Research on cache-based side-channel attacks shows the security impact of these attacks on cloud computing. Therefore, the detection of cache-based sidechannel attacks has received more attention in IaaS cloud infrastructures because of improvements in the attack techniques. However, such detection requires high resolution information, and it is also a challenging task because of the fine-granularity of the attacks. In this paper, we present an approach to detect cross-VM cache-based side-channel attacks through using hardware fine-grained information provided by Intel Cache Monitoring Technology (CMT) and Hardware Performance Counters (HPCs) following the Gaussian anomaly detection method. The approach shows a high detection rate with 2% performance overhead on the computing platform.
Component-Based Software Engineering (CBSE) does not yet fully address non-functional requirements of embedded systems. To reach this goal, we show how to extend a component model like FRACTAL with relevant abstractions such as threads, protection rings, or security domains. The FRACTAL Architecture Description Language (ADL) is extended by means of properties that tag components, bindings, and interfaces of the system architectural definition with execution schemes, dynamic reconfiguration strategies, protection and isolation patterns, or QoS features. Each extension captures a property-specific "system view" offering a sound basis to address some non-functional requirement. These extensions were experimented in the THINK framework, a C-based implementation of FRACTAL. Results show that THINK provides a generic and efficient approach to fully support these extensions thanks to a customizable toolchain.
Secure Supercloud computing aims to provide security and dependability management of distributed clouds. This approach is both user-centric and self-managed, enabling users to achieve provider independence for security management.he high maintenance costs of private datacenters and disaster-recovery requirements are causing cloud architectures to go distributed. Virtualization is expanding outside a single datacenter for compute, network, storage, and devices. Resource-specialized clouds are becoming federated, evolving from centralized to fully distributed infrastructures across heterogeneous resourcesa cloud-of-clouds-and away from the datacenter to the edge. 1,2 These new architecture paradigms present key benefits:• better user performance (for example, lower end-to-end latency) due to fine-grained geo distribution, • lower costs by choosing best-of-breed cloud providers in terms of pricing model, 3 and • improved resilience to avoid wide-area outages due to single points of failure.
The unpredictable fluctuations in computing resources, contexts, and user preferences that characterize pervasive environments have stressed the need for context-aware selfadaptive systems. So far, this research area mostly dealt exclusively with concerns related either to standard QoS or to security. Taking into account trade-offs between these two conflicting concerns is a key issue, since they both compete for the same resources. This paper presents a general adaptivity model that reconciles these two concerns. This model is formalized as a component composition selection process, where the best composition is found by reasoning on security and non-security properties of the system. Utility functions are used to quantify how a component composition alternative is appropriate in a given context, with respect to the user preferences.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.