Search for: All records

Cloud computing has become crucial for the commercial world due to its computational capacity, storage capabilities, scalability, software integration, and billing convenience. Initially, clouds were relatively homogeneous, but now diverse machine configurations in heterogeneous clouds are recognized for their improved application performance and energy efficiency. This shift is driven by the integration of various hardware to accommodate diverse user applications. However, alongside these advancements, security threats like micro-architectural attacks are increasing concerns for cloud providers and users. Studies like Repttack and Cloak & Co-locate highlight the vulnerability of heterogeneous clouds to co-location attacks, where attacker and victim instances are placed together. The ease of these attacks isn’t solely linked to heterogeneity but also correlates with how heterogeneous the target systems are. Despite this, no numerical metrics exist to quantify cloud heterogeneity. This article introduces the Heterogeneity Score (HeteroScore) to evaluate server setups and instances. HeteroScore significantly correlates with co-location attack security. The article also proposes strategies to balance diversity and security. This study pioneers the quantitative analysis connecting cloud heterogeneity and infrastructure security. 

The globalization of the manufacturing process and the supply chain for electronic hardware has been driven by the need to maximize profitability while lowering risk in a technologically advanced silicon sector. However, many hardware IPs’ security features have been broken because of the rise in successful hardware attacks. Existing security efforts frequently ignore numerous dangers in favor of fixing a particular vulnerability. This inspired the development of a unique method that uses emerging spin-based devices to obfuscate circuitry to secure hardware intellectual property (IP) during fabrication and the supply chain. We propose an Optimized and Automated Secure IC (OASIC) Design Flow, a defense-in-depth approach that can minimize overhead while maximizing security. Our EDA tool flow uses a dynamic obfuscation method that employs dynamic lockboxes, which include switch boxes and magnetic random access memory (MRAM)-based look-up tables (LUT) while offering minimal overhead and being flexible and resilient against modern SAT-based attacks and power side-channel attacks. An EDA tool flow for optimized lockbox insertion is also developed to generate SAT-resilient design netlists with the least power and area overhead. PPA metrics and security (SAT attack time) are provided to the designer for each lockbox insertion run. A verification methodology is provided to verify locked and unlocked designs for functional correctness. Finally, we use ISCAS’85 benchmarks to show that the EDA tool flow provides a secure hardware netlist with maximum security while considering power and area constraints. Our results indicate that the proposed OASIC design flow can maximize security while incurring less than 15% area overhead and maintaining a similar power footprint compared to the original design. OASIC design flow demonstrates improved performance as design size increases, which demonstrates the scalability of the proposed approach. 

Cloud computing has emerged as a critical part of commercial computing infrastructure due to its computing power, data storage capabilities, scalability, software/API integration, and convenient billing features. At the early stage of cloud computing, the majority of clouds are homogeneous, i.e., most machines are identical. It has been proven that heterogeneity in the cloud, where a variety of machine configurations exist, provides higher performance and power efficiency for applications. This is because heterogeneity enables applications to run in more suitable hardware/software environments. In recent years, the adoption of heterogeneous cloud has increased with the integration of a variety of hardware into cloud systems to serve the requirements of increasingly diversified user applications. At the same time, the emergence of security threats, such as micro-architectural attacks, is becoming a more critical problem for cloud users and providers. It has been demonstrated (e.g., Repttack and Cloak & Co-locate) that the prerequisite of micro-architectural attacks, the co-location of attack and victim instances, is easier to achieve in the heterogeneous cloud. This also means that the ease of attack is not just related to the heterogeneity of the cloud but increases with the degree of heterogeneity. However, there is a lack of numerical metrics to define, quantify or compare the heterogeneity of one cloud environment with another. In this paper, we propose a novel metric called Heterogeneity Score (HeteroScore), which quantitatively evaluates the heterogeneity of a cluster. We demonstrate that HeteroScore is closely connected to security against co-location attacks. Furthermore, we propose mitigation techniques to tradeoff heterogeneity offered with security. We believe this is the first quantitative study that evaluates cloud heterogeneity and links heterogeneity to infrastructure security