InREC: In-network REal Number Computation

International audienceCurrent generation of Reconfigurable Match-Action Tables switches are highly programmable, able to support stateful operations and pipeline specifications using languages like P4. Nevertheless, these switches do not offer primitives to support real-valued operations on the data plane, thus requiring support from external servers or middleboxes to perform advanced operations. We introduce InREC, a system that extends the capabilities of programmable switches to support in-network real-valued operations using the IEEE half-precision floating point representation. It relies on decomposing real-valued functions into lookup tables taking into account the RMT model constraints to reach the right trade-off between accuracy and resource usage. InREC prototype on Barefoot Tofino switches demonstrates the efficiency of InREC for in-network computation of different types of operations and its application for in-network logistic regression models used for classification problems. Our evaluation of InREC shows that it is possible to implement complex in-network applications with high accuracy and low latency

NetREC: Network-wide in-network REal-value Computation

International audienceThe current generation of networks empowers the use of programmable switches whose behaviour can be defined using languages like P4. Nevertheless, these languages do not support network-wide deployment of stateful real-value functions. This paper presents NetREC, an extension of RMT programmable data planes designed to enable stateful real-value functions computation across multiple switches. NetREC first decomposes the real-value functions into a dependency graph of elementary operations that are distributed among the network. This distribution is carried out by dynamically generating and solving an integer linear program. We deploy a prototype of NetREC on a network of Tofino switches and demonstrate its capability of computing recursive real-value functions like exponential weighted moving average

Understanding Disruptive Monitoring Capabilities of Programmable Networks

International audienceThe design shift proposed by OpenFlow, with its simple stateless dataplane, initially contributed to the success of Software-Defined Networks. Its lack of state, however, prevents the implementation of many dataplane algorithms. Network applications must therefore offload stateful operations to the control plane, thereby increasing latency and limiting network scalability. Thus, recent research efforts centered on the addition of stateful properties to switches. In this paper, we discuss the impact of emerging programmable dataplane abstractions on network monitoring. In particular, we investigate the need for dataplane states in the design of scalable monitoring applications. We argue that these abstractions are ill-suited for software switches as they retain hardware-specific limitations. Furthermore, we analyse the impact of stateful dataplane designs on the control plane visibility of the network. Finally, we identify opportunities for improvement in the design of stateful software switches

Leveraging in-network real-value computation for home network device recognition

International audienceCurrent generation of switches are highly programmable and able to support stateful. However, these switches cannot perform floating point operations. As a result several network applications have to be run on external servers or middleboxes in the network. We introduce InREC, a system that extends the capabilities of programmable switches to support in-network real-valued operations using the IEEE half-precision floating point representation. Our demo on a Barefoot Tofino switches demonstrates the efficiency of InREC for in-network computation by computing a logistic regression function to classify devices (IoT and laptop) in a simulated home environment

BMC: Accelerating Memcached using Safe In-kernel Caching and Pre-stack Processing

International audienceIn-memory key-value stores are critical components that help scale large internet services by providing low-latency access to popular data. Memcached, one of the most popular key-value stores, suffers from performance limitations inherent to the Linux networking stack and fails to achieve high performance when using high-speed network interfaces. While the Linux network stack can be bypassed using DPDK based solutions, such approaches require a complete redesign of the software stack and induce high CPU utilization even when client load is low. To overcome these limitations, we present BMC, an inkernel cache for Memcached that serves requests before the execution of the standard network stack. Requests to the BMC cache are treated as part of the NIC interrupts, which allows performance to scale with the number of cores serving the NIC queues. To ensure safety, BMC is implemented using eBPF. Despite the safety constraints of eBPF, we show that it is possible to implement a complex cache service. Because BMC runs on commodity hardware and requires modification of neither the Linux kernel nor the Memcached application, it can be widely deployed on existing systems. BMC optimizes the processing time of Facebook-like small-size requests. On this target workload, our evaluations show that BMC improves throughput by up to 18x compared to the vanilla Memcached application and up to 6x compared to an optimized version of Memcached that uses the SO_REUSEPORT socket flag. In addition, our results also show that BMC has negligible overhead and does not deteriorate throughput when treating non-target workloads

Offloading Security Services to the Cloud Infrastructure

International audienceCloud applications rely on a diverse set of security services fromapplication-layer rate-limiting to TCP SYN cookies and applicationfirewalls. Some of these services are implemented at the infrastructurelayer, on the host or in the NIC, to filter attacks closer totheir source and free CPU cycles for the tenants’ applications. Mostsecurity services, however, remain difficult to implement at theinfrastructure layer because they are closely tied to the applicationsthey protect.In this paper, we propose to allow tenants to offload small filteringprograms to the infrastructure. We design a mechanism toensure fairness in resource consumption among tenants and showthat, by carefully probing specific points of the infrastructure, allresource consumption can be accounted for.We prototype our solution over the new high-performance datapathof Linux. Our preliminary experiments show that an offload tothe host’s CPU can bring a 4-6x performance improvement. In addition,fairness among tenants introduces an overhead of only 14%in the worst case and approximately 3% for realistic applications

Oko: Extending Open vSwitch with Stateful Filters

International audienceWith the Software-Defined Networking paradigm, softwareswitches emerged as the new edge of datacenter networks.The widely adopted Open vSwitch implements the OpenFlowforwarding model; its simple match-action abstractioneases network management, while providing enough flexibilityto define complex forwarding pipelines. OpenFlow,however, cannot express the many packets processing algorithmsrequired for traffic measurement, network security, orcongestion diagnosis, as it lacks a persistent state and basicarithmetic and logic operations.This paper presents Oko, an extension of Open vSwitchthat enables runtime integration of stateful filtering andmonitoring functionalities based on Berkeley Packet Filter(BPF) programs into the OpenFlow pipeline. BPF programsattached to OpenFlow rules act as intelligent filters over packets,while leaving the packets unmodified. This approachenables the transparent extension of Open vSwitch’s flowcaching architecture, retaining its high-performance benefits.Furthermore, the use of BPF allows for safe runtimeextension and prevention of switch failures due to faultyprograms.We compare our implementation based on Open vSwitchDPDKto existing approaches with comparable fault isolationproperties and measure a near 2x improvement of performance

Sécurité de la gestion dynamique des ressources basée sur la prise en compte des profils de consommation en ressources des machines virtuelles, dans un cloud IaaS

Hardware virtualisation is the core technology which enables resource sharing among multiple virtual machines possibly belonging to different tenants within cloud infrastructures. Resources haring is the main feature that enables cost effectiveness of cloud platforms, achieved through dynamic resource management. However, resource sharing brings several new security concerns. Several proofs of concepts have demontrated new attack strategies brought by the resource sharing paradigm, known as cross-virtual machine attacks. Even so, it is also showed that the priviligied position of the virtualisation layer can be leveraged to offer better security protection mecanisms than the ones offered in non virtualized platfoms.This thesis follows two main objectives. The first one is related to the domain of cloud-specific vulnerabilities. We have demonstrated a new attack, called the abusive virtual machine migration attack, in which an attacker can leverage the sharing of resources, through the manipulation of the amounts of resources consumed by virtual machines under his control, to abusively enforce the dynamic resource management system to trigger virtual machine migrations. We have demonstrated this attack on a virtualized platform composed of five physical machines, the necessary conditions for the attack to succeed and the vulnerability exposure of clusters against this kind of attack is also analyzed. The second main contribution of this thesis aims at leveraging the privilged position of the cloud provider who has both a more reliable view of the ressource utilisation and a more complete view of the virtual machine execution contexts compared to the limited view of cloud users, to provide better security. We propose AMAD (Abusive Virtual Machine Migration Attack Detection), a system designed for detecting an abusive use of the dynamic virtual machine migration, in the case of the abusive virtual machine migration attack. AMAD identifies the virtual machines possibly at the origin of the attack by analyzing their resource consumption profiles which show fluctuation and correlation in the usage of resources. We have implemented AMAD on top of our laboratory platform and evaluated it with the help of virtual machine resource consumption traces collected from real cloud. Our evaluation results show that AMAD identifes the attacking virtual machines with high detection accuracy.La virtualisation matérielle telle que mise en oeuvre dans le cloud computing, permet le partage de ressources matérielles entre plusieurs machines virtuelles pouvant appartenir à différents utilisateurs. Ce partage des ressources constitue l’atout majeur de ces infrastructures,qui permet aux fournisseurs d’exploiter plus efficacement les ressources des centres de données, notamment à travers l’allocation dynamique des ressources. Cependant, le partage des ressources introduit de nouvelles contraintes de sécurité. Plusieurs travaux de l’état de l’art ont démontré l’apparition de nouvelles stratégies d’attaques propres aux infrastructures cloud computing, exploitant le partage des ressources. Néanmoins, il a aussi été démontré qu’il est possible de tirer avantage de la position privilégiée de la couche de virtualisation pour offrir une meilleure sécurité que celle assurée dans les plate-formes traditionnelles d’hébergement en silo. Cette thèse poursuit deux axes de recherche complémentaires. Le premier axe traite des nouvelles vulnérabilités liées aux infrastructures cloud computing. Nous avons démontré une attaque que nous appelons attaque par "migrations intempestives de machines virtuelles", dans laquelle un attaquant parvient à amener le système de gestion dynamique de ressources à migrer de façon abusive des machines virtuelles, par simple manipulation des quantités de ressources consommées par des machines virtuelles qui sont sous son contrôle. Nous avons démontré cette attaque sur une plate-forme constituée de cinq serveurs et analysé les conditions nécessaires à son succès ainsi que l’exposition des clusters vis-à-vis de la vulnérabilité qu’elle exploite. Le second axe propose de tirer avantage de la position privilégiée de l’opérateur qui dispose à la fois d’une vue multi-couches plus riche de l’utilisation des ressources et d’une vue plus globale des contextes d’exécution des machines virtuelles, comparativement à la vue limitée de l’utilisateur, pour offrir une meilleure sécurité. Nous avons proposé AMAD (Abusive VM Migration Attack Detection), un système de supervision, chargé de détecter l’occurrence des attaques par migrations intempestives de machines virtuelles et d’identifier de façon automatique celles à l’origine de l’attaque. AMAD est implémenté sur notre plate-forme d’expérimentation et évalué à l’aide de traces de consommation de machines virtuelles collectées sur des clouds réels. Les résultats d’évaluation montrent qu’AMAD opère avec une bonne précision de détection

Resource consumption profile-based attack detection in IaaS clouds

La virtualisation matérielle telle que mise en oeuvre dans le cloud computing, permet le partage de ressources matérielles entre plusieurs machines virtuelles pouvant appartenir à différents utilisateurs. Ce partage des ressources constitue l’atout majeur de ces infrastructures,qui permet aux fournisseurs d’exploiter plus efficacement les ressources des centres de données, notamment à travers l’allocation dynamique des ressources. Cependant, le partage des ressources introduit de nouvelles contraintes de sécurité. Plusieurs travaux de l’état de l’art ont démontré l’apparition de nouvelles stratégies d’attaques propres aux infrastructures cloud computing, exploitant le partage des ressources. Néanmoins, il a aussi été démontré qu’il est possible de tirer avantage de la position privilégiée de la couche de virtualisation pour offrir une meilleure sécurité que celle assurée dans les plate-formes traditionnelles d’hébergement en silo. Cette thèse poursuit deux axes de recherche complémentaires. Le premier axe traite des nouvelles vulnérabilités liées aux infrastructures cloud computing. Nous avons démontré une attaque que nous appelons attaque par "migrations intempestives de machines virtuelles", dans laquelle un attaquant parvient à amener le système de gestion dynamique de ressources à migrer de façon abusive des machines virtuelles, par simple manipulation des quantités de ressources consommées par des machines virtuelles qui sont sous son contrôle. Nous avons démontré cette attaque sur une plate-forme constituée de cinq serveurs et analysé les conditions nécessaires à son succès ainsi que l’exposition des clusters vis-à-vis de la vulnérabilité qu’elle exploite. Le second axe propose de tirer avantage de la position privilégiée de l’opérateur qui dispose à la fois d’une vue multi-couches plus riche de l’utilisation des ressources et d’une vue plus globale des contextes d’exécution des machines virtuelles, comparativement à la vue limitée de l’utilisateur, pour offrir une meilleure sécurité. Nous avons proposé AMAD (Abusive VM Migration Attack Detection), un système de supervision, chargé de détecter l’occurrence des attaques par migrations intempestives de machines virtuelles et d’identifier de façon automatique celles à l’origine de l’attaque. AMAD est implémenté sur notre plate-forme d’expérimentation et évalué à l’aide de traces de consommation de machines virtuelles collectées sur des clouds réels. Les résultats d’évaluation montrent qu’AMAD opère avec une bonne précision de détection.Hardware virtualisation is the core technology which enables resource sharing among multiple virtual machines possibly belonging to different tenants within cloud infrastructures. Resources haring is the main feature that enables cost effectiveness of cloud platforms, achieved through dynamic resource management. However, resource sharing brings several new security concerns. Several proofs of concepts have demontrated new attack strategies brought by the resource sharing paradigm, known as cross-virtual machine attacks. Even so, it is also showed that the priviligied position of the virtualisation layer can be leveraged to offer better security protection mecanisms than the ones offered in non virtualized platfoms.This thesis follows two main objectives. The first one is related to the domain of cloud-specific vulnerabilities. We have demonstrated a new attack, called the abusive virtual machine migration attack, in which an attacker can leverage the sharing of resources, through the manipulation of the amounts of resources consumed by virtual machines under his control, to abusively enforce the dynamic resource management system to trigger virtual machine migrations. We have demonstrated this attack on a virtualized platform composed of five physical machines, the necessary conditions for the attack to succeed and the vulnerability exposure of clusters against this kind of attack is also analyzed. The second main contribution of this thesis aims at leveraging the privilged position of the cloud provider who has both a more reliable view of the ressource utilisation and a more complete view of the virtual machine execution contexts compared to the limited view of cloud users, to provide better security. We propose AMAD (Abusive Virtual Machine Migration Attack Detection), a system designed for detecting an abusive use of the dynamic virtual machine migration, in the case of the abusive virtual machine migration attack. AMAD identifies the virtual machines possibly at the origin of the attack by analyzing their resource consumption profiles which show fluctuation and correlation in the usage of resources. We have implemented AMAD on top of our laboratory platform and evaluated it with the help of virtual machine resource consumption traces collected from real cloud. Our evaluation results show that AMAD identifes the attacking virtual machines with high detection accuracy

Mathematical Programming models for Cyber Attack Defense

International audienc