Dynamic Process Isolation

Kogler, A. (Speaker)
Pietro Borrello (Speaker)
Martin Schwarzl (Speaker)

Institute of Applied Information Processing and Communications (7050)

Activity: Talk or presentation › Talk at conference or symposium › Science to public

Description

Cloud computing enables flexible, scalable and high-performant solutions for services in the cloud. However, sharing hardware resources between customers introduces the risk of potential vulnerabilities in both soft- and hardware. To ensure high-performance customer requirements, cloud providers offer solutions that use in-process isolation instead of strict process isolation.
Indeed, language-level isolation is used to isolate tenants on the architectural side, i.e. in the form of sandboxed V8 JavaScript isolates. While this approach enables security guarantees on the architectural side, single-process designs are susceptible to microarchitectural attacks such as Spectre attacks.

In this talk, we will present a remote Spectre attack that leaks secrets of other customers in the cloud on an edge-computing solution offering in-process language level isolation, and a defense against that attack, developed in collaboration with Cloudflare. Cloudflare Workers is one of the leading edge-computing solutions that handle millions of HTTP requests per second of tens of thousands of websites worldwide. Cloudflare Workers tries to mitigate Spectre attacks by relying on a modified V8 JavaScript sandbox that disables all known timers as well as primitives that can be abused to build timers. Using a remote timer and amplification techniques in the V8 engine, we will demonstrate a leak of 2 bit/minute in such a restricted environment. Based on the attack, we motivate our main contribution, Dynamic Process Isolation.

This solution uses hardware-performance counters to monitor script isolation and isolate suspicious workloads into separate processes. With Dynamic Process Isolation, we will show a middle ground between the two extremes of full process isolation and language-level isolation. Our real-world analysis shows that Dynamic Process Isolation is a lightweight solution, with a false-positive rate of only 0.61%, while achieving similar security guarantees as strict process isolation. Dynamic Process Isolation solution has been integrated into the production environment of Cloudflare Workers.

In addition, we will compare our approach to existing solutions and outline future research challenges.

Period	13 May 2022
Event title	Black Hat Asia 2022
Event type	Conference
Location	Singapore, SingaporeShow on map
Degree of Recognition	International

Documents & Links

https://www.youtube.com/watch?v=u1zqh-DEdVs