Collaborative Research: SaTC: CORE: Medium: Targeted Microarchitectural Attacks and Defenses in Cloud Infrastructure

Cloud computing paradigms have emerged as a major facility to store and process the massive amount of data produced by various business units, public organizations, Internet-of-Things, and cyber-physical systems. The cloud scheduler is the component responsible for deciding on which computer a cloud application should run. The current design of cloud schedulers only focuses on meeting the performance requirements of submitted applications without security considerations.

The project’s novelties are: (1) understanding the security threats introduced to the cloud due to the current design of cloud schedulers and (2) designing next generation of cloud schedulers and cloud infrastructure that are both secure and meet applications’ performance requirements. The project's broader significance and importance are: (1) identifying serious security vulnerabilities in clouds that threaten the security, privacy, and availability properties of the cloud, (2) developing both software and hardware solutions to mitigate the security threats in the cloud, (3) sharing all software work products from the project with the public, (4) developing new educational material on cloud security and integrating it into classes, (5) providing research opportunities for underrepresented students.

This project is performing a comprehensive threat analysis of cloud schedulers, while also investigating defenses to harden clouds against micro-architectural attacks, i.e., attacks that exploit shared resources. Specifically, the project is exploring how cloud schedulers can be exploited by attackers to facilitate targeted micro-architectural attacks in cloud environments.

Moreover, the project is exploring two novel approaches to defend against targeted micro-architectural attacks in the cloud, which are: (1) software-based defense-in-depth approach by combining entropy-reduction techniques with attacks detection techniques, and (2) developing fine-grain schedulers that are capable of provisioning cloud infrastructure not only at the architectural level but also at the micro-architectural level in a principled way to eliminate the root cause of micro-architectural attacks.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.