StopWatch: A Cloud Architecture for Timing Channel Mitigation

StopWatch: A Cloud Architecture for Timing Channel Mitigation

This article presents StopWatch, a system that defends against timing-based side-channel attacks that arise from coresidency of victims and attackers in infrastructure-as-a-service clouds. StopWatch triplicates each cloud-resident guest virtual machine (VM) and places replicas so that the three repl...

Full description

Saved in:
Bibliographic Details
Main Authors: Li, Peng, GAO, Debin, Reiter, Michael K
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2014
Subjects:
Timing channels
clouds
replication
side channels
virtualization
Computer Sciences
Information Security
Systems Architecture
Online Access:https://ink.library.smu.edu.sg/sis_research/2525
https://ink.library.smu.edu.sg/context/sis_research/article/3525/viewcontent/tissec14.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-3525
record_format dspace
spelling sg-smu-ink.sis_research-35252015-11-17T16:31:36Z StopWatch: A Cloud Architecture for Timing Channel Mitigation Li, Peng GAO, Debin Reiter, Michael K This article presents StopWatch, a system that defends against timing-based side-channel attacks that arise from coresidency of victims and attackers in infrastructure-as-a-service clouds. StopWatch triplicates each cloud-resident guest virtual machine (VM) and places replicas so that the three replicas of a guest VM are coresident with nonoverlapping sets of (replicas of) other VMs. StopWatch uses the timing of I/O events at a VM’s replicas collectively to determine the timings observed by each one or by an external observer, so that observable timing behaviors are similarly likely in the absence of any other individual, coresident VMs. We detail the design and implementation of StopWatch in Xen, evaluate the factors that influence its performance, demonstrate its advantages relative to alternative defenses against timing side channels with commodity hardware, and address the problem of placing VM replicas in a cloud under the constraints of StopWatch so as to still enable adequate cloud utilization. 2014-11-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/2525 info:doi/10.1145/2670940 https://ink.library.smu.edu.sg/context/sis_research/article/3525/viewcontent/tissec14.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Timing channels clouds replication side channels virtualization Computer Sciences Information Security Systems Architecture
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Timing channels
clouds
replication
side channels
virtualization
Computer Sciences
Information Security
Systems Architecture
spellingShingle Timing channels
clouds
replication
side channels
virtualization
Computer Sciences
Information Security
Systems Architecture
Li, Peng
GAO, Debin
Reiter, Michael K
StopWatch: A Cloud Architecture for Timing Channel Mitigation
description This article presents StopWatch, a system that defends against timing-based side-channel attacks that arise from coresidency of victims and attackers in infrastructure-as-a-service clouds. StopWatch triplicates each cloud-resident guest virtual machine (VM) and places replicas so that the three replicas of a guest VM are coresident with nonoverlapping sets of (replicas of) other VMs. StopWatch uses the timing of I/O events at a VM’s replicas collectively to determine the timings observed by each one or by an external observer, so that observable timing behaviors are similarly likely in the absence of any other individual, coresident VMs. We detail the design and implementation of StopWatch in Xen, evaluate the factors that influence its performance, demonstrate its advantages relative to alternative defenses against timing side channels with commodity hardware, and address the problem of placing VM replicas in a cloud under the constraints of StopWatch so as to still enable adequate cloud utilization.
format text
author Li, Peng
GAO, Debin
Reiter, Michael K
author_facet Li, Peng
GAO, Debin
Reiter, Michael K
author_sort Li, Peng
title StopWatch: A Cloud Architecture for Timing Channel Mitigation
title_short StopWatch: A Cloud Architecture for Timing Channel Mitigation
title_full StopWatch: A Cloud Architecture for Timing Channel Mitigation
title_fullStr StopWatch: A Cloud Architecture for Timing Channel Mitigation
title_full_unstemmed StopWatch: A Cloud Architecture for Timing Channel Mitigation
title_sort stopwatch: a cloud architecture for timing channel mitigation
publisher Institutional Knowledge at Singapore Management University
publishDate 2014
url https://ink.library.smu.edu.sg/sis_research/2525
https://ink.library.smu.edu.sg/context/sis_research/article/3525/viewcontent/tissec14.pdf
_version_ 1770572478225055744

Similar Items