Title :
A Server-Side Solution to Cache-Based Side-Channel Attacks in the Cloud
Author :
Godfrey, Michael ; Zulkernine, Mohammad
Author_Institution :
Sch. of Comput., Queen´s Univ., Kingston, ON, Canada
fDate :
June 28 2013-July 3 2013
Abstract :
As Cloud services become more common place, recent work have uncovered vulnerabilities unique to Cloud systems. Specifically, the paradigm promotes a risk of information leakage across virtual machine isolation via side-channels. In this paper, we investigate the current state of side-channel vulnerabilities involving the CPU cache, and identify the shortcomings of traditional defenses in a Cloud environment. We explore why solutions to non-Cloud cache-based side-channels cease to work in Cloud environments, and develop a mitigation technique applicable for Cloud security. Applying this solution to a canonical Cloud environment, we demonstrate the validity of this Cloud-specific, cache-based side-channel mitigation technique. Furthermore, we show that it can be implemented as a server-side approach to improve security without inconveniencing the client. Finally, we conduct a comparison of our solution to the current state-of-the-art.
Keywords :
cache storage; cloud computing; security of data; virtual machines; CPU cache; cache-based side-channel attack; cache-based side-channel mitigation; canonical cloud environment; cloud security; cloud services; information leakage; server-side solution; side-channel vulnerability; virtual machine isolation; Clouds; Context; Hardware; Probes; Software; Switches; Virtual machine monitors; CPU Cache; Cloud Computing; Security; Server-Side Defense; Side-Channel Attack;
Conference_Titel :
Cloud Computing (CLOUD), 2013 IEEE Sixth International Conference on
Conference_Location :
Santa Clara, CA
Print_ISBN :
978-0-7695-5028-2
DOI :
10.1109/CLOUD.2013.21
