Final Report Survey on Cache Partition for Cloud Security Purpose

Cache-based side-channel is a behavior of cache memory which will possibly leak secret information. In cloud computing services, providers share physical resources, i.e. infrastructures, to support multi-tenancy of cloud platform, which will achieve high quality of cost efficiency, availability, and on-demand scaling. However, by sharing the infrastructure, sensitive data from individual users will leak to the public or some malicious user through hardware side-channels, such as the cache-based side-channel mentioned above. Side-channel attack through CPU-caches is usually leveraged by adversaries, such as Flush-Reload based side-channel attack in PaaS cloud computing services by Zhang et al. in 2014. By this survey, we aim at finding an effective way to mitigate the risk coming from shared cache. Recent years, concepts and techniques about cache partitioning are proposed. The general idea is to control the accessibility of running instances, such processes or VMs, to shared level cache, preventing the accessible region on the shared cache of each instance from overlapping.