Collaborative Research: SaTC: CORE: Medium: Targeted Microarchitectural Attacks and Defenses in Cloud Infrastructure

协作研究：SaTC：核心：中：云基础设施中的有针对性的微架构攻击和防御

• 批准号: 2155029
• 负责人: Houman Homayoun
• 金额: $ 60万
• 依托单位: University of California-Davis
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-07-01 至 2026-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2155029&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

Cloud computing paradigms have emerged as a major facility to store and process the massive amount of data produced by various business units, public organizations, Internet-of-Things, and cyber-physical systems. The cloud scheduler is the component responsible for deciding on which computer a cloud application should run. The current design of cloud schedulers only focuses on meeting the performance requirements of submitted applications without security considerations. The project’s novelties are: (1) understanding the security threats introduced to the cloud due to the current design of cloud schedulers and (2) designing next generation of cloud schedulers and cloud infrastructure that are both secure and meet applications’ performance requirements. The project's broader significance and importance are: (1) identifying serious security vulnerabilities in clouds that threaten the security, privacy, and availability properties of the cloud, (2) developing both software and hardware solutions to mitigate the security threats in the cloud, (3) sharing all software work products from the project with the public, (4) developing new educational material on cloud security and integrating it into classes, (5) providing research opportunities for underrepresented students. This project is performing a comprehensive threat analysis of cloud schedulers, while also investigating defenses to harden clouds against micro-architectural attacks, i.e., attacks that exploit shared resources. Specifically, the project is exploring how cloud schedulers can be exploited by attackers to facilitate targeted micro-architectural attacks in cloud environments. Moreover, the project is exploring two novel approaches to defend against targeted micro-architectural attacks in the cloud, which are: (1) software-based defense-in-depth approach by combining entropy-reduction techniques with attacks detection techniques, and (2) developing fine-grain schedulers that are capable of provisioning cloud infrastructure not only at the architectural level but also at the micro-architectural level in a principled way to eliminate the root cause of micro-architectural attacks.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

云计算范式已经成为存储和处理由各种业务单元、公共组织、物联网和网络物理系统产生的大量数据的主要设施。云调度程序是负责决定云应用程序应该在哪台计算机上运行的组件。目前的云计算服务器设计只关注于满足提交应用程序的性能要求，而没有考虑安全问题。该项目的创新之处是：（1）了解由于当前的云计算架构设计而引入云计算的安全威胁，以及（2）设计既安全又满足应用程序性能要求的下一代云计算架构和云基础设施。该项目更广泛的意义和重要性是：（1）识别云中威胁云的安全、隐私和可用性属性的严重安全漏洞，（2）开发软件和硬件解决方案以减轻云中的安全威胁，（3）与公众共享项目的所有软件工作产品，（4）开发有关云安全的新教材并将其融入课堂，（5）为代表性不足的学生提供研究机会。该项目正在对云服务器进行全面的威胁分析，同时还调查防御措施，以加强云对微架构攻击的防御，即，利用共享资源的攻击。具体来说，该项目正在探索攻击者如何利用云计算服务器来促进云环境中有针对性的微架构攻击。此外，该项目正在探索两种新颖的方法来防御云中有针对性的微架构攻击，这两种方法是：（1）结合熵减少技术和攻击检测技术的基于软件的深度防御方法，以及（2）开发细粒度的云计算服务器，这些服务器不仅能够在体系结构级别，而且能够在微该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。