Title :
Exploring Virtual Machine Covert Channel via I/O Performance Interference
Author :
Ziye Yang ; Ping Chen
Author_Institution :
EMC Labs. China, China
Abstract :
The weakness of performance isolation in system virtualization leaks a time window for various kinds of attacks which can be leveraged by malicious users to threaten the security of the virtual machines (VMs) atop or construct hidden information channel. In this paper, we propose vLeaker, a practical covert timing channel built on fine-grained VM I/O performance interference, by which VMs co-resident in storage aspect can exchange the information with relatively high transmission speed and low data error rate. We evaluate our vLeaker system on Xen and VMware hypervisor and show that the maximal transmission rate can arrive at 125 bps on our local test bed. Moreover, the effective transmission rate ranges from 72 to 124 bps with average error rate lower than 13% under different configurations.
Keywords :
cloud computing; performance evaluation; security of data; storage management; virtual machines; virtualisation; VM security; VMware hypervisor; Xen hypervisor; average error rate; fine-grained VM input performance interference; fine-grained VM output performance interference; hidden information channel; local testbed; low data error rate; malicious users; maximal transmission rate; practical covert timing channel; system virtualization; time window; transmission speed; vLeaker; virtual machine covert channel; virtual machine security; Error analysis; Interference; Kernel; Observers; Protocols; Timing; Virtualization; VM I/O covert channel; VM I/O performance interference; VM I/O security;
Conference_Titel :
Cloud Computing and Big Data (CloudCom-Asia), 2013 International Conference on
Conference_Location :
Fuzhou
Print_ISBN :
978-1-4799-2829-3
DOI :
10.1109/CLOUDCOM-ASIA.2013.62
