An exploration of L2 cache covert channels in virtualized environments

Xu, Yunjing; Bailey, Michael; Jahanian, Farnam; Joshi, Kaustubh; Hiltunen, Matti; Schlichting, Richard D.

doi:10.1145/2046660.2046670

Cited by 216 publications

(134 citation statements)

References 19 publications

(15 reference statements)

Supporting

Mentioning

133

Contrasting

Order By: Relevance

“…Ristenpart et al [5] showed that the IP machine naming conventions of cloud providers allowed adversarial users to narrow down where a victim VM resided in a large-scale cluster. Xu et al [10] and Herzberg et al [8] extended this study, resulting, in part, in cloud providers changing their naming conventions, reducing the effectiveness of network topology-based co-residency attacks. Following this evolution Varadarajan et al [9] evaluated the susceptibility of three cloud providers to VM placement attacks, and showed that techniques like virtual private clouds (VPC) render some of them ineffective.…”

Section: Related Workmentioning

confidence: 99%

Previously-Selected-Server-First based Scalable VM Placement Algorithm for Mitigating Side Channel Attacks in Cloud Computing

G¹,

Rao²,

Murthy³

2018

IJWMT

View full text Add to dashboard Cite

Pertaining to the rapid usage of cloud computing, cloud based approaches are growing as an fascinating domain for numerous malignant tasks. Security is one of the vital issues faced by the cloud computing environment while sharing resources over the internet. Consumers are facing distinct security hazards while using cloud computing platform. Previous works mainly attempted to mitigate the side channels attacks by altering the infrastructure and the internal procedures of the cloud stack. However, the deployments of these alterations are not so easy and could not resist the attacks. In this paper, the authors attempted to solve the issues by enhancing the VM Placement policies in such a way that, it is complex for the invaders to collocate their object. A secure Dynamic VM placement approach is presented for the VM allocations into different servers in the cloud. The performance comparison of the suggested methodology is shows that the proposed approach has better efficiency evaluations such as hit rate, loss rate and resource loss when compared to other V M placement policies.

show abstract

Section: Related Workmentioning

confidence: 99%

Previously-Selected-Server-First based Scalable VM Placement Algorithm for Mitigating Side Channel Attacks in Cloud Computing

G¹,

Rao²,

Murthy³

2018

IJWMT

View full text Add to dashboard Cite

show abstract

“…Shared resources, such as caches [27], CPU [28], network subsystems [29], [30], or memory management [31], [32], are not only prevalent in all modern systems, but also run the risk of being the conduit for covert channel communication.…”

Section: A Covert Channel Backgroundmentioning

confidence: 99%

Undermining Isolation Through Covert Channels in the Fiasco.OC Microkernel

Peter

Petschick

Vetter

et al. 2015

Lecture Notes in Electrical Engineering

View full text Add to dashboard Cite

Abstract-In the new age of cyberwars, system designers have come to recognize the merits of building critical systems on top of small kernels for their ability to provide strong isolation at system level. This is due to the fact that enforceable isolation is the prerequisite for any reasonable security policy. Towards this goal we examine some internals of Fiasco.OC, a microkernel of the prominent L4 family. Despite its recent success in certain highsecurity projects for governmental use, we prove that Fiasco.OC is not suited to ensure strict isolation between components meant to be separated.Unfortunately, in addition to the construction of system-wide denial of service attacks, our identified weaknesses of Fiasco.OC also allow covert channels across security perimeters with high bandwidth. We verified our results in a strong affirmative way through many practical experiments. Indeed, for all potential use cases of Fiasco.OC we implemented a full-fledged system on its respective archetypical hardware: Desktop server/workstation on AMD64 x86 CPU, Tablet on Intel Atom CPU, Smartphone on ARM Cortex A9 CPU. The measured peak channel capacities ranging from ∼13500 bits/s (Cortex-A9 device) to ∼30500 bits/s (desktop system) lay bare the feeble meaningfulness of Fiasco.OC's isolation guarantee. This proves that Fiasco.OC cannot be used as a separation kernel within high-security areas.

show abstract

“…In [34], the research focused on threats on the L2 covert channels and how these threats can be exploited or countered.…”

Section: Side-channel Attacksmentioning

confidence: 99%

Securing the Cloud: Threats, Attacks and Mitigation Techniques

Alani

2014

JACST

View full text Add to dashboard Cite

This paper is aimed to present information about the most current threats and attacks on cloud computing, as well as security measures. The paper discusses threats and attacks that are most effective on cloud computing such as data breach, data loss, service traffic hijacking..etc. The severity and effect of these attacks are discussed along with real-life examples of these attacks. The paper also suggests mitigation techniques that can be used to reduce or eliminate the risk of the threats discussed. In addition, general cloud security recommendations are given.

show abstract

An exploration of L2 cache covert channels in virtualized environments

Cited by 216 publications

References 19 publications

Previously-Selected-Server-First based Scalable VM Placement Algorithm for Mitigating Side Channel Attacks in Cloud Computing

Previously-Selected-Server-First based Scalable VM Placement Algorithm for Mitigating Side Channel Attacks in Cloud Computing

Undermining Isolation Through Covert Channels in the Fiasco.OC Microkernel

Securing the Cloud: Threats, Attacks and Mitigation Techniques

Contact Info

Product

Resources

About