A study of covert queueing channels in shared schedulers

We study covert queueing channels (CQCs), which are a kind of covert timing channel that may be exploited in shared queues across supposedly isolated users. In our system model, a user modulates messages to another user via his pattern of access to the shared resource. One example of such a channel is the cross-virtual network covert channel in data center networks resulting from the queueing effects of the shared resource. First, we study a system comprising a transmitter and a receiver that share a deterministic and work-conserving first-come-first-served scheduler, and we compute the maximum reliable data transmission rate, i.e., the capacity, of this channel. Next, we extend the model to include a third user who also uses the shared resource and study the effect of the presence of this user on the information transmission rate. The solution approach presented in this extension may be applied to calculate the capacity of the covert queueing channel among any number of users. We also study a queueing covert channel between two users sharing a round robin scheduler. Such a covert channel can arise when users share a resource such as a computer processor or a router arbitrated by a round robin policy. We present an information-theoretic framework to model and derive the capacity of this channel for both noiseless and noisy scenarios. Our results show that seemingly isolated users can communicate at a high rate over the covert channel. Furthermore, we propose a practical finite-length code construction, which achieves the capacity limit

Characterizing and Mitigating Virtual Machine Interference in Public Clouds.

This dissertation studies the mitigation of the performance and security interference between guest virtual machines (VMs) in public clouds. The goals are to characterize the impact of VM interference, uncover the root cause of the negative impact, and design novel techniques to mitigate such impact. The central premise of this dissertation is that by identifying the shared resources that cause the VM interference and by exploiting the properties of the workloads that share these resources with adapted scheduling policies, public cloud services can reduce conflicts of resource usage between guests and hence mitigate their interference. Current techniques for conflict reduction and interference mitigation overlook the virtualization semantic gap between the cloud host infrastructure and guest virtual ma- chines and the unique challenges posed by the multi-tenancy service model necessary to support public cloud services. This dissertation deals with both performance and security interference problems. It characterizes the impact of VM interference on inter-VM network latency using live measurements in a real public cloud and studies the root cause of the negative impact with controlled experiments on a local testbed. Two methods of improving the inter-VM net- work latency are explored. The first approach is a guest-centric solution that exploits the properties of application workloads to avoid interference without any support from the underlying host infrastructure. The second approach is a host-centric solution that adapts the scheduling policies for the contented resources that cause the interference without guest cooperation. Similarly, the characteristics of cache-based cross-VM attacks are studied in detail using both live cloud measurements and testbed experiments. To mitigate this security interference, a partition-based VM scheduling system is designed to reduce the effectiveness of these cache-based attacks.PhDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/107111/1/yunjing_1.pd

A Novel Approach to the Behavioral Aspects of Cybersecurity

The Internet and cyberspace are inseparable aspects of everyone's life. Cyberspace is a concept that describes widespread, interconnected, and online digital technology. Cyberspace refers to the online world that is separate from everyday reality. Since the internet is a recent advance in human lives, there are many unknown and unpredictable aspects to it that sometimes can be catastrophic to users in financial aspects, high-tech industry, and healthcare. Cybersecurity failures are usually caused by human errors or their lack of knowledge. According to the International Business Machines Corporation (IBM) X-Force Threat Intelligence Index in 2020, around 8.5 billion records were compromised in 2019 due to failures of insiders, which is an increase of more than 200 percent compared to the compromised records in 2018. In another survey performed by the Ernst and Young Global Information Security during 2018-2019, it is reported that 34% of the organizations stated that employees who are inattentive or do not have the necessary knowledge are the principal vulnerabilities of cybersecurity, and 22% of the organizations indicated that phishing is the main threat to them. Inattentive users are one of the reasons for data breaches and cyberattacks. The National Cyber Security Centre (NCSC) in the United Kingdom observed that 23.2 million users who were victims of cybersecurity attacks used a carelessly selected password, which is 123456, as their account password. The Annual Cybersecurity Report published by Cisco in 2018 announced that phishing and spear phishing emails are the root causes of many cybersecurity attacks in recent years. Hence, enhancing the cybersecurity behaviors of both personal users and organizations can protect vulnerable users from cyber threats. Both human factors and technological aspects of cybersecurity should be addressed in organizations for a safer environment

Capabilities for cross-layer micro-service security

Shared infrastructure computing has become ubiquitous; from the smallest start-up deploying on a multi-tenant cloud to the largest corporations whose separate branches all deploy to a shared private cloud. In both cases, the security challenges are similar and are unique from the legacy model of deploying monolithic applications on dedicated hardware. In the case of a multi-tenant cloud deployment, attacks can stem from other tenants who are not part of the same security domain, be that a different security-level within a single organization, or distinct organizations on a public cloud. In addition to nearly ubiquitous adoption of shared infrastructure, the rise of so called “micro-services” poses a set of unique challenges and advantages to security. The micro-service moniker stems from the idea of a Service Oriented Architecture (SOA) with a focus on having a small code base for each component of an application. The SOA approach is complimented by the DevOps movement in which software development practices are being applied to operations. These development and deployment techniques are here to stay as they enable more thorough testing, reliable deployment, and calability that previous software architectures only supported with extensive rewriting. In this dissertation, we focus on providing security to this new paradigm of computing. These trends force us to face security challenges unique to cloud computing such as passive cache-based side-channel attacks. In addition to new challenges, this new paradigm also affords us better tools and services due to the well-defined behavior of micro-services. Here, we focus on mitigating security risks by leveraging the Principle of Least Privilege (PoLP) at every layer of the stack: the interface between the operating system and the hardware, the system call interface, and within individual applications. We implement the PoLP through layer specific capabilities by mapping the security challenges present in cloud computing to a Take-Grant relational model between subjects. We conceptually extend the notion of “subject” to include subjects at every layer of the cloud stack. Additionally, we explore adding more trust guarantees to subject relationship monitoring. Finally, we explore fine grained memory operations within a micro-service that can impact a micro-service’s relationships with other subjects in the system