StopWatch: A Cloud Architecture for Timing Channel Mitigation

StopWatch: A Cloud Architecture for Timing Channel Mitigation

This article presents StopWatch, a system that defends against timing-based side-channel attacks that arise from coresidency of victims and attackers in infrastructure-as-a-service clouds. StopWatch triplicates each cloud-resident guest virtual machine (VM) and places replicas so that the three repl...

全面介紹

Saved in:
書目詳細資料
Main Authors: Li, Peng, GAO, Debin, Reiter, Michael K
格式: text
語言:English
出版: Institutional Knowledge at Singapore Management University 2014
主題:
Timing channels
clouds
replication
side channels
virtualization
Computer Sciences
Information Security
Systems Architecture
在線閱讀:https://ink.library.smu.edu.sg/sis_research/2525
https://ink.library.smu.edu.sg/context/sis_research/article/3525/viewcontent/tissec14.pdf
標簽: 添加標簽
沒有標簽, 成為第一個標記此記錄!
機構: Singapore Management University
語言: English
id sg-smu-ink.sis_research-3525
record_format dspace
spelling sg-smu-ink.sis_research-35252015-11-17T16:31:36Z StopWatch: A Cloud Architecture for Timing Channel Mitigation Li, Peng GAO, Debin Reiter, Michael K This article presents StopWatch, a system that defends against timing-based side-channel attacks that arise from coresidency of victims and attackers in infrastructure-as-a-service clouds. StopWatch triplicates each cloud-resident guest virtual machine (VM) and places replicas so that the three replicas of a guest VM are coresident with nonoverlapping sets of (replicas of) other VMs. StopWatch uses the timing of I/O events at a VM’s replicas collectively to determine the timings observed by each one or by an external observer, so that observable timing behaviors are similarly likely in the absence of any other individual, coresident VMs. We detail the design and implementation of StopWatch in Xen, evaluate the factors that influence its performance, demonstrate its advantages relative to alternative defenses against timing side channels with commodity hardware, and address the problem of placing VM replicas in a cloud under the constraints of StopWatch so as to still enable adequate cloud utilization. 2014-11-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/2525 info:doi/10.1145/2670940 https://ink.library.smu.edu.sg/context/sis_research/article/3525/viewcontent/tissec14.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Timing channels clouds replication side channels virtualization Computer Sciences Information Security Systems Architecture
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Timing channels
clouds
replication
side channels
virtualization
Computer Sciences
Information Security
Systems Architecture
spellingShingle Timing channels
clouds
replication
side channels
virtualization
Computer Sciences
Information Security
Systems Architecture
Li, Peng
GAO, Debin
Reiter, Michael K
StopWatch: A Cloud Architecture for Timing Channel Mitigation
description This article presents StopWatch, a system that defends against timing-based side-channel attacks that arise from coresidency of victims and attackers in infrastructure-as-a-service clouds. StopWatch triplicates each cloud-resident guest virtual machine (VM) and places replicas so that the three replicas of a guest VM are coresident with nonoverlapping sets of (replicas of) other VMs. StopWatch uses the timing of I/O events at a VM’s replicas collectively to determine the timings observed by each one or by an external observer, so that observable timing behaviors are similarly likely in the absence of any other individual, coresident VMs. We detail the design and implementation of StopWatch in Xen, evaluate the factors that influence its performance, demonstrate its advantages relative to alternative defenses against timing side channels with commodity hardware, and address the problem of placing VM replicas in a cloud under the constraints of StopWatch so as to still enable adequate cloud utilization.
format text
author Li, Peng
GAO, Debin
Reiter, Michael K
author_facet Li, Peng
GAO, Debin
Reiter, Michael K
author_sort Li, Peng
title StopWatch: A Cloud Architecture for Timing Channel Mitigation
title_short StopWatch: A Cloud Architecture for Timing Channel Mitigation
title_full StopWatch: A Cloud Architecture for Timing Channel Mitigation
title_fullStr StopWatch: A Cloud Architecture for Timing Channel Mitigation
title_full_unstemmed StopWatch: A Cloud Architecture for Timing Channel Mitigation
title_sort stopwatch: a cloud architecture for timing channel mitigation
publisher Institutional Knowledge at Singapore Management University
publishDate 2014
url https://ink.library.smu.edu.sg/sis_research/2525
https://ink.library.smu.edu.sg/context/sis_research/article/3525/viewcontent/tissec14.pdf
_version_ 1770572478225055744

相似書籍