Preventing Cache-Based Side-Channel Attacks in a Cloud Environment

Author

Godfrey, Michael ; Zulkernine, Mohammad

Author_Institution

Sch. of Comput., Queen´s Univ., Kingston, ON, Canada

Volume

2

Issue

4

fYear

2014

fDate

Oct.-Dec. 1 2014

Firstpage

395

Lastpage

408

Abstract

Cloud computing is a unique technique for outsourcing and aggregating computational hardware needs. By abstracting the underlying machines cloud computing is able to share resources among multiple mutually distrusting clients. While there are numerous practical benefits to this system, this kind of resource sharing enables new forms of information leakage such as hardware side-channels. In this paper, we investigate the usage of CPU-cache based side-channels in the cloud and how they compare to traditional side-channel attacks. We go on to demonstrate that new techniques are necessary to mitigate these sorts of attacks in a cloud environment, and specify the requirements for such solutions. Finally, we design and implement two new cache-based side-channel mitigation techniques, implementing them in a state-of-the-art cloud system, and testing them against traditional cloud technology.

Keywords

cache storage; cloud computing; cryptography; resource allocation; CPU-cache based side-channels; cache-based side-channel attack prevention; cloud computing; hardware side-channel; information leakage; resource sharing; Cache storage; Cloud computing; Computer security; Context modeling; Memory management; Switches; Virtual machine monitors; CPU cache; Cloud computing; parallel side-channel; performance; security; sequential side-channel; side-channel;

fLanguage

English

Journal_Title

Cloud Computing, IEEE Transactions on

Publisher

ieee

ISSN

2168-7161

Type

jour

DOI

10.1109/TCC.2014.2358236

Filename

6899633