Log In Sign Up

Dynamic Process Isolation

by   Martin Schwarzl, et al.

In the quest for efficiency and performance, edge-computing providers eliminate isolation boundaries between tenants, such as strict process isolation, and instead let them compute in a more lightweight multi-threaded single-process design. Edge-computing providers support a high number of tenants per machine to reduce the physical distance to customers without requiring a large number of machines. Isolation is provided by sandboxing mechanisms, e.g., tenants can only run sandboxed V8 JavaScript code. While this is as secure as a sandbox for software vulnerabilities, microarchitectural attacks can bypass these sandboxes. In this paper, we show that it is possible to mount a Spectre attack on such a restricted environment, leaking secrets from co-located tenants. Cloudflare Workers is one of the top three edge-computing solutions and handles millions of HTTP requests per second worldwide across tens of thousands of web sites every day. We demonstrate a remote Spectre attack using amplification techniques in combination with a remote timing server, which is capable of leaking 120 bit/h. This motivates our main contribution, Dynamic Process Isolation, a process isolation mechanism that only isolates suspicious worker scripts following a detection mechanism. In the worst case of only false positives, Dynamic Process Isolation simply degrades to process isolation. Our proof-of-concept implementation augments a real-world cloud infrastructure framework, Cloudflare Workers, which is used in production at large scale. With a false-positive rate of only 0.61 outperforms strict process isolation in terms of performance. In our security evaluation, we show that Dynamic Process Isolation statistically provides the same security guarantees as strict process isolation, fully mitigating Spectre attacks between multiple tenants.


Efficient, Dynamic Multi-tenant Edge Computation in EdgeOS

In the future, computing will be immersed in the world around us – from ...

Oakestra white paper: An Orchestrator for Edge Computing

Edge computing seeks to enable applications with strict latency requirem...

Shining Light On Shadow Stacks

Control-Flow Hijacking attacks are the dominant attack vector to comprom...

Improved security solutions for DDoS mitigation in 5G Multi-access Edge Computing

Multi-access Edge Computing (MEC) is a 5G-enabling solution that aims to...

Domain Page-Table Isolation

Modern applications often consist of different security domains that req...

A Fresh Look at the Architecture and Performance of Contemporary Isolation Platforms

With the ever-increasing pervasiveness of the cloud computing paradigm, ...

Faasm: Lightweight Isolation for Efficient Stateful Serverless Computing

Serverless computing is an excellent fit for big data processing because...