DescriptionCloud computing enables flexible, scalable and high-performant solutions for services in the cloud. However, sharing hardware resources between customers introduces the risk of potential vulnerabilities in both soft- and hardware. To ensure high-performance customer requirements, cloud providers offer solutions that use in-process isolation instead of strict process isolation.
This solution uses hardware-performance counters to monitor script isolation and isolate suspicious workloads into separate processes. With Dynamic Process Isolation, we will show a middle ground between the two extremes of full process isolation and language-level isolation. Our real-world analysis shows that Dynamic Process Isolation is a lightweight solution, with a false-positive rate of only 0.61%, while achieving similar security guarantees as strict process isolation. Dynamic Process Isolation solution has been integrated into the production environment of Cloudflare Workers.
In addition, we will compare our approach to existing solutions and outline future research challenges.
|Period||13 May 2022|
|Event title||Black Hat Asia 2022|
|Location||Singapore, SingaporeShow on map|
|Degree of Recognition||International|