This project is based on the paper "Determinating Timing Channels in Compute Clouds" by Amittai Aviram, Sen Hu, and Bryan Ford of Yale University, and Ramakrishna Gummadi of the University of Massachusetts Amherst. The paper outlines a method of protecting against timing channel attacks in the cloud by using provider-enforced deterministic execution. I have implemented this defense using the research kernel Determinator, developed by DEDIS group at Yale.
The basic idea of provider-enfored determinism is that you may trust the service provider (e.g. Amazon), but you don’t necessarily trust fellow customers. If you are running on the same hardware as an adversary, it leaves you open to timing channel attacks. For example: Alice runs a cloud compute service where you can buy space and compute power on one of her machines. Bob opens an account with Alice’s service in order to process some private financial data for his company, ACME. Eve also gets an account with Alice’s service, and happens to get placed on the same machine as Bob. Bob, who is none the wiser, starts the very computationally intensive process of crunching his company’s numbers. Eve, who wishes to discover information about ACME’s finances, monitors the cache and CPU behavior of the machine that she and Bob share, and is able to glean some meaningful information from the results.
The solution to this problem that I have implemented is as follows: Cloud service providers such as Alice provide gateways, to which users submit job requests and all the necessary inputs for that job. The gateway sends the job off to be processed, and returns the results to the user. But the result is solely a function of the input. This means that Eve cannot possibly learn anything about Bob’s job, because she must submit explicit inputs, and her result will depend only on those inputs, and not any timing information from Bob.
For this project, The gateway is an Apache server running on an Ubuntu box, which communicates with the Determinator kernel via ethernet. The job is a Mandelbrot set viewer, which allows the user to pan and zoom into the Mandelbrot set. All computations are run on the Determinator kernel, which sends the results (via ethernet) back to the Gateway to be displayed to the user.