Virtualization Technology: Cross-VM Cache Side Channel Attacks make it Vulnerable
نویسندگان
چکیده
Cloud computing provides an effective business model for the deployment of IT infrastructure, platform, and software services. Often, facilities are outsourced to cloud providers and this offers the service consumer virtualization technologies without the added cost burden of development. However, virtualization introduces serious threats to service delivery such as Denial of Service (DoS) attacks, Cross-VM Cache Side Channel attacks, Hypervisor Escape and Hyper-jacking. One of the most sophisticated forms of attack is the cross-VM cache side channel attack that exploits shared cache memory between VMs. A cache side channel attack results in side channel data leakage, such as cryptographic keys. Various techniques used by the attackers to launch cache side channel attack are presented, as is a critical analysis of countermeasures against cache side channel attacks.
منابع مشابه
Pouring Cloud Virtualization Security Inside Out
In this article, virtualization security concerns in the cloud computing domain are reviewed. The focus is toward virtual machine (VM) security where attacks and vulnerabilities such as VM escape, VM hopping, cross-VM side-channel, VM-based rootkits (VMBRs), VM mobility, and VM remote are mentioned and discussed according to their relevance in the clouds. For each attack we outline how they aff...
متن کاملDefense against Cache-based Side Channel Attacks for Secure Cloud Computing
Cloud computing is a combination of various established technologies like virtualization, dynamic elasticity, broad band Internet, etc. to provide configurable computer resources as a service to the users. Resources are shared among many distrusting clients by abstracting the underlying infrastructure using virtualization. While cloud computing has many practical benefits, resource sharing in c...
متن کاملA Faster and More Realistic Flush+Reload Attack on AES
Cloud’s unrivaled cost effectiveness and on the fly operation versatility is attractive to enterprise and personal users. However, the cloud inherits a dangerous behavior from virtualization systems that poses a serious security risk: resource sharing. This work exploits a shared resource optimization technique called memory deduplication to mount a powerful known-ciphertext only cache side-cha...
متن کاملCache-based Side-channel Attacks in Multi-tenant Public Clouds and Their Countermeasures
Yinqian Zhang: Cache-based Side-Channel Attacks in Multi-Tenant Public Clouds and Their Countermeasures (Under the direction of Michael Reiter) Cloud computing is gaining traction due to the business agility, resource scalability and operational efficiency that it enables. However, the murkiness of the security assurances offered by public clouds to their tenants is one of the major impediments...
متن کاملFine grain Cross-VM Attacks on Xen and VMware are possible!
This work exposes further vulnerabilities in virtualized cloud servers by mounting Cross-VM cache attacks in Xen and VMware VMs targeting AES running in the victim VM. Even though there exists a rich literature on cache attacks on AES, so far only a single work, demonstrating a working attack on an ARM platform running a L4Re virtualization layer has been published. Here we show that AES in a n...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/1606.01356 شماره
صفحات -
تاریخ انتشار 2016