A software approach to defeating side channels in last-level caches

We present a software approach to mitigate access-driven side-channel attacks that leverage last-level caches (LLCs) shared across cores to leak information between security domains (e.g., tenants in a cloud). Our approach dynamically manages physical memory pages shared between security domains to disable sharing of LLC lines, thus preventing "Flush-Reload" side channels via LLCs. It also manages cacheability of memory pages to thwart cross-tenant "Prime-Probe" attacks in LLCs. We have implemented our approach as a memory management subsystem called CacheBar within the Linux kernel to intervene on such side channels across container boundaries, as containers are a common method for enforcing tenant isolation in Platform-as-a-Service (PaaS) clouds. Through formal verification, principled analysis, and empirical evaluation, we show that CacheBar achieves strong security with small performance overheads for PaaS workloads

Migration of an On-Premise Single-Tenant Enterprise Application to the Azure Cloud: The Multi-Tenancy Case Study

Kokkuvõte Pilvearvutuse edu muudab radikaalselt tavasid kuidas edaspidi infotehnoloogia teenuseid arendatakse, juurutatakse ja hallatakse. Sellest tulenevalt on sõnakõlks „pilve migratsioon“ vägagi aktuaalne paljudes ettevõtetes. Tänu sellele tehnoloogiale on paljud suured ja väikesed ettevõtted huvitatud enda tarkvara, andmebaasi süsteemide ja infrastruktuuri üleviimisest pilve keskkonda. Olemasolevate süsteemide migreerimine pilve võib vähendada kulutusi, mis on seotud vajamineva riistvara, tarkvara paigaldamise ning litsentseerimisega ja samuti selle kõige haldamiseks vajaminevate inimeste palkamisega. Rakenduse ja selle andmete hoidmine pilves, mis teenindab mitmeid üürnike (ik. tenants) võib osutuda kalliks kui ei kasutada jagatud lähenemist üürnike vahel. Sellest tulenevalt on teadlikult disainitud rakenduse ning andme arhitektuur äärmiselt oluline organisatsioonile, mis kasutab mitme-üürniku (ik. multi-tenant) lähenemist. Käesolevas magistritöös kirjeldatakse juhtumiuuringut (ik. case study) ning saadud kogemusi eraldiseiseva majasiseselt paigaldatava rakenduse migreerimisel Azure pilve keskkonda. Töö kirjeldab juristidele mõeldud tootlikkuse mõõtmise tarkvara andmekihi migreerimist Azure pilvekeskkonda. Majasisese ühe tarbijaga tarkvara andmekihi üleviimine efektiivsele mitme-üürniku andmekandja süsteemi pilve keskkonnas nõuab lisaks ka kõrgetasemelise autentimis-mehhanismi disainimist ning realiseerimist. Töö põhirõhk on turvalise skaleeruva ning mitme-üürniku efektiivse andmekandja süsteemi arhitektuuri disainimine ning realiseerimine pilve-keskkonda. Projektis kasutatakse SQL Database’i (endine SQL Azure) poolt pakutavat sisse ehitatud võimekust (SQL Federations) selleks, et tagada turvaline andmete eraldatus erinevate üürnike vahel ja andmebaasi skaleeruvus. Tarkvara andmekihi migreerimine pilve keskkonda toob kaasa kulude vähenemis, mis on seotud tarkvara tarnimisega, paigaldamise ning haldamisega. Lisaks aitab see ettevõttel laieneda uutele turgudele, mis enne migreerimist oli takistatud kohapeal teostava tarkvara paigaldamisega. Tänu pilves olevale andmekihile nõuab uuele kliendile süsteemi paigaldamine väga väikest kulutust.The success of cloud computing is changing the way how information technology services are developed, deployed, maintained and scaled. This makes the ‘migration to the cloud’ a buzzword in the industry for most of the enterprises today. Observing so many advantages of this phenomenon technology, enterprises from small to large scales are interested in migrating their software applications, database systems or infrastructures to cloud scale solutions. Migrating existing systems to a cloud scale solution can reduce the expenses related to costs of the necessary hardware for servers, installation of the operating system environment, license costs of the operating system and database products, deployment of the database products and hiring professional staff for keeping the system up and running. However, storing the application data to a back-end that serves multiple tenants on the cloud will be also costly if the resources on the cloud platform are not shared fairly among tenants. Thus, a carefully designed multi-tenant architecture is essential for an organization that serves multiple tenants. In this master thesis, we will describe a case study and lessons learned on the migration of an enterprise application from an on-premise deployment backend to the Azure Cloud. More specifically, the thesis describes the migration of a productivity tool specialized for legal professionals to a multi-tenant data storage back-ends on Azure Cloud. Moving an on-premise, single-tenant software backend to a multi-tenant data storage system on the cloud will also require design and implementation of authentication mechanisms. The core focus of the work consists of the design and implementation of a secure, scalable and multi-tenant efficient data storage system and application architecture on the cloud. SQL Database (formerly SQL Azure) offers native features (SQL Federations) for the secure isolation of the data among tenants and database scalability which has been used inside the project. Furthermore, the basic application authentication mechanism is enhanced with identity providers such as Google Account and Windows Live ID by embedding native functionality of Windows Azure called Azure Access Control Service to the login mechanism. Migration of the software backend to a cloud scale solution is expected to reduce the costs related to delivery, deployment, maintenance and operation of the software for the business. Furthermore, it will help the business to target new markets since it is a cloud based solution and requires very little initial effort to deliver the software to the new customers

Spectre and Cloud : An evaluation of threats in shared computation environments

The processor flaws used in the Spectre and Meltdown attacks have had uncharacteristically large media impact, even gaining coverage in main-stream media. This is despite the fact that this type of exploit has not been used in any real world attacks and is unlikely to target consumers, as simpler attack vectors still remain highly effective. However, because Spectre affects any processor which uses speculative execution, with little hope for a "silver bullet" in the near future, Spectre seems to be here to stay. While Spectre might not be very relevant to the consumer market, it is quite relevant where safety is usually paramount: the cloud. It promises cost reduction and safety through offloading maintenance and updating tasks to gigantic providers like Amazon’s AWS. But how secure can the most up-to-date platform be, if the used hardware is inherently flawed to the core? This paper provides a high level explanation of the Spectre attack, shows potential Spectre attack vectors in a shared cloud environment and discusses some defensive measures

Implementing Azure Active Directory Integration with an Existing Cloud Service

Training Simulator (TraSim) is an online, web-based platform for holding crisis management exercises. It simulates epidemics and other exceptional situations to test the functionality of an organization’s operating instructions in the hour of need. The main objective of this thesis is to further develop the service by delegating its existing authentication and user provisioning mechanisms to a centralized, cloud-based Identity and Access Management (IAM) service. Making use of a centralized access control service is widely known as a Single Sign-On (SSO) implementation which comes with multiple benefits such as increased security, reduced administrative overhead and improved user experience. The objective originates from a customer organization’s request to enable SSO for TraSim. The research mainly focuses on implementing SSO by integrating TraSim with Azure Active Directory (AD) from a wide range of IAM services since it is considered as an industry standard and already utilized by the customer. Anyhow, the complexity of the integration is kept as reduced as possible to retain compatibility with other services besides Azure AD. While the integration is a unique operation with an endless amount of software stacks that a service can build on and multiple IAM services to choose from, this thesis aims to provide a general guideline of how to approach a resembling assignment. Conducting the study required extensive search and evaluation of the available literature about terms such as IAM, client-server communication, SSO, cloud services and AD. The literature review is combined with an introduction to the basic technologies that TraSim is built with to justify the choice of OpenID Connect as the authentication protocol and why it was implemented using the mozilla-django-oidc library. The literature consists of multiple online articles, publications and the official documentation of the utilized technologies. The research uses a constructive approach as it focuses into developing and testing a new feature that is merged into the source code of an already existing piece of software

Cauldron: a framework to defend against cache-based side-channel attacks in clouds

Cache-based side-channel attacks have garnered much interest in recent literature. Such attacks are particularly relevant for cloud computing platforms due to high levels of multi-tenancy. In fact, there exists recent work that demonstrates such attacks on real cloud platforms (e.g., DotCloud). In this thesis we present Cauldron, a framework to defend against such cache-based side-channel attacks. Cauldron uses a combination of smart scheduling techniques and microarchitectural mechanisms to achieve this goal. We are able to demonstrate improved defenses against both cross-core side channel attacks that target shared caches as well as same-core attacks. Furthermore, Cauldron is transparent to the user - requiring no modi cation (or even recompilation) of users' application binaries by integrating directly with the popular container runtime framework, Docker. Preliminary evaluation results show that the proposed approach is effective for cloud computing applications