Abstract
Resources provisioning on the cloud is problematic due to heterogeneous resources and diverse applications. The complexity of such tasks can be reduced with the aid of Machine Learning. Researchers have found, however, that machine learning poses new threats such as adversarial attacks. Based on our investigation, we found that adversarial ML can target resource provisioning systems (RPS) to perform distributed attacks. Our work proposes a fake trace generator (FTG), which can be wrapped around an adversary kernel to avoid detection by the RPS and to enable the adversary to get co-located with the victim’s virtual machine.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bazm, M.-M., Lacoste, M., Südholt, M., Menaud, J.-M.: Isolation in cloud computing infrastructures: new security challenges. Ann. Telecommun., 197–209 (2019). https://doi.org/10.1007/s12243-019-00703-z
Chiappetta, M., Savas, E., Yilmaz, C.: Real time detection of cache-based side-channel attacks using hardware performance counters. Appl. Soft Comput. 49, 1162–1174 (2016)
Delimitrou, C., Kozyrakis, C.: Quasar: resource-efficient and QoS-aware cluster management. In: ACM SIGARCH Computer Architecture News, vol. 42, pp. 127–144. ACM (2014)
Dinakarrao, S.M.P., et al.: Adversarial attack on microarchitectural events based malware detectors. In: DAC (2019)
Goodfellow, I.J., et al.: Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014)
Gupta, S., Kumar, P.: VM profile based optimized network attack pattern detection scheme for DDOS attacks in cloud. In: Thampi, S.M., Atrey, P.K., Fan, C.-I., Perez, G.M. (eds.) SSCC 2013. CCIS, vol. 377, pp. 255–261. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40576-1_25
İnci, M.S., Gulmezoglu, B., Eisenbarth, T., Sunar, B.: Co-location detection on the cloud. In: Standaert, F.-X., Oswald, E. (eds.) COSADE 2016. LNCS, vol. 9689, pp. 19–34. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-43283-0_2
Khasawneh, K.N., et al.: RHMD: evasion-resilient hardware malware detectors. In: MICRO (2017)
Liu, F., Ren, L., Bai, H.: Mitigating cross-VM side channel attack on multiple tenants cloud platform. JCP 9(4), 1005–1013 (2014)
Makrani, H.M., et al.: Adaptive performance modeling of data-intensive workloads for resource provisioning in virtualized environment. ACM Trans. Model. Perform. Eval. Comput. Syst. (TOMPECS) 5(4), 1–24 (2021)
Makrani, H.M., Sayadi, H., Motwani, D., Wang, H., Rafatirad, S., Homayoun, H.: Energy-aware and machine learning-based resource provisioning of in-memory analytics on cloud. In: Proceedings of the ACM Symposium on Cloud Computing, pp. 517–517 (2018)
Makrani, H.M., et al.: Cloak & co-locate: adversarial railroading of resource sharing-based attacks on the cloud. In: 2021 IEEE International Symposium on Secure and Private Execution Environment Design (SEED). IEEE (2021)
Mucci, P.J., Browne, S., Deane, C., Ho, G.: PAPI: a portable interface to hardware performance counters. In: Proceedings of the Department of Defense HPCMP Users Group Conference, vol. 710 (1999)
Payer, M.: HexPADS: a platform to detect “Stealth’’ attacks. In: Caballero, J., Bodden, E., Athanasopoulos, E. (eds.) ESSoS 2016. LNCS, vol. 9639, pp. 138–154. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30806-7_9
Sayadi, H., et al.: Towards accurate run-time hardware-assisted stealthy malware detection: a lightweight, yet effective time series CNN-based approach. Cryptography 5(4), 28 (2021)
Sayadi, H., et al.: Recent advancements in microarchitectural security: review of machine learning countermeasures. In: 2020 IEEE 63rd International Midwest Symposium on Circuits and Systems (MWSCAS), pp. 949–952. IEEE (2020)
Varadarajan, V., Kooburat, T., Farley, B., Ristenpart, T., Swift, M.M.: Resource-freeing attacks: improve your cloud performance (at your neighbor’s expense). In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 281–292. ACM (2012)
Wang, H., Sayadi, H., Sasan, A., Rafatirad, S., Mohsenin, T., Homayoun, H.: Comprehensive evaluation of machine learning countermeasures for detecting microarchitectural side-channel attacks. In: Proceedings of the 2020 on Great Lakes Symposium on VLSI, pp. 181–186 (2020)
Xu, Z., Wang, H., Wu, Z.: A measurement study on co-residence threat inside the cloud. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 929–944 (2015)
Yadwadkar, N., et al.: Selecting the best VM across multiple public clouds: a data-driven performance modeling approach. In: ACM SoCC (2017)
Zhang, W., et al.: A comprehensive study of co-residence threat in multi-tenant public PaaS clouds. In: Lam, K.-Y., Chi, C.-H., Qing, S. (eds.) ICICS 2016. LNCS, vol. 9977, pp. 361–375. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-50011-9_28
Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 305–316. ACM (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Makrani, H.M., Sayadi, H., Nazari, N., Homayoun, H. (2022). Security Threats in Cloud Rooted from Machine Learning-Based Resource Provisioning Systems. In: Chang, SY., Bathen, L., Di Troia, F., Austin, T.H., Nelson, A.J. (eds) Silicon Valley Cybersecurity Conference. SVCC 2021. Communications in Computer and Information Science, vol 1536. Springer, Cham. https://doi.org/10.1007/978-3-030-96057-5_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-96057-5_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-96056-8
Online ISBN: 978-3-030-96057-5
eBook Packages: Computer ScienceComputer Science (R0)