Notices, 1998
- Page placement algorithms for large real-indexed cachesACM Transactions on Computer Systems, 1992