A Server-Side Solution to Cache-Based Side-Channel Attacks in the Cloud

Author

Godfrey, Michael ; Zulkernine, Mohammad

Author_Institution

Sch. of Comput., Queen´s Univ., Kingston, ON, Canada

fYear

2013

fDate

June 28 2013-July 3 2013

Firstpage

163

Lastpage

170

Abstract

As Cloud services become more common place, recent work have uncovered vulnerabilities unique to Cloud systems. Specifically, the paradigm promotes a risk of information leakage across virtual machine isolation via side-channels. In this paper, we investigate the current state of side-channel vulnerabilities involving the CPU cache, and identify the shortcomings of traditional defenses in a Cloud environment. We explore why solutions to non-Cloud cache-based side-channels cease to work in Cloud environments, and develop a mitigation technique applicable for Cloud security. Applying this solution to a canonical Cloud environment, we demonstrate the validity of this Cloud-specific, cache-based side-channel mitigation technique. Furthermore, we show that it can be implemented as a server-side approach to improve security without inconveniencing the client. Finally, we conduct a comparison of our solution to the current state-of-the-art.

Keywords

cache storage; cloud computing; security of data; virtual machines; CPU cache; cache-based side-channel attack; cache-based side-channel mitigation; canonical cloud environment; cloud security; cloud services; information leakage; server-side solution; side-channel vulnerability; virtual machine isolation; Clouds; Context; Hardware; Probes; Software; Switches; Virtual machine monitors; CPU Cache; Cloud Computing; Security; Server-Side Defense; Side-Channel Attack;

fLanguage

English

Publisher

ieee

Conference_Titel

Cloud Computing (CLOUD), 2013 IEEE Sixth International Conference on

Conference_Location

Santa Clara, CA

Print_ISBN

978-0-7695-5028-2

Type

conf

DOI

10.1109/CLOUD.2013.21

Filename

6676691