Pacer: Efficient I/O Side-Channel Mitigation in the Cloud
An important concern for many Cloud customers is data confidentiality. Of particular concern are potential data leaks via side channels, which arise when mutually untrusted parties contend on resources such as CPUs, caches, and networks. In this talk, I will show how shared network links can be leveraged as a side channel to learn a tenant’s secrets. I will describe the tradeoffs involved in designing a practical solution for mitigating these side channels. Then I will describe our solution, Pacer, which aims to be both secure and efficient. Pacer ensures security by shaping the outgoing traffic of a tenant to make it independent of the tenant’s secrets. At the same time, Pacer permits traffic variations that reveal only public (non-secret) aspects of the tenants’ workload, thus enabling efficient sharing of network resources. Our preliminary experiments show that Pacer allows content servers to protect private aspects of their workload with practical overhead on bandwidth and latency.
I am a fifth year PhD student at the Max Planck Institute for Software Systems (MPI-SWS) and University of Saarland (UdS). I am part of the Distributed Systems Group , and Security & Privacy Group. I am co-advised by Prof. Dr. Peter Druschel and Deepak Garg. I am interested in building distributed systems with security properties. I have been working on enabling policy compliance in various data processing systems. Currently, I am working on mitigating side channels in cloud environment.
Wed 18 JulDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
14:00 - 15:30
|Peering behind the Turing Mirror|
|Hardware and Software Mitigations|
Chandler Carruth Google
|Pacer: Efficient I/O Side-Channel Mitigation in the Cloud|
Aastha Mehta MPI-SWS