• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>IEEE transactions on dependable and secure computing >The Overhead from Combating Side-Channels in Cloud Systems Using VM-Scheduling
【24h】

The Overhead from Combating Side-Channels in Cloud Systems Using VM-Scheduling

机译:使用VM-Squareing在云系统中打击侧通道的开销

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Recent work suggests that scheduling, with security as a consideration, can be effective in minimizing information leakage, via side-channels, that can exist when virtual machines (VMs) co-reside in clouds. We analyze the overhead that is incurred by such an approach. We first pose and answer a fundamental question: is the problem tractable? We show that the seemingly simpler sub-cases of initial placement and migration across only two equal-capacity servers are both intractable ($mathbf {NP}ext{-hard}$NP-hard). However, a decision version of the general problem to which the optimization version is related polynomially is in $mathbf {NP}$NP. With these results as the basis, we make several other contributions. We revisit recent work that proposes a greedy algorithm for this problem, called Nomad. We establish that if $mathbf {P} ot= mathbf {NP}$P not equal NP, then there exist infinitely many classes of input, each with an infinite number of inputs, for which a decrease in information leakage is possible, but Nomad provides none, let alone minimize it. We establish also that a mapping to Integer Linear Programming (ILP) in prior work is deficient in that the mapping can be inefficient (exponential-time), and therefore does not accurately convey the overhead of such an approach that, unlike Nomad, actually decreases information leakage. We present our efficient reductions to ILP and boolean satisfiability in conjunctive normal form (CNF-SAT). We have implemented these approaches and conducted an empirical assessment using the same ILP solver as prior work, and a SAT solver. Our analytical and empirical results more accurately convey the overhead that is incurred by an approach that actually provides security (decrease in information leakage).
机译:最近的工作表明,随着安全性的调度可以有效地在最大限度地减少信息泄漏,通过侧视通道,可以在云中驻留在云中。我们分析了这种方法产生的开销。我们首先姿势和回答一个根本问题:问题是贸易吗?我们表明,只有两个相等容量服务器的初始放置和迁移的看似更简单的子情况都是难以解决的($ mathbf {np} text {-hard} $ np-start)。但是,优化版本相关的一般问题的决策版本在$ mathbf {np} $ np中。通过这些结果作为基础,我们做出了其他几个贡献。我们重新审视最近的工作,为这个问题提出了一种贪婪的算法,称为Nomad。我们确定如果$ mathbf {p} not = mathbf {np} $ p不等于np,那么无数的输入类别,每个输入的输入都具有无限数量的输入,可以降低信息泄漏的减少但是,Nomad提供无,更不用说最小化它。我们还建立了在现有工作中的整数线性编程(ILP)的映射缺乏映射可以效率低下(指数 - 时间),因此不准确地传达这种方法的开销,它与游牧品不同,实际降低信息泄漏。我们展示了对ILP的有效减少和联合正常形式(CNF-SAT)的布尔满足性。我们已经实施了这些方法,并使用与现有工作相同的ILP求解器进行了实证评估,以及SAT求解器。我们的分析和经验结果更加准确地传达了由实际提供安全性的方法产生的开销(信息泄漏减少)。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号