The Impact of Hypervisor Scheduling on Compromising Virtualized Environments

A virtualized environment (VE) is expected to provide secure logical isolation across the co-located tenants encapsulated in the virtual machines. In particular the VE should prevent covert-channels exploitation stemming from the usage of shared resources. However, as sophisticated covert-and side-channel attacks exist, the logical isolation in a VE is often considered insufficient to raise concerns about the security in VEs e.g., the Cloud. Technically, the actual feasibility of such attacks strongly depends on the specific context of the execution environment and the resource allocation schemas used in the virtualization solution. Addressing these VE aspects, we detail the effect of scheduling parameters on the noise (affecting the information leakage) in the covert-channel and empirically validate the impact on the feasibility of covert-channel attacks, using a real VE.