Cache-Leakage Resilient OS Isolation in an Idealized Model of Virtualization

Barthe, Gilles; Betarte, Gustavo; Campo, Juan Diego; Luna, Carlos

doi:10.1109/csf.2012.17

Cited by 27 publications

(19 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In particular, aws of the virtualisation platform in place, may constitute the guest operating system (OS) vulnerable to side-channel attacks. For example, weak isolation between host and guest OSs may lead to a side-channel attack based on cache leakage [43].…”

Section: Vulnerabilitiymentioning

confidence: 99%

Security Challenges of Small Cell as a Service in Virtualized Mobile Edge Computing Environments

Panaousis

Mouratidis

2016

Information Security Theory and Practice

View full text Add to dashboard Cite

Abstract. Research on next-generation 5G wireless networks is currently attracting a lot of attention in both academia and industry. While 5G development and standardization activities are still at their early stage, it is widely acknowledged that 5G systems are going to extensively rely on dense small cell deployments, which would exploit infrastructure and network functions virtualization (NFV), and push the network intelligence towards network edges by embracing the concept of mobile edge computing (MEC). As security will be a fundamental enabling factor of small cell as a service (SCaaS) in 5G networks, we present the most prominent threats and vulnerabilities against a broad range of targets. As far as the related work is concerned, to the best of our knowledge, this paper is the rst to investigate security challenges at the intersection of SCaaS, NFV, and MEC. It is also the rst paper that proposes a set of criteria to facilitate a clear and e ective taxonomy of security challenges of main elements of 5G networks. Our analysis can serve as a staring point towards the development of appropriate 5G security solutions. These will have crucial e ect on legal and regulatory frameworks as well as on decisions of businesses, governments, and end-users.

show abstract

Section: Vulnerabilitiymentioning

confidence: 99%

Security Challenges of Small Cell as a Service in Virtualized Mobile Edge Computing Environments

Panaousis

Mouratidis

2016

Information Security Theory and Practice

View full text Add to dashboard Cite

show abstract

“…System security In order to achieve strong isolation, Barthe et al [3] present a model of virtualization which flushes the cache upon switching between guest operating systems. Flushing the cache in such scenarios is common and does not impact the already-costly context-switch.…”

Section: Related Workmentioning

confidence: 99%

A Library for Removing Cache-Based Attacks in Concurrent Information Flow Systems

Buiras

Levy

Stefan

et al. 2014

Trustworthy Global Computing

View full text Add to dashboard Cite

Abstract. Information-flow control (IFC) is a security mechanism conceived to allow untrusted code to manipulate sensitive data without compromising confidentiality. Unfortunately, untrusted code might exploit some covert channels in order to reveal information. In this paper, we focus on the LIO concurrent IFC system. By leveraging the effects of hardware caches (e.g., the CPU cache), LIO is susceptible to attacks that leak information through the internal timing covert channel. We present a resumption-based approach to address such attacks. Resumptions provide fine-grained control over the interleaving of thread computations at the library level. Specifically, we remove cache-based attacks by enforcing that every thread yield after executing an "instruction," i.e., atomic action. Importantly, our library allows for porting the full LIO libraryour resumption approach handles local state and exceptions, both features present in LIO. To amend for performance degradations due to the library-level thread scheduling, we provides two novel primitives. First, we supply a primitive for securely executing pure code in parallel. Second, we provide developers a primitive for controlling the granularity of "instructions"; this allows developers to adjust the frequency of context switching to suit application demands.

show abstract

“…System security In order to achieve strong isolation, Barthe et al [6] present a model of virtualization which flushes the cache upon switching between guest operating systems. Different from our scenario, flushing the cache in such scenarios is common and does not impact the already-costly context-switch.…”

Section: Related Workmentioning

confidence: 99%

“…For example, modifying an algorithm implementation, as in the case of AES [7], does not naturally generalize to arbitrary untrusted code. Similarly, flushing or disabling the cache when switching protection domains, as suggested in [6,49], is prohibitively expensive in systems like Hails, where context switches occur hundreds of times per second. Finally, relying on specialized hardware, such as partitioned caches [29], which isolate the effects of one partition from code using a different partition, restricts the deployability and scalability of the solution; partitioned caches are not readily available and often cannot be partitioned to an arbitrary security lattice.…”

Section: Introductionmentioning

confidence: 99%

Eliminating Cache-Based Timing Attacks with Instruction-Based Scheduling

Stefan

Buiras

Yang

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Information flow control allows untrusted code to access sensitive and trustworthy information without leaking this information. However, the presence of covert channels subverts this security mechanism, allowing processes to communicate information in violation of IFC policies. In this paper, we show that concurrent deterministic IFC systems that use time-based scheduling are vulnerable to a cache-based internal timing channel. We demonstrate this vulnerability with a concrete attack on Hails, one particular IFC web framework. To eliminate this internal timing channel, we implement instruction-based scheduling, a new kind of scheduler that is indifferent to timing perturbations from underlying hardware components, such as the cache, TLB, and CPU buses. We show this scheduler is secure against cache-based internal timing attacks for applications using a single CPU. To show the feasibility of instruction-based scheduling, we have implemented a version of Hails that uses the CPU retired-instruction counters available on commodity Intel and AMD hardware. We show that instruction-based scheduling does not impose significant performance penalties. Additionally, we formally prove that our modifications to Hails' underlying IFC system preserve non-interference in the presence of caches.

show abstract

Cache-Leakage Resilient OS Isolation in an Idealized Model of Virtualization

Cited by 27 publications

References 38 publications

Security Challenges of Small Cell as a Service in Virtualized Mobile Edge Computing Environments

Security Challenges of Small Cell as a Service in Virtualized Mobile Edge Computing Environments

A Library for Removing Cache-Based Attacks in Concurrent Information Flow Systems

Eliminating Cache-Based Timing Attacks with Instruction-Based Scheduling

Contact Info

Product

Resources

About