Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring

Shi, Jicheng; Song, Xiang; Chen, Haibo; Zang, Binyu

doi:10.1109/dsnw.2011.5958812

Cited by 119 publications

(56 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One way to encounter this kind of threat is to fundamentally eliminate the side channels between VMs, which is the approach taken by most previous work [9][10][11][12][13][14]. However, the proposed methods require substantial changes to be made to existing commercial platforms, and hence are impractical and not suitable for immediate deployment.…”

Section: Introductionmentioning

confidence: 93%

Virtual machine allocation policies against co-resident attacks in cloud computing

Han

Chan

Alpcan

2014

2014 IEEE International Conference on Communications (ICC)

View full text Add to dashboard Cite

While the services-based model of cloud computing makes more and more IT resources available to a wider range of customers, the massive amount of data in cloud platforms is becoming a target for malicious users. Previous studies show that attackers can co-locate their virtual machines (VMs) with target VMs on the same server, and obtain sensitive information from the victims using side channels. This paper investigates VM allocation policies and practical countermeasures against this novel kind of co-resident attack by developing a set of security metrics and a quantitative model. A security analysis of three VM allocation policies commonly used in existing cloud computing platforms reveals that the server's configuration, oversubscription and background traffic have a large impact on the ability to prevent attackers from co-locating with the targets. If the servers are properly configured, and oversubscription is enabled, the best policy is to allocate new VMs to the server with the most VMs. Based on these results, a new strategy is introduced that effectively decreases the probability of attackers achieving co-residence. The proposed solution only requires minor changes to current allocation policies, and hence can be easily integrated into existing cloud platforms to mitigate the threat of co-resident attacks.

show abstract

Section: Introductionmentioning

confidence: 93%

Virtual machine allocation policies against co-resident attacks in cloud computing

Han

Chan

Alpcan

2014

2014 IEEE International Conference on Communications (ICC)

View full text Add to dashboard Cite

show abstract

“…Later, more and more attack and defense work are conducted by researchers in this aspect. Besides the existed hardware based methods [24,25,26] to defend the CPU cache based timing channel, researchers proposed some novel approaches [11,13,12] to address the issue in the cloud environment; In the contrary, Xu et al [27] proposed the enhanced L2 Cache Covert Channels attacks that can improve the channel bit rate, they also show the limitation of CPU cache based timing channel. Independent but at the same time, Wu et al [3] proposed a practical covert channel method by exploiting the memory bus.…”

Section: Related Workmentioning

confidence: 98%

“…For example, malicious tenants can explore the CPU cache based side channel for private key extraction [2,4]. Soon after that, several approaches are provided to address the CPU cache based timing channel on virtualization platforms such as CPU cache usage detection and measurement [11], CPU cache partition [12] by dynamic page coloring, CPU cache non-sharing via system level protection [13] and etc. Meanwhile, Wu [3] et al also explores a practical memory bus based covert timing channel among resource sharing VMs.…”

Section: Introductionmentioning

confidence: 99%

Exploring Virtual Machine Covert Channel via I/O Performance Interference

Yang¹,

Chen²

2013

2013 International Conference on Cloud Computing and Big Data

View full text Add to dashboard Cite

The weakness of performance isolation in system virtualization leaks a time window for various kinds of attacks which can be leveraged by malicious users to threaten the security of the virtual machines (VMs) atop or construct hidden information channel. In this paper, we propose vLeaker, a practical covert timing channel built on fine-grained VM I/O performance interference, by which VMs co-resident in storage aspect can exchange the information with relatively high transmission speed and low data error rate. We evaluate our vLeaker system on Xen and VMware hypervisor and show that the maximal transmission rate can arrive at 125 bps on our local testbed. Moreover, the effective transmission rate ranges from 72 to 124 bps with average error rate lower than 13% under different configurations.

show abstract

“…More cloud-computing oriented research on the mitigation of side-channel attacks was introduced in [38]. This paper proposed an approach that leverages dynamic cache coloring.…”

Section: Side-channel Attacksmentioning

confidence: 99%

Securing the Cloud: Threats, Attacks and Mitigation Techniques

Alani

2014

JACST

View full text Add to dashboard Cite

This paper is aimed to present information about the most current threats and attacks on cloud computing, as well as security measures. The paper discusses threats and attacks that are most effective on cloud computing such as data breach, data loss, service traffic hijacking..etc. The severity and effect of these attacks are discussed along with real-life examples of these attacks. The paper also suggests mitigation techniques that can be used to reduce or eliminate the risk of the threats discussed. In addition, general cloud security recommendations are given.

show abstract

Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring

Cited by 119 publications

References 11 publications

Virtual machine allocation policies against co-resident attacks in cloud computing

Virtual machine allocation policies against co-resident attacks in cloud computing

Exploring Virtual Machine Covert Channel via I/O Performance Interference

Securing the Cloud: Threats, Attacks and Mitigation Techniques

Contact Info

Product

Resources

About