• Home

  • Documents

  • Icebergs in the Clouds - Yale UniversityA Disaster-Readiness Disaster The cloud model assumes...
19
Icebergs in the Clouds: the Other Risks of Cloud Computing Bryan Ford Yale University http://dedis.cs.yale.edu/ USENIX HotCloud, June 12, 2012

Icebergs in the Clouds - Yale UniversityA Disaster-Readiness Disaster The cloud model assumes “always-connected” – But in any disaster, connectedness is first to go Can't lookup

  • Upload
    others

  • View
    0

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Icebergs in the Clouds - Yale UniversityA Disaster-Readiness Disaster The cloud model assumes “always-connected” – But in any disaster, connectedness is first to go Can't lookup

Icebergs in the Clouds:the Other Risks of Cloud Computing

Bryan FordYale University

http://dedis.cs.yale.edu/

USENIX HotCloud, June 12, 2012

http://dedis.cs.yale.edu/
Page 2: Icebergs in the Clouds - Yale UniversityA Disaster-Readiness Disaster The cloud model assumes “always-connected” – But in any disaster, connectedness is first to go Can't lookup

Well-Known, “Immediate” Risks

● Traditional Information Security– Security of data

– Integrity of data, computation

– Personal privacy

– Malware defense

– Availability, reliability

– …

● Important, plenty more to be done, butnot what this talk is about

Page 3: Icebergs in the Clouds - Yale UniversityA Disaster-Readiness Disaster The cloud model assumes “always-connected” – But in any disaster, connectedness is first to go Can't lookup

What risks might appear thatwe're not looking at yet/enough?

Several potential risks...

1. Side-Channels

Acme Data, Inc.Crypto (AES, RSA, ...)

VMM Protection

EviltronPassive Attacker

CloudHost

key-dependent usage patterns

watch memoryaccess timing

Page 4: Icebergs in the Clouds - Yale UniversityA Disaster-Readiness Disaster The cloud model assumes “always-connected” – But in any disaster, connectedness is first to go Can't lookup

Timing Channels

The cloud exacerbates timing channel risks:

1.Routine co-residency

2.Massive parallelism

3.No intrusion alarms → hard to monitor/detect

4.Partitioning defenses defeat elasticity

“Determinating Timing Channels in Compute Clouds” [CCSW '10]

Page 5: Icebergs in the Clouds - Yale UniversityA Disaster-Readiness Disaster The cloud model assumes “always-connected” – But in any disaster, connectedness is first to go Can't lookup

Provider A (application provider)

Provider B (infrastructure provider)

VirtualServer 1

VirtualServer 2

What risks might appear thatwe're not looking at yet/enough?

Several potential risks...

1. Side-Channels

2. Reactive Stability

Loadbalancer

Poweroptimizer

feedback loop

Page 6: Icebergs in the Clouds - Yale UniversityA Disaster-Readiness Disaster The cloud model assumes “always-connected” – But in any disaster, connectedness is first to go Can't lookup

Seen this before?

BGP “dispute wheel”● uncoordinated

policies can loop

In the Cloud:● providers want

max usage, profit→ oversubscribe

● handle overloads→ swap with peers?

Cloud dispute wheels?

Credit default swaps?

Speculation, bubbles?

low

low

low

high

high

highD

A

BC

Page 7: Icebergs in the Clouds - Yale UniversityA Disaster-Readiness Disaster The cloud model assumes “always-connected” – But in any disaster, connectedness is first to go Can't lookup

Weather Forecast

● Cloudy with a chance of– Wild instabilities

– Occasional collapses

● Accidents already happen– Mogul, “Emergent (mis)behavior…” [EuroSys'06]

● But cloud computing makes this risk systemic– Control theory might help given information

– But incentives to keep algorithms secret→ no one can analyze across providers!

Page 8: Icebergs in the Clouds - Yale UniversityA Disaster-Readiness Disaster The cloud model assumes “always-connected” – But in any disaster, connectedness is first to go Can't lookup

What risks might appear thatwe're not looking at yet/enough?

Several potential risks...

1. Side-Channels

2. Reactive Stability

3. Cross-Layer Robustness

Network Provider D 99.9%

Cloud Storage Provider B Cloud Storage Provider C 99.9%99.9%

Cloud Application Provider A 99.999%

Page 9: Icebergs in the Clouds - Yale UniversityA Disaster-Readiness Disaster The cloud model assumes “always-connected” – But in any disaster, connectedness is first to go Can't lookup

Correlated Failures Already Happen

● Baltimore Howard Street Tunnel Fire of 2001– Cut a bundle of fibre optic cables serving

several major ISPs simultaneously

– Risk wasn't apparent until train blew up

Page 10: Icebergs in the Clouds - Yale UniversityA Disaster-Readiness Disaster The cloud model assumes “always-connected” – But in any disaster, connectedness is first to go Can't lookup

What risks might appear thatwe're not looking at yet/enough?

Several potential risks...

1. Side-Channels

2. Reactive Stability

3. Cross-Layer Robustness

4. The Always-Connected Assumption

Page 11: Icebergs in the Clouds - Yale UniversityA Disaster-Readiness Disaster The cloud model assumes “always-connected” – But in any disaster, connectedness is first to go Can't lookup

Ender's Game: the “Hive Mind”

USTHEMUS Mother Nature

Page 12: Icebergs in the Clouds - Yale UniversityA Disaster-Readiness Disaster The cloud model assumes “always-connected” – But in any disaster, connectedness is first to go Can't lookup

A Disaster-Readiness Disaster

● The cloud model assumes “always-connected”– But in any disaster, connectedness is first to go

● Can't lookup “CPR instructions” on Wikipedia● Can't find road out of town with Maps app● Siri may be optional now, but for how long?

– Can't launch “flashlight app” or “compass app”

● What happens to search/rescue droneswithout their ground-based logic, operators?

Page 13: Icebergs in the Clouds - Yale UniversityA Disaster-Readiness Disaster The cloud model assumes “always-connected” – But in any disaster, connectedness is first to go Can't lookup

What risks might appear thatwe're not looking at yet/enough?

Several potential risks...

1. Side-Channels

2. Reactive Stability

3. Cross-Layer Robustness

4.The Always-Connected Assumption

5. Are We the Bad Guys?

Page 14: Icebergs in the Clouds - Yale UniversityA Disaster-Readiness Disaster The cloud model assumes “always-connected” – But in any disaster, connectedness is first to go Can't lookup

In 1000 years...

Someone will still have a copy of:

Page 15: Icebergs in the Clouds - Yale UniversityA Disaster-Readiness Disaster The cloud model assumes “always-connected” – But in any disaster, connectedness is first to go Can't lookup

In 1000 years...

Will anyone still have a usable “copy” of:

Page 16: Icebergs in the Clouds - Yale UniversityA Disaster-Readiness Disaster The cloud model assumes “always-connected” – But in any disaster, connectedness is first to go Can't lookup

Non-Preservability of the Cloud

Conventional artifacts have adecentralized preservability property● Book/music/video producers must make

“complete copies” available to customers● Customers can work together to preserve

Cloud-based artifacts destroy this property● No one but the app/service provider ever has

code & data necessary to preserve history

Page 17: Icebergs in the Clouds - Yale UniversityA Disaster-Readiness Disaster The cloud model assumes “always-connected” – But in any disaster, connectedness is first to go Can't lookup

A Darker Digital Dark Age?

Many culturally important artifacts are and will increasingly be cloud-based apps & services

– But only the provider can preserve them,and usually have few/no incentives to

– Does the Library of Congress, or anyone, haveGoogle 1.0? Facebook 1.0? WoW 1.0?

– What about the blogs, tweets, or email records of the next Homer/Newton/Marx/Einstein?

Will cloud artifacts be the next “hole” in history?

Page 18: Icebergs in the Clouds - Yale UniversityA Disaster-Readiness Disaster The cloud model assumes “always-connected” – But in any disaster, connectedness is first to go Can't lookup

What risks might appear thatwe're not looking at yet/enough?

At least five potential risks...

1. Side-Channels

2. Reactive Stability

3. Cross-Layer Robustness

4.The Always-Connected Assumption

5.Non-Preservability of the Cloud

...and no doubt not the end of the list!

Page 19: Icebergs in the Clouds - Yale UniversityA Disaster-Readiness Disaster The cloud model assumes “always-connected” – But in any disaster, connectedness is first to go Can't lookup

Conclusion

What are the risks beyond information security?

What could happen if we don't address them?

What research should we do to address them?

Bryan Ford – Yale DeDiS group

http://dedis.cs.yale.edu

http://dedis.cs.yale.edu/

Beyond Icebergs: Toward A Theory of Biased Globalization ...kmatsu/Icebergs-Seminar.pdf · “Beyond Icebergs: Toward a Theory of Biased Globalization ... Exception; the Iceberg Approach,

Beyond Icebergs: Toward A Theory of Biased Globalization ...kmatsu/Icebergs-Seminar.pdf · “Beyond Icebergs: Toward a Theory of Biased Globalization ... Exception; the Iceberg Approach,

Documents
Icebergs PPP

Icebergs PPP

Documents
Beyond Icebergs - Northwestern Universitykmatsu/Icebergs... · 2005. 12. 27. · Beyond Icebergs By Kiminori Matsuyama1 Latest version: December 2005 Abstract We explore a flexible

Beyond Icebergs - Northwestern Universitykmatsu/Icebergs... · 2005. 12. 27. · Beyond Icebergs By Kiminori Matsuyama1 Latest version: December 2005 Abstract We explore a flexible

Documents
Danger – Icebergs! Tammy P. Markland. icebergs a large floating mass of ice, detached from a glacier and carried out to sea

Danger – Icebergs! Tammy P. Markland. icebergs a large floating mass of ice, detached from a glacier and carried out to sea

Documents
ANTARCTIC’S SIREN CALL: THE SOUND OF ICEBERGS · 2014. 8. 14. · ICEBERGS C19A AND B15A From late 2007 to early 2008, two large tabular icebergs, C19a (~4,500 km2 on 338, 2007)

ANTARCTIC’S SIREN CALL: THE SOUND OF ICEBERGS · 2014. 8. 14. · ICEBERGS C19A AND B15A From late 2007 to early 2008, two large tabular icebergs, C19a (~4,500 km2 on 338, 2007)

Documents
BONDI ICEBERGS CLUB LTD€¦ · PRESIDENT’S REPORT FINANCIAL REPORT 2019 2 BONDI ICEBERGS CLUB Happy 90th Anniversary Icebergs - what a year it has been! The Bondi Icebergs Club

BONDI ICEBERGS CLUB LTD€¦ · PRESIDENT’S REPORT FINANCIAL REPORT 2019 2 BONDI ICEBERGS CLUB Happy 90th Anniversary Icebergs - what a year it has been! The Bondi Icebergs Club

Documents
Incredible Icebergs

Incredible Icebergs

Documents
Stripes On Icebergs

Stripes On Icebergs

Documents
On The Tip of the Icebergs:

On The Tip of the Icebergs:

Documents
ICEBERGS IN THE NORTH ATLANTIC: MODELLING CIRCULATION ... · ICEBERGS IN THE NORTH ATLANTIC: MODELLING CIRCULATION CHANGES AND GLACIO-MARINE DEPOSITION Christian Sch¨afer-Neth

ICEBERGS IN THE NORTH ATLANTIC: MODELLING CIRCULATION ... · ICEBERGS IN THE NORTH ATLANTIC: MODELLING CIRCULATION CHANGES AND GLACIO-MARINE DEPOSITION Christian Sch¨afer-Neth

Documents
About icebergs, snakes and the Cutty Sarg

About icebergs, snakes and the Cutty Sarg

Education
Drifting Icebergs: Perceptions and Reality in Trading Costs

Drifting Icebergs: Perceptions and Reality in Trading Costs

Documents
Icebergs Project - Scene-A-RamaPaint icebergs with craft paints. Mix Snow Base and Snowflakes in a disposable cup. Dab snow mixture on top of icebergs. Using Plastic Cup and Sifter

Icebergs Project - Scene-A-RamaPaint icebergs with craft paints. Mix Snow Base and Snowflakes in a disposable cup. Dab snow mixture on top of icebergs. Using Plastic Cup and Sifter

Documents
Icebergs versus Tariffs: A Quantitative Perspective on the

Icebergs versus Tariffs: A Quantitative Perspective on the

Documents
ICEBERGS: THEIR PHYSICAL DIMENSIONS AND THE …€¦ · Physical dimensions The waterl,ne length (defined as the longest horizontal dimension at the water plane) of icebergs in Labrador

ICEBERGS: THEIR PHYSICAL DIMENSIONS AND THE …€¦ · Physical dimensions The waterl,ne length (defined as the longest horizontal dimension at the water plane) of icebergs in Labrador

Documents
MOEBIUS - Little Nemo -03- La Route Des Icebergs

MOEBIUS - Little Nemo -03- La Route Des Icebergs

Documents
3.6 Using Icebergs3.6 Using Icebergs Site preparation includes installing icebergs where they are appropriate. Icebergs are large natural objects found at your project site, such as

3.6 Using Icebergs3.6 Using Icebergs Site preparation includes installing icebergs where they are appropriate. Icebergs are large natural objects found at your project site, such as

Documents
Cultural Icebergs

Cultural Icebergs

Business
Amazing striped icebergs Icebergs in the Antarctic area sometimes have stripes, formed by layers of snow that react to different conditions. Blue stripes

Amazing striped icebergs Icebergs in the Antarctic area sometimes have stripes, formed by layers of snow that react to different conditions. Blue stripes

Documents
Icebergs for Kuwait

Icebergs for Kuwait

Documents
Icebergs and Angel Investing

Icebergs and Angel Investing

Economy & Finance
Research on Icebergs

Research on Icebergs

Documents
EXPLORING THE ICEBERGS OF ADULT LEARNING: FINDINGS OF …

EXPLORING THE ICEBERGS OF ADULT LEARNING: FINDINGS OF …

Documents
Amazing Striped Icebergs & Other Interesting Formations

Amazing Striped Icebergs & Other Interesting Formations

Documents
Icebergs in the desert

Icebergs in the desert

Business
Young-Jin Kim Young-Jin Kim Earth’s Largest Icebergs Meeting OSU, Byrd Polar May 8 th, 2005 Observing the dynamic drift of giant tabular icebergs

Young-Jin Kim Young-Jin Kim Earth’s Largest Icebergs Meeting OSU, Byrd Polar May 8 th, 2005 Observing the dynamic drift of giant tabular icebergs

Documents
Of icebergs and whales (ylt sig)

Of icebergs and whales (ylt sig)

Education
About icebergs, snakes and the Cutty Sark

About icebergs, snakes and the Cutty Sark

Education
University of Surrey, 5-6 Dec 2002 - TeSA · 2014. 7. 17. · ICEBERGS ICEBERGS: IP ConferEncing with Broadband multimedia ovER Geostationary Satellites The target of ICEBERGS is

University of Surrey, 5-6 Dec 2002 - TeSA · 2014. 7. 17. · ICEBERGS ICEBERGS: IP ConferEncing with Broadband multimedia ovER Geostationary Satellites The target of ICEBERGS is

Documents
Icebergs and Worldviews

Icebergs and Worldviews

Documents