Mitigating Timing Channels in Clouds using StopWatch∗

This paper presents StopWatch , a system that defends against timing-based side-channel attacks that arise from coresidency of victims and attackers in infrastructureas-a-service clouds. StopWatch triplicates each cloudresident guest virtual machine (VM) and places replicas so that the three replicas of a guest VM are coresident with nonoverlapping sets of (replicas of) other VMs. StopWatch uses the timing of events at a VM’s replicas collectively to determine the timings observed by each one or by an external observer, so that observable timing behaviors could have been observed in the absence of any other individual, coresident VM. We detail the design and implementation of StopWatch in Xen, evaluate the factors that influence its performance, and address the problem of placing VM replicas in a cloud under the constraints of StopWatch so as to still enable adequate cloud utilization.