Journal
CCS'17: PROCEEDINGS OF THE 2017 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY
Volume -, Issue -, Pages 1079-1094Publisher
ASSOC COMPUTING MACHINERY
DOI: 10.1145/3133956.3133994
Keywords
Data center; power attack; thermal side channel
Categories
Funding
- U.S. NSF [CNS-1551661, CNS-1565474, ECCS-1610471, AitF-1637598, CNS-1518941, CNS-1319820]
- Division Of Computer and Network Systems
- Direct For Computer & Info Scie & Enginr [1319820] Funding Source: National Science Foundation
Ask authors/readers for more resources
The power capacity of multi-tenant data centers is typically over-subscribed in order to increase the utilization of expensive power infrastructure. This practice can create dangerous situations and compromise data center availability if the designed power capacity is exceeded. This paper demonstrates that current safeguards are vulnerable to well-timed power attacks launched by malicious tenants (i.e., attackers). Further, we demonstrate that there is a physical side channel - a thermal side channel due to hot air recirculation that contains information about the benign tenants' runtime power usage and can enable a malicious tenant to time power attacks effectively. In particular, we design a state-augmented Kalman filter to extract this information from the side channel and guide an attacker to use its maximum power at moments that coincide with the benign tenants' high power demand, thus overloading the shared power capacity. Our experimental results show that an attacker can capture 54% of all attack opportunities, significantly compromising the data center availability. Finally, we discuss a set of possible defense strategies to safeguard the data center infrastructure against power attacks.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available