We present a software approach to mitigate access-driven side-channel attacks that leverage last-level caches (LLCs) shared across cores to leak information between security domains (e.g., tenants in a cloud). Our approach dynamically manages physical memory pages shared between security domains to disable sharing of LLC lines, thus preventing "FLUSH-RELOAD" side channels via LLCs. It also manages cacheability of memory pages to thwart cross-tenant "PRIME-PROBE" attacks in LLCs. We have implemented our approach as a memory management subsystem called CACHEBAR within the Linux kernel to intervene on such side channels across container boundaries, as containers are a common method for enforcing tenant isolation in Platform-as-a-Service (PaaS) clouds. Through formal verification, principled analysis, and empirical evaluation, we show that CACHEBAR achieves strong security with small performance overheads for PaaS workloads.
Noninterference is a definition of security for secret values provided to a procedure, which informally is met when attacker-observable outputs are insensitive to the value of the secret inputs or, in other words, the secret inputs do not "interfere" with those outputs. This paper describes a static analysis method to measure interference in software. In this approach, interference is assessed using the extent to which different secret inputs are consistent with different attacker-controlled inputs and attacker-observable outputs, which can be measured using a technique called model counting. Leveraging this insight, we develop a flexible interference assessment technique for which the assessment accuracy quantifiably grows with the computational effort invested in the analysis. This paper demonstrates the effectiveness of this technique through application to several case studies, including leakage of: search-engine queries through auto-complete response sizes; secrets subjected to compression together with attacker-controlled inputs; and TCP sequence numbers from shared counters.
Peer-To-Peer (P2P) file-sharing protocols have been widely used for distributing massive data over the Internet. To satisfy the requirement of P2P platforms, like BitTorrent, edge devices have to be powered on continuously to either download files or assist other peers to download files, which could lead to the wasted energy, especially for those time-insensitive files such as online games or high-definition movies. Energy problem is not only related to energy consumption, but also to economic problems in the smart grid area for P2P. In this work, we present a framework combining the Time-Of-Use (TOU) pricing model and P2P protocols in smart grid area. Peers adjust their energy consumption per unit time based on the TOU pricing model automatically, by switching between a dormant state and an active state in accordance with a time schedule sequence. Our simulation results show that our protocol is both economically efficient and energy efficient for transferring files of various sizes on different systems such as Personal Computers (PCs) and mobile devices.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.