On the prevention of Cross-VM cache-based side channel attacks / Zakira Inayat
The state-of-the-art Cloud Computing (CC) has been commercially popular for shared resources of third party applications. A cloud platform enables to share resources among mutually distrusting CC clients and offers cost-effective, on-demand scaling. With the exponential growth of CC environment,...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Published: |
2017
|
| Subjects: | |
| Online Access: | http://studentsrepo.um.edu.my/8145/1/All.pdf http://studentsrepo.um.edu.my/8145/6/zakira.pdf http://studentsrepo.um.edu.my/8145/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Malaya |
| Summary: | The state-of-the-art Cloud Computing (CC) has been commercially popular for shared
resources of third party applications. A cloud platform enables to share resources among
mutually distrusting CC clients and offers cost-effective, on-demand scaling. With the
exponential growth of CC environment, vulnerabilities and their corresponding
exploitation of the prevailing cloud resources may potentially increase. While it provides
numerous benefits to the CC tenant, however, resource sharing and Virtual Machine
(VM) physical co-residency raising the potential for sensitive information leakages such
as side channel (SC) attacks. In particular, physical co-residency features allow attackers
to communicate with another VM on the same physical machine and leak the confidential
information due to inadequate logical isolation. We investigate SC attacks involving the
CPU cache and identify that traditional prevention mechanisms for SC attacks are not
appropriate for prevention of cross-VM cache-based SC attacks. We go on to demonstrate
the prevention mechanisms, however, the existing prevention techniques either require
the client to change the software or the underlying hardware and suffer from performance
degradation leading to reduce cache usage and increase overhead. To address this problem
and improve performance, we investigate that new technique such as dynamic cache
partition is necessary to mitigate these sorts of attacks in a cloud environment which is
hypervisor-based and does not need the client to change their software and the underlying
hardware. Finally, we propose new hypervisor-based mitigation technique, implementing
them in a state-of-the-art cloud system which guarantees the security and performance
feature of the system. The proposed prevention mechanism is evaluated using various
benchmarking experiments. The evaluation results show that merging our proposed method into hypervisor can prevent cross-VM cache-based SC attacks without affecting
the performance of hypervisor. Our dynamic partitioned (HBP-DCP based) hypervisor
improves the bearable load by increasing the number of request per second by 45% and
by decreasing the average response time by 5.58%. Moreover, improve cache utilization
that each VM has access to by increasing cache read/modify/write, cache read, and cache
write bandwidth in combine by 53.5% and increasing the cache access time by 15.53%,
as a result substantially increase the efficiency as significant.
|
|---|