Yunjing Xu scite author profile

Recent exploration into the unique security challenges of cloud computing have shown that when virtual machines belonging to different customers share the same physical machine, new forms of cross-VM covert channel communication arise. In this paper, we explore one of these threats, L2 cache covert channels, and demonstrate the limits of these this threat by providing a quantification of the channel bit rates and an assessment of its ability to do harm. Through progressively refining models of cross-VM covert channels from the derived maximums, to implementable channels in the lab, and finally in Amazon EC2 itself we show how a variety of factors impact our ability to create effective channels. While we demonstrate a covert channel with considerably higher bit rate than previously reported, we assess that even at such improved rates, the harm of data exfiltration from these channels is still limited to the sharing of small, if important, secrets such as private keys.

show abstract

A Survey of Botnet Technology and Defenses

Bailey

Cooke

Jahanian

et al. 2009

164

View full text Add to dashboard Cite

The thermal-mechanical behavior of WTaMoNb high-entropy alloy via selective laser melting (SLM): experiment and simulation

Zhang

et al. 2018

Int J Adv Manuf Technol

View full text Add to dashboard Cite

CANVuS: Context-Aware Network Vulnerability Scanning

Bailey

Weele

et al. 2010

View full text Add to dashboard Cite

Workload-Aware Provisioning in Public Clouds

Musgrave

Noble

et al. 2014

IEEE Internet Comput.

View full text Add to dashboard Cite

Public cloud services rely on virtualization to support multitenancy-customers from different organizations are allowed to share the data center infrastructure. Unfortunately, today's public clouds fail to provide sufficient isolation. Hardware resources are often multiplexed between virtual machines that belong to different customers, and they can cause performance interference to each other. This article characterizes the interference on an important metric, the network latency between virtual machines, and shows that Amazon's EC2 cloud, a leading public cloud provider, suffers from a long tail latency problem. The root cause of this problem is co-scheduling of CPU-bound and latency-sensitive tasks. We leverage these observations in Bobtail, a system that allows cloud customers to proactively detect and avoid these bad neighboring virtual machines without any help from cloud service providers.

show abstract

Small is better

Bailey

Noble

et al. 2013

View full text Add to dashboard Cite

Public clouds have become a popular platform for building Internet-scale applications. Using virtualization, public cloud services grant customers full control of guest operating systems and applications, while service providers still retain the management of their host infrastructure. Because applications built with public clouds are often highly sensitive to response time, infrastructure builders strive to reduce the latency of their data center's internal network. However, most existing solutions require modification to the software stack controlled by guests. We introduce a new host-centric solution for improving latency in virtualized cloud environments. In this approach, we extend a classic scheduling principle-Shortest Remaining Time First-from the virtualization layer, through the host network stack, to the network switches. Experimental and simulation results show that our solution can reduce median latency of small flows by 40%, with improvements in the tail of almost 90%, while reducing throughput of large flows by less than 3%.

show abstract

Property‐based shadow detection and removal method for licence plate image

Gao

et al. 2020

IET Image Processing

View full text Add to dashboard Cite

China, Christianity, and the Question of Culture.

Xu¹

2015

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Yunjing Xu

An exploration of L2 cache covert channels in virtualized environments

A Survey of Botnet Technology and Defenses

The thermal-mechanical behavior of WTaMoNb high-entropy alloy via selective laser melting (SLM): experiment and simulation

CANVuS: Context-Aware Network Vulnerability Scanning

Workload-Aware Provisioning in Public Clouds

Small is better

Property‐based shadow detection and removal method for licence plate image

China, Christianity, and the Question of Culture.

Contact Info

Product

Resources

About