Determinating timing channels in compute clouds

Aviram, Amittai; Hu, Sen; Ford, Bryan; Gummadi, Ramakrishna

doi:10.1145/1866835.1866854

Cited by 93 publications

(49 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Various countermeasures to cache-based side channels (not necessarily Flush-Reload channels) have been proposed in IaaS cloud contexts [31,4,36,18,41,19,35]. However, none of these is applicable to our attacks.…”

Section: Countermeasuresmentioning

confidence: 99%

Cross-Tenant Side-Channel Attacks in PaaS Clouds

Zhang

Juels

Reiter

et al. 2014

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

269

159

View full text Add to dashboard Cite

We present a new attack framework for conducting cachebased side-channel attacks and demonstrate this framework in attacks between tenants on commercial Platform-as-aService (PaaS) clouds. Our framework uses the FlushReload attack of Gullasch et al. as a primitive, and extends this work by leveraging it within an automaton-driven strategy for tracing a victim's execution. We leverage our framework first to confirm co-location of tenants and then to extract secrets across tenant boundaries. We specifically demonstrate attacks to collect potentially sensitive application data (e.g., the number of items in a shopping cart), to hijack user accounts, and to break SAML single sign-on. To the best of our knowledge, our attacks are the first granular, cross-tenant, side-channel attacks successfully demonstrated on state-of-the-art commercial clouds, PaaS or otherwise.

show abstract

Section: Countermeasuresmentioning

confidence: 99%

Cross-Tenant Side-Channel Attacks in PaaS Clouds

Zhang

Juels

Reiter

et al. 2014

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

269

159

View full text Add to dashboard Cite

show abstract

“…In [27], there is an example of VM side-channel attack and how the attacker can infer some information about a victim. The timing side channel attack is one kind of VM side channel attacks [28]. This attack is based on determining the time needed by various computations.…”

Section: A Cross Virtual Machine(vm) Side-channel Attacksmentioning

confidence: 99%

“…This attack is based on determining the time needed by various computations. Determining this time can lead to leaking sensitive information such as described in [28]. This attack can help in leaking some sensitive information such as to the one who performs this computation or sometimes leaking information out of cloud provider itself.…”

Section: A Cross Virtual Machine(vm) Side-channel Attacksmentioning

confidence: 99%

Data Security, Privacy, Availability and Integrity in Cloud Computing: Issues and Current Solutions

Aldossary¹,

Allen²

2016

ijacsa

110

View full text Add to dashboard Cite

Abstract-Cloud computing changed the world around us. Now people are moving their data to the cloud since data is getting bigger and needs to be accessible from many devices. Therefore, storing the data on the cloud becomes a norm. However, there are many issues that counter data stored in the cloud starting from virtual machine which is the mean to share resources in cloud and ending on cloud storage itself issues. In this paper, we present those issues that are preventing people from adopting the cloud and give a survey on solutions that have been done to minimize risks of these issues. For example, the data stored in the cloud needs to be confidential, preserving integrity and available. Moreover, sharing the data stored in the cloud among many users is still an issue since the cloud service provider is untrustworthy to manage authentication and authorization. In this paper, we list issues related to data stored in cloud storage and solutions to those issues which differ from other papers which focus on cloud as general.

show abstract

“…Research on timing channels and their determination in cloud computing was conducted in [36]. This research proposed using provider-enforced deterministic execution as a replacement of resource partitioning to eliminate timing channels within a shared cloud domain.…”

Section: Side-channel Attacksmentioning

confidence: 99%

Securing the Cloud: Threats, Attacks and Mitigation Techniques

Alani

2014

JACST

View full text Add to dashboard Cite

This paper is aimed to present information about the most current threats and attacks on cloud computing, as well as security measures. The paper discusses threats and attacks that are most effective on cloud computing such as data breach, data loss, service traffic hijacking..etc. The severity and effect of these attacks are discussed along with real-life examples of these attacks. The paper also suggests mitigation techniques that can be used to reduce or eliminate the risk of the threats discussed. In addition, general cloud security recommendations are given.

show abstract

Determinating timing channels in compute clouds

Cited by 93 publications

References 37 publications

Cross-Tenant Side-Channel Attacks in PaaS Clouds

Cross-Tenant Side-Channel Attacks in PaaS Clouds

Data Security, Privacy, Availability and Integrity in Cloud Computing: Issues and Current Solutions

Securing the Cloud: Threats, Attacks and Mitigation Techniques

Contact Info

Product

Resources

About