On the prevention of Cross-VM cache-based side channel attacks / Zakira Inayat

Zakira, Inayat (2017) On the prevention of Cross-VM cache-based side channel attacks / Zakira Inayat. PhD thesis, University of Malaya.

	PDF (The Candidate's Agreement) Restricted to Repository staff only Download (1688Kb)
Preview	PDF (Thesis PhD) Download (3452Kb) | Preview

Abstract

The state-of-the-art Cloud Computing (CC) has been commercially popular for shared resources of third party applications. A cloud platform enables to share resources among mutually distrusting CC clients and offers cost-effective, on-demand scaling. With the exponential growth of CC environment, vulnerabilities and their corresponding exploitation of the prevailing cloud resources may potentially increase. While it provides numerous benefits to the CC tenant, however, resource sharing and Virtual Machine (VM) physical co-residency raising the potential for sensitive information leakages such as side channel (SC) attacks. In particular, physical co-residency features allow attackers to communicate with another VM on the same physical machine and leak the confidential information due to inadequate logical isolation. We investigate SC attacks involving the CPU cache and identify that traditional prevention mechanisms for SC attacks are not appropriate for prevention of cross-VM cache-based SC attacks. We go on to demonstrate the prevention mechanisms, however, the existing prevention techniques either require the client to change the software or the underlying hardware and suffer from performance degradation leading to reduce cache usage and increase overhead. To address this problem and improve performance, we investigate that new technique such as dynamic cache partition is necessary to mitigate these sorts of attacks in a cloud environment which is hypervisor-based and does not need the client to change their software and the underlying hardware. Finally, we propose new hypervisor-based mitigation technique, implementing them in a state-of-the-art cloud system which guarantees the security and performance feature of the system. The proposed prevention mechanism is evaluated using various benchmarking experiments. The evaluation results show that merging our proposed method into hypervisor can prevent cross-VM cache-based SC attacks without affecting the performance of hypervisor. Our dynamic partitioned (HBP-DCP based) hypervisor improves the bearable load by increasing the number of request per second by 45% and by decreasing the average response time by 5.58%. Moreover, improve cache utilization that each VM has access to by increasing cache read/modify/write, cache read, and cache write bandwidth in combine by 53.5% and increasing the cache access time by 15.53%, as a result substantially increase the efficiency as significant.

Actions (For repository staff only : Login required)