Title :
Preventing Cache-Based Side-Channel Attacks in a Cloud Environment
Author :
Godfrey, Michael ; Zulkernine, Mohammad
Author_Institution :
Sch. of Comput., Queen´s Univ., Kingston, ON, Canada
Abstract :
Cloud computing is a unique technique for outsourcing and aggregating computational hardware needs. By abstracting the underlying machines cloud computing is able to share resources among multiple mutually distrusting clients. While there are numerous practical benefits to this system, this kind of resource sharing enables new forms of information leakage such as hardware side-channels. In this paper, we investigate the usage of CPU-cache based side-channels in the cloud and how they compare to traditional side-channel attacks. We go on to demonstrate that new techniques are necessary to mitigate these sorts of attacks in a cloud environment, and specify the requirements for such solutions. Finally, we design and implement two new cache-based side-channel mitigation techniques, implementing them in a state-of-the-art cloud system, and testing them against traditional cloud technology.
Keywords :
cache storage; cloud computing; cryptography; resource allocation; CPU-cache based side-channels; cache-based side-channel attack prevention; cloud computing; hardware side-channel; information leakage; resource sharing; Cache storage; Cloud computing; Computer security; Context modeling; Memory management; Switches; Virtual machine monitors; CPU cache; Cloud computing; parallel side-channel; performance; security; sequential side-channel; side-channel;
Journal_Title :
Cloud Computing, IEEE Transactions on
DOI :
10.1109/TCC.2014.2358236
