Survey of randomization defenses on cloud computing
Cloud computing has changed the processing mode on resources of individuals and industries by providing computing and storage services to users. However, existing defenses on cloud, such as virtual machine monitoring and integrity detection, cannot counter against attacks result from the homogeneity...
Saved in:
Main Authors: | , , , |
---|---|
Format: | text |
Language: | Chinese |
Published: |
Institutional Knowledge at Singapore Management University
2018
|
Subjects: | |
Online Access: | https://ink.library.smu.edu.sg/sis_research/4163 https://ink.library.smu.edu.sg/context/sis_research/article/5167/viewcontent/fjm_201861591739__1_.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Singapore Management University |
Language: | Chinese |
Summary: | Cloud computing has changed the processing mode on resources of individuals and industries by providing computing and storage services to users. However, existing defenses on cloud, such as virtual machine monitoring and integrity detection, cannot counter against attacks result from the homogeneity and vulnerability of services effectively. In this paper, we have investigated the threats on cloud computing platform from the perspective of cloud service, service interface and network interface, such as code reuse attack, side channel attack and SQL injection. Code reuse attack chains code snippets (gadgets) located in binaries to bypass Data Execution Prevention (DEP). Side channel attack can infer the internal information of an application, such as the encryption key, by analyzing the interaction between the application and the execution environment. SQL injection means the attacker uses malicious SQL statements to control a web application's database server. In order to counter these threats, various randomization approaches that can be applied to cloud service, service interface and network interface have been studied and compared, including address space layout randomization, instruction-set randomization, data randomization and system service interface randomization. We classify them into two categories according to whether they need de-randomization. Those that need de-randomization are called synergetic randomization, including instruction-set randomization, data randomization and system service interface randomization, the others are called self-contained randomization. The core idea behind them is to make the attacker cannot easily guess the accurate address of the code or data in memory. Then, a multi-layered randomization model on cloud has been proposed, which can achieve the perception of randomization approaches between different service layers and the synergy between different virtual machines. We also discussed the potential problems in the actual deployment of this model, and proposed feasible ways to solve these problems. In general, services running in the upper layer need to use resources in the lower layers, so there is a need to make the upper layer know the randomization approaches used in the lower layers. In order to make different service layers can perceive what kinds of randomization approaches are used, each service layer should have its own management unit to deliver related randomization arguments, such as the name and type of the service, the randomization approach and so on. On the other hand, the same application can be randomized with different options and deployed to different virtual machines. However, it makes software patch difficult as applications in the cloud are keeping running, we cannot simply re-randomize the patched application and deploy it. Therefore, we propose an online patching approach to solve this problem. Moreover, cloud computing also has the vulnerability of buffer overflow, format string and integer overflow and so on. We propose a distributed fault diagnosis approach to capture the context of faults, such as the value of PC, registers and the call stack frame, which can be used to extract the Shellcode and the conditions that trigger the vulnerability. Finally, the security measurement and limitations of this randomization model have been analyzed, and the future research directions have been pointed out. |
---|