Abstract
Traditionally, scheduling policies used in event schedulers have been designed to optimize performance based metrics such as throughput and delay while maintaining some notion of fairness. In multi-tenancy cloud environments, it is important to ensure privacy of the users because a scheduler creates a timing based side channel through which malicious users can learn about the service usage pattern of the others. In this chapter, we demonstrate the existence of a timing side channel in shared schedulers and discuss the design of secure scheduling policies. When a processor is shared by multiple users, the delays experienced by jobs from one user are a function of the arrival pattern of jobs from other users, and the scheduling policy of the server. Consequently, a scheduling system creates a timing side channel in which information about arrival pattern from one user is inadvertently leaked to another. In this work, this information leakage is studied for a two user scheduling system. We first introduce a measure of privacy and then demonstrate that no scheduler can provide maximum privacy without idling/taking vacations, and consequently no policy can simultaneously be delay and privacy optimal.
| Original language | English (US) |
|---|---|
| Title of host publication | High Performance Cloud Auditing and Applications |
| Publisher | Springer |
| Pages | 147-168 |
| Number of pages | 22 |
| Volume | 9781461432968 |
| ISBN (Electronic) | 9781461432968 |
| ISBN (Print) | 1461432952, 9781461432951 |
| DOIs | |
| State | Published - Nov 1 2014 |
ASJC Scopus subject areas
- General Computer Science