Porous Alumina Template based Versatile and Controllable Direct Synthesis of Silicon nanowires

While cloud computing has facilitated easy and affordable access to IT resources, it has also introduced a wide range of security risks from almost every layer and component of cloud systems. In this paper, we focus on one risk at the virtual machine level and the co-resident attack, where by constructing various types of side channels, malicious users can obtain sensitive information from other virtual machines that co-locate on the same physical server. Most previous work has focused on the elimination of side channels, or more generally speaking, the possible countermeasures after attackers co-locate with their targets. In contrast, we provide a different perspective, and propose a defence mechanism that makes it difficult and expensive for attackers to achieve co-residence in the first place. Specifically, we first identify the potential differences between the behaviors of attackers and legal users. Second, we apply clustering analysis and semi-supervised learning techniques to classify users. Third, we model the problem as a two-player security game, and give a detailed analysis of the optimum strategies for both players. Finally, we demonstrate that the attacker's overall cost is increased dramatically by one-to-two orders of magnitude as a result of our defence mechanism.

show abstract

Whispers in the Hyper-Space: High-Bandwidth and Reliable Covert Channel Attacks Inside the Cloud

Wu¹,

Wang

2015

IEEE/ACM Trans. Networking

155

201

View full text Add to dashboard Cite

Abstract-Privacy and information security in general are major concerns that impede enterprise adaptation of shared or public cloud computing. Specifically, the concern of virtual machine (VM) physical co-residency stems from the threat that hostile tenants can leverage various forms of side channels (such as cache covert channels) to exfiltrate sensitive information of victims on the same physical system. However, on virtualized x86 systems, covert channel attacks have not yet proven to be practical, and thus the threat is widely considered a "potential risk". In this paper, we present a novel covert channel attack that is capable of high-bandwidth and reliable data transmission in the cloud. We first study the application of existing cache channel techniques in a virtualized environment, and uncover their major insufficiency and difficulties. We then overcome these obstacles by (1) redesigning a pure timing-based data transmission scheme, and (2) exploiting the memory bus as a high-bandwidth covert channel medium. We further design and implement a robust communication protocol, and demonstrate realistic covert channel attacks on various virtualized x86 systems. Our experimental results show that covert channels do pose serious threats to information security in the cloud. Finally, we discuss our insights on covert channel mitigation in virtualized environments.

show abstract

Porous Alumina Template based Versatile and Controllable Direct Synthesis of Silicon nanowires

Cited by 6 publications

References 19 publications

Architecting the Autocuckoo Filter to Defend Against Cross-Core Cache Attacks

Architecting the Autocuckoo Filter to Defend Against Cross-Core Cache Attacks

A Game Theoretical Approach to Defend Against Co-Resident Attacks in Cloud Computing: Preventing Co-Residence Using Semi-Supervised Learning

Whispers in the Hyper-Space: High-Bandwidth and Reliable Covert Channel Attacks Inside the Cloud

Contact Info

Product

Resources

About