Templates

USENIX Security

Preview

USENIX Security

USENIX Security paper using the official usenix style. Two-column, 13-page body + unlimited references. Includes the now-required Open Science and Ethics Considerations sections introduced in the USENIX Security 2024 CFP, plus standard threat model and responsible-disclosure sections.

Category

Conference

License

Free to use (MIT)

File

usenix-security/main.tex

main.texRead-only preview
\documentclass[letterpaper,twocolumn,10pt]{article}
\usepackage{usenix-2020-09}

\usepackage[T1]{fontenc}
\usepackage[utf8]{inputenc}
\usepackage{graphicx}
\usepackage{amsmath,amssymb}
\usepackage{booktabs}
\usepackage{url}
\usepackage[hidelinks]{hyperref}
\usepackage{listings}
\usepackage{xcolor}

\lstset{basicstyle=\ttfamily\footnotesize, columns=fullflexible, breaklines=true}

\begin{document}

\date{}

\title{\Large \bf Aegis: Practical Side-Channel Defense for\\
                   Mixed-Tenant Serverless Platforms}

\author{
{\rm First Last}\\
University of Example \\
{\tt [email protected]}
\and
{\rm Jane Doe}\\
Example Research Labs \\
{\tt [email protected]}
\and
{\rm John Smith}\\
University of Example \\
{\tt [email protected]}
}

\maketitle

\subsection*{Abstract}
Serverless platforms pack many tenants per host, making function
invocations short-lived and densely co-located. We show that this
co-location creates a new class of microarchitectural side channels
exploitable at function-invocation granularity. We present
three new attacks achieving up to 5.1 bits/second of leakage across
tenants. We then design Aegis, a defense combining noise injection,
scheduler hardening, and microarchitectural flushing that reduces
information leakage by at least 100$\times$, at a 4.8\% throughput
cost on realistic workloads. Aegis requires no application changes.
We responsibly disclosed our attacks to three major cloud providers;
patches based on our recommendations are deployed in production.

\section{Introduction}
Serverless computing challenges existing side-channel assumptions: very
short-lived, densely co-located functions amplify leakage while
shrinking the attack window. Established defenses (cache partitioning,
gang scheduling) were designed for long-lived VMs and do not map
cleanly to the serverless setting.

\paragraph{Contributions.}
\begin{itemize}
\item Three new side-channel attacks exploiting L3 contention,
  scheduler-slice inference, and NIC interrupt-rate oracles in
  serverless co-tenancy settings.
\item Aegis, a multi-layer defense with specific countermeasures for
  each attack class.
\item Measurements showing the attacks reduce to \textless 0.05 bits/s
  leakage under Aegis, at modest performance cost.
\item Responsible disclosure process and a summary of deployed
  production patches.
\end{itemize}

\section{Threat Model}
We assume a malicious tenant co-located with a victim on the same host.
The attacker has standard user privileges, no kernel or hypervisor
bugs, and can time operations with standard clock sources.

\section{New Side-Channel Attacks}
\subsection{L3 Cache Contention (Cold Start)}
During cold-start, the victim's working set is not yet loaded. We show
that timing warm-up delays from a concurrent attacker reveals up to
5.1 bits/s about the victim's code path.

\subsection{Scheduler-Slice Inference}
Linux's CFS rotates short-lived functions with predictable slice sizes.
We infer victim activity from our own scheduling gaps.

\subsection{NIC Interrupt-Rate Oracle}
Inbound traffic interrupt rates, observable via \texttt{procfs}, reveal
coarse-grained victim network activity.

\section{Aegis Design}
Aegis targets each attack with a dedicated countermeasure. Design goals
are minimal performance impact and no application changes.

\subsection{Cache Flushing on Context Switch}
At serverless scale, function-invocation context switches are frequent.
Aegis flushes relevant cache regions at function entry:
\begin{equation}
  T_{\text{flush}} = \mathcal{O}(\text{L3 size} / \text{bandwidth}).
\end{equation}

\subsection{Scheduler Hardening}
We introduce a serverless-aware scheduler that randomizes slice-boundary
phases per-tenant, breaking the timing regularity exploited by attack 2.

\subsection{Interrupt-Rate Noise Injection}
Aegis injects pseudo-random decoy interrupts to obscure genuine traffic
patterns, calibrated to keep tail latency within 5\% of baseline.

\section{Implementation}
Aegis modifies a Linux 6.x kernel (4{,}200 LOC) and a Firecracker VMM
fork (1{,}100 LOC). Source code is available at
\url{https://github.com/example/aegis}.

\section{Evaluation}
\begin{table}[t]
\centering
\small
\begin{tabular}{lcr}
\toprule
Attack & Baseline leakage & With Aegis \\
\midrule
L3 contention    & 5.1 bits/s & $<$0.02 \\
Sched inference  & 3.8 bits/s & $<$0.04 \\
NIC interrupt    & 4.3 bits/s & $<$0.05 \\
\bottomrule
\end{tabular}
\caption{Measured leakage rates on synthetic workloads.}
\end{table}

Throughput overhead on production-like workloads is 4.8\% at p50 and
6.3\% at p99.

\section{Related Work}
Cache side channels (Prime+Probe, Flush+Reload), Cloak, Catalyst,
scheduler-based defenses.

\section{Discussion and Limitations}
Our defenses assume trusted kernel and hypervisor; attacks exploiting
microarchitectural vulnerabilities below the OS are out of scope. We
also do not address voltage/frequency-based side channels.

\section{Conclusion}
Function-granularity side channels are practical to exploit and
practical to mitigate, if defenses are integrated at the scheduler and
microarchitecture level.

\section*{Ethics Considerations}
Our attacks were developed and validated in isolated testbeds. No
real user data was accessed. We followed responsible disclosure:
vulnerabilities were reported to three major cloud providers 90 days
before submission, and patches were deployed before public release.

\section*{Open Science}
Source code, attack scripts, and reproduction instructions are
available at \url{https://github.com/example/aegis}. We intentionally
omit ready-to-run attack binaries; instructions are provided to
reproduce the measurements from the published source.

\section*{Acknowledgments}
We thank the USENIX Security reviewers, our shepherd, and the
vulnerability response teams at the three cloud providers for their
cooperation during disclosure.

{\footnotesize \bibliographystyle{acm}
\bibliography{refs}}

\end{document}
Bibby Mascot

PDF Preview

Create an account to compile and preview

USENIX Security LaTeX Template | Free Download & Preview - Bibby