Mitigating Side-Channel Leaks in Next-Generation Cloud Systems

减少下一代云系统中的侧通道泄漏

• 批准号: RGPIN-2021-02961
• 负责人: Mehta, Aastha
• 金额: $ 2.11万
• 依托单位: University of British Columbia
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2021
• 资助国家: 加拿大
• 起止时间: 2021-01-01 至 2022-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=742302
• 关键词: Mitigating; Side; Channel; Leaks; Next

Background, literature, and recent progress Online services, such as social media, education, financial, healthcare, and e-commerce services, are increasingly hosted in public clouds. However, a growing concern among the service providers is that their sensitive data hosted in the cloud (e.g., cryptographic keys, ML algorithms, medical and financial records) can be revealed to adversaries via side channels. Side channels arise in shared physical resources (e.g., CPUs, memory, caches, network). Upcoming trends in cloud, serverless computing and hardware disaggregation, further increase fine-grained resource sharing among applications of untrusting tenants, leading to more side-channel leaks. Side-channel leaks can be broadly categorized into three classes: (i) leaks via network, (ii) leaks via access patterns of server resources, such as memory or caches, and (iii) leaks due to speculative execution in CPUs. Existing mitigation solutions for side-channel leaks either do not eliminate all leaks or are too inefficient for cloud workloads, and apply to only a limited class of applications. My recent work provides foundations for eliminating side-channel leaks via network and memory access patterns by design however, challenges to scale and generalize the solutions remain. Objective, Methodology and HQP My goal is to build secure, efficient, and general-purpose solutions to mitigate all classes of side-channel leaks by design in the next-generation cloud systems, specifically in the context of emerging trends of serverless computing and hardware disaggregation. For each class of leaks, I will first build tools to identify correlations between the application secrets and the side-channel observations and compute strategies to break the correlations. Next, I will build sound and complete mitigation systems that implement the strategies, and will empirically evaluate their security properties and performance characteristics. Over the five-year term of this Discovery Grant, I will train 2 PhD, 3 MSc, and 5 undergraduate students. These HQP will receive training in systems and security research, and in various technologies in operating systems, networking, programming languages and compiler tools, and CPU architecture. They will be able to provide valuable expertise on handling data privacy challenges in the Canadian software industry. Impact The proposed research will develop principles, methods, and tools to mitigate side-channel leaks by design, while still allowing efficient resource sharing in the next-generation cloud systems. The tools will enable cloud providers to offer a trustworthy environment for their tenants, while tenants will be able to guarantee stronger privacy for the sensitive user data they process. Furthermore, the research will provide principles for designing side-channel mitigation systems for other resource-sharing environments, such as mobile and IoT devices.

背景、文献和最新进展社交媒体、教育、金融、医疗保健和电子商务服务等在线服务越来越多地托管在公共云中。然而，服务提供商越来越担心的是，他们在云中托管的敏感数据（例如，加密密钥、ML算法、医疗和财务记录）可以通过侧信道泄露给对手。边信道出现在共享物理资源（例如，CPU、内存、缓存、网络）。云、无服务器计算和硬件分解的未来趋势进一步增加了不信任租户的应用程序之间的细粒度资源共享，导致更多的侧通道泄漏。侧通道泄漏可以大致分为三类：（i）经由网络的泄漏，（ii）经由服务器资源（诸如存储器或高速缓存）的访问模式的泄漏，以及（iii）由于CPU中的推测性执行而导致的泄漏。现有的侧通道泄漏缓解解决方案要么无法消除所有泄漏，要么对于云工作负载来说效率太低，并且仅适用于有限一类应用程序。我最近的工作为通过网络和内存访问模式通过设计消除侧通道泄漏提供了基础，但是，扩展和推广解决方案的挑战仍然存在。目标、方法和HQP我的目标是构建安全、高效和通用的解决方案，通过在下一代云系统中的设计来减轻所有类型的侧通道泄漏，特别是在无服务器计算和硬件分解的新兴趋势的背景下。对于每一类泄漏，我将首先构建工具来识别应用程序秘密和侧通道观察之间的相关性，并计算打破相关性的策略。接下来，我将建立健全和完整的缓解系统，实施战略，并将经验评估其安全属性和性能特征。在这个发现基金的五年任期内，我将培养2名博士，3名硕士和5名本科生。这些HQP将接受系统和安全研究以及操作系统、网络、编程语言和编译工具以及CPU架构等各种技术的培训。他们将能够为加拿大软件行业处理数据隐私挑战提供宝贵的专业知识。拟议的研究将开发原则、方法和工具，以通过设计来减轻侧通道泄漏，同时仍然允许在下一代云系统中进行有效的资源共享。这些工具将使云提供商能够为其租户提供值得信赖的环境，而租户将能够保证他们处理的敏感用户数据具有更强的隐私性。此外，该研究还将为其他资源共享环境（如移动的和物联网设备）设计侧信道缓解系统提供原则。