Traditionally, scheduling policies used in event schedulers have been designed to optimize performance based metrics such as throughput and delay while maintaining some notion of fairness. In multi-tenancy cloud environments, it is important to ensure privacy of the users because a scheduler creates a timing based side channel through which malicious users can learn about the service usage pattern of the others. In this chapter, we demonstrate the existence of a timing side channel in shared schedulers and discuss the design of secure scheduling policies. When a processor is shared by multiple users, the delays experienced by jobs from one user are a function of the arrival pattern of jobs from other users, and the scheduling policy of the server. Consequently, a scheduling system creates a timing side channel in which information about arrival pattern from one user is inadvertently leaked to another. In this work, this information leakage is studied for a two user scheduling system. We first introduce a measure of privacy and then demonstrate that no scheduler can provide maximum privacy without idling/taking vacations, and consequently no policy can simultaneously be delay and privacy optimal.
|Original language||English (US)|
|Title of host publication||High Performance Cloud Auditing and Applications|
|Number of pages||22|
|ISBN (Print)||1461432952, 9781461432951|
|State||Published - Nov 1 2014|
ASJC Scopus subject areas
- Computer Science(all)