Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Dynamically provisioning isolation in hierarchical architectures

 
: Falzon, Kevin; Bodden, Eric

:

Lopez, J.:
Information security. 18th international conference, ISC 2015 : Trondheim, Norway, September 9-11, 2015; Proceedings
Cham: Springer International Publishing, 2015 (Lecture Notes in Computer Science 9290)
ISBN: 978-3-319-23317-8 (Print)
ISBN: 978-3-319-23318-5 (Online)
S.83-101
Information Security Conference (ISC) <18, 2015, Trondheim>
Englisch
Konferenzbeitrag
Fraunhofer SIT ()
side channels; covert channels; migration; isolation

Abstract
Physical isolation provides tenants in a cloud with strong security guarantees, yet dedicating entire machines to tenants would go against cloud computings tenet of consolidation. A fine-grained isolation model allowing tenants to request fractions of dedicated hardware can provide similar guarantees at a lower cost. In this work, we investigate the dynamic provisioning of isolation at various levels of a systems architecture, primarily at the core, cache, and machine level, as well as their virtualised equivalents. We evaluate recent technological developments, including post-copy VM migration and OS containers, and show how they assist in improving reconfiguration times and utilisation. We incorporate these concepts into a unified framework, dubbed SafeHaven, and apply it to two case studies, showing its efficacy both in a reactive, as well as an anticipatory role. Specifically, we describe its use in detecting and foiling a system-wide covert channel in a matter of seconds, and in implementing a multi-level moving target defence policy.

: http://publica.fraunhofer.de/dokumente/N-382704.html