Introduction to OpenStack · 2017. 11. 21. · VM vs BM and Risk management •You should consider...
Transcript of Introduction to OpenStack · 2017. 11. 21. · VM vs BM and Risk management •You should consider...
Security Cloud
Tewfiq El Maliki, HES-SO
VM vs BM and Risk management
• You should consider VM cloud for highly dynamic workloads
• Application that spins up and down rapidly
• Application is sensitive to performance, bare metal can be unbeatable
• Resources dedicated to a single customer
• Greater processing power and input/output operations per second (IOPS)
• More consistent disk and network I/O performance
• Quality of Service (QoS) that guarantees elimination of the noisy neighbor
problem in a multitenant environment.
• Risk management is a must in the Cloud environment
2
Memory sharing
3
• Shared memory
• Inter-CPU
• Inter-VM
Memory sharing
• Mechanism to optimize the overall memory of the system
• Shared text segments
• Shared libs
• Memory de-duplication
• Considered save and equivalent to no sharing
4
Memory sharing : L3 Cache
• Memory is slower than the processor
• The cache utilizes locality to bridge the gap
• Divides memory into lines
• Stores recently used lines
• Shared caches improve performance for
multi-core processors
5
Common Intel CPU
Core 0
L1 cache
L2 cache
Core 1
L1 cache
L2 cache
Core 2
L1 cache
L2 cache
Core 3
L1 cache
L2 cache
Shared L3 cache
Memory
Cache coherence
• Memory and cache can be in inconsistent states
• Rare, but possible
• Solution: Flushing the cache contents
• Ensures that the next load is served from the memory
6
Side Channel Attacks
7
0Attacker • Using electromagnetic radiation (emission of waves, analysis of a
thermal image, light emitted by a screen)
• Power consumption
• Acoustic waves analyses
Channel A B
Side Channel Attacks
8 From https://commons.wikimedia.org/w/index.php?curid=9762288
• Measurements of Power
• RSA : be mod N (p*q) if bit 1= the processing is longer
0 1
Attack strategy : Flush and reload
• Forcing a bit of code in the victim process out of the L3 cache,
• Waiting a bit, then
• measuring the time it takes to access the code.
• If the victim process executes the code while the spy process is waiting,
• it will put back into the cache, and the spy process's accessing code will be fast.
• If the victim process doesn't execute the code,
• it will stay out of the cache, and the spy process's access will be slow.
• So, by measuring the access time, the spy can tell whether or not the
victim executed the code during the wait interval.
9
RSA
• RSA is a public key cryptographic scheme
• The main opera6on is modular
• exponentiation, i.e. calculating
• be mod n
• The exponent e used for decryption
and for signing is secret
10
RSA Example of simple Exp
3^20 mod 23 =? b^e mod 23
i 4 3 2 1 0
ei 1 0 1 0 0
c = 2c & x=x^2 c 1 2 5 10 20
if ei = 1 c=c+1
x=x*b 3 9 13 8 18 11
Scans the exponent
from the MSB to the LSB
• For clear bits does
Square‐Reduce
•For set bits does
Square-‐Reduce
-‐ Multiply-‐Reduce
Time measurements of probes
12
Implementation of the attack
• It shows that it is not safe to use GnuPG on multi-user systems.
However, it is not limited to GnuPG.
• Compression: Learn partial or complete contents of the file(s) being
compressed/decompressed.
• SSH: Extract the secret keys used for public-key authentication when a
user connects to an SSH server.
• SSL: In a shared-hosting environment, get other users' private keys. Or,
worse, get the hosting provider's private key.
• Observe the main() function of common binaries like 'ls', 'cat', 'cd', to get
a rough idea of what another user is typing into their terminal.
• Code that runs when the mouse is moved, clicked, or hovered.
13
Lost of bit during attack
14
Mitigation
• It is hard to limit the extent of sharing. E.g. “read-‐only” is more than
read only.
• Use constant-time implementations of cryptographic primitives.
• Apply the principle of least privilege
• Definition of what it means for a system's user isolation to be secure.
The property is called "Perfect Isolation" and is similar to the definition
of perfect secrecy from cryptography:
• Perfect Isolation: Suppose Alice and Bob are users of a system. Give Alice a
random bit. Have Alice try to tell Bob the bit. Have Bob try to receive the bit. The
system has Perfect Isolation if Bob cannot guess the bit with greater than 1/2
probability.
15
RowHammer attack
16
Rowhammer Attacks
• Memory DRAM functioning
• Contains Programs and data
• Dynamic Random Access Memory
• Refresh each ~60ms
17
Programs repartition
18
Memory : How it work?
19
Memory : How it work?
20
Memory : Leakage
21
• If we repeat the seeking of the
same memory, we can leak bits
adjacent memory
• Bit may Flip
Memory : Leakage
22
• The capacitor are
influenced by the
adjacent changing
state
Bit permission
flipted
DRAM ?
23
• Capacitors and transistors
• Electromagnetics coupling between
rows
• Memory scan for useful bit flips
• Uncached memory access
• clflush
24
Y
X 1 1 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1
1 1 0 1 1 0 1 1 1
1 1 0 1 1 1 1 0 1
Is it deterministic?
• Is it random or deterministic ?
• What is the probability to appear a bit flip error?
• What is the errors rate?
25
Why DRAM leakage
26
• But New DRAM4
are protected
How often the refreshing?
27
Solutions
• Sophisticated EEC-DRAM Cost and Energy
• Refresh frequently Power, Performance
• Make better DRAM chips Cost
28
Memory deduplication
• Method used to reduce memory usage
• Overcome memory demands and run more VMs
29
Victim Attacker
111111
111111
111111
111111
1
111011
111111
111111
111111
1
Virtualization Host
111111
111111
111111
Victim Attacker 111111
111111
111111
111111
111111
111111
111001
111111
Virtualization Host
111111
111111
111111
111111
111111
111001
111111
1 Physical Memory Physical Memory
Example of Attacks : Flip Feng Shui
• OpenSSH : target : ~/.ssh/authorized_keys
• Flip a bit reconstruct the private key and log-on again
30 Rowhammer attack
Attacks : How it work?
31
• The capacitor are
influenced by the
adjacent changing
state