Eliminating Fine Grained Timers in Xen (Short Paper)

By Bhanu C. Vattikonda, Sambit Das, and Hovav Shacham.

In Proceedings of CCSW 2011. ACM Press, Oct. 2011.


The move to infrastructure-as-a-service cloud computing brings with it a new risk: cross-virtual machine side channels through shared physical resources such as the L2 cache. One approach to this risk is to rewrite sensitive code to eliminate the signal. In this paper we consider another approach: weakening malicious virtual machines' ability to receive the signal by eliminating fine-grained timers. Such “fuzzy time” was implemented in 1991 in the VAX security kernel, but it was not clear that it was applicable to modern virtual machine managers such as Xen on platforms such as the x86, which exports a cycle counter through the RDTSC instruction.

In this paper, we demonstrate that it is possible to modify the RDTSC instruction on Xen-virtualized x86 machines, making the timer provided by this instruction substantially more coarse. We perform a thorough evaluation of the impact of modifying this timer on the usability of the system, and we evaluate the limiting point of the coarseness of the timer.

Our findings open the way to a specific research program for mitigating cloud computing side channels through fuzzy time: (1) What other sources of fine-grained time are available to a malicious VM, and is it possible to degrade them? (2) What distribution of noise should be introduced to RDTSC and other timing signals to maximize the effect on malicious VMs while minimizing the effect on legitimate ones? (3) What timing resolution is actually needed to make use of L2 cache side channels?



@InProceedings{VDS11, author = {Bhanu C. Vattikonda and Sambit Das and Hovav Shacham}, title = {Eliminating Fine Grained Timers in {Xen} (Short Paper)}, booktitle = {Proceedings of CCSW 2011}, year = 2011, editor = {Tom Ristenpart and Christian Cachin}, month = oct, publisher = {ACM Press} }

Navigation: Hovav Shacham // Publications // [VDS11]