Cross-VM Cache-based Side Channel Attacks and Proposed Prevention Mechanisms: A Survey

The state-of-the-art Cloud Computing (CC) has been commercially popular for shared resources of third party applications. A cloud platform enables to share resources among mutually distrusting CC clients and offers cost-effective, on-demand scaling. With the exponential growth of CC environment, vul...

Full description

Bibliographic Details
Main Authors: Shahid, Anwar, Mohamad Fadli, Zolkipli, Zakira, Inayat, Jasni, Mohamad Zain, Abdullah, Gani, Nor Badrul, Anuar, Khan, Muhammad Khurram, Chang, Victor
Format: Article
Language:English
English
Published: Elsevier Ltd 2017
Subjects:
Online Access:http://umpir.ump.edu.my/id/eprint/18325/
http://umpir.ump.edu.my/id/eprint/18325/
http://umpir.ump.edu.my/id/eprint/18325/
http://umpir.ump.edu.my/id/eprint/18325/1/Cross-VM%20cache-based%20side%20channel%20attacks%20and%20proposed%20prevention%20mechanisms-%20A%20survey.pdf
http://umpir.ump.edu.my/id/eprint/18325/2/Cross-VM%20cache-based%20side%20channel%20attacks%20and%20proposed%20prevention%20mechanisms-%20A%20survey%201.pdf
id ump-18325
recordtype eprints
spelling ump-183252019-10-15T07:03:25Z http://umpir.ump.edu.my/id/eprint/18325/ Cross-VM Cache-based Side Channel Attacks and Proposed Prevention Mechanisms: A Survey Shahid, Anwar Mohamad Fadli, Zolkipli Zakira, Inayat Jasni, Mohamad Zain Abdullah, Gani Nor Badrul, Anuar Khan, Muhammad Khurram Chang, Victor QA76 Computer software The state-of-the-art Cloud Computing (CC) has been commercially popular for shared resources of third party applications. A cloud platform enables to share resources among mutually distrusting CC clients and offers cost-effective, on-demand scaling. With the exponential growth of CC environment, vulnerabilities and their corresponding exploitation of the prevailing cloud resources may potentially increase. Although CC provides numerous benefits to the cloud computing tenant. However, features namely resource sharing and Virtual Machine (VM) physical co-residency raising the potential for sensitive information leakages such as Side Channel (SC) attacks. In particular, the physical co-residency feature allows attackers to communicate with another VM on the same physical machine and leak the confidential information due to inadequate logical isolation. Unlike encryption, which protects information from being decoded by unauthorized persons, SC attacks aim to exploit the encryption systems and to hide the occurrence of communication. SC attacks were initially identified as the main threat on multi-level secure systems i.e. OS, database, and networks. More recently, the focus of the researchers has shifted toward SC attacks in CC. Since the last level cache (L2 or L3) is always shared between VM, is the most targeting device for these attacks. Therefore, the aim of this article is to explore cross-VM SC attacks involving the CPU cache and their countermeasures in CC and to compare with the traditional SC attacks and countermeasures. We categorized the SC attacks according to the hardware medium they target and exploit, the ways they access the module and the method they use to extract confidential information. We identified that traditional prevention mechanisms for SC attacks are not appropriate for prevention of cross-VM cache-based SC attacks. We also proposed countermeasures for the prevention of these attacks in order to improve security in CC. Elsevier Ltd 2017 Article PeerReviewed application/pdf en http://umpir.ump.edu.my/id/eprint/18325/1/Cross-VM%20cache-based%20side%20channel%20attacks%20and%20proposed%20prevention%20mechanisms-%20A%20survey.pdf application/pdf en http://umpir.ump.edu.my/id/eprint/18325/2/Cross-VM%20cache-based%20side%20channel%20attacks%20and%20proposed%20prevention%20mechanisms-%20A%20survey%201.pdf Shahid, Anwar and Mohamad Fadli, Zolkipli and Zakira, Inayat and Jasni, Mohamad Zain and Abdullah, Gani and Nor Badrul, Anuar and Khan, Muhammad Khurram and Chang, Victor (2017) Cross-VM Cache-based Side Channel Attacks and Proposed Prevention Mechanisms: A Survey. Journal of Network and Computer Applications, 93. pp. 259-279. ISSN 1084-8045 https://doi.org/10.1016/j.jnca.2017.06.001 DOI: 10.1016/j.jnca.2017.06.001
repository_type Digital Repository
institution_category Local University
institution Universiti Malaysia Pahang
building UMP Institutional Repository
collection Online Access
language English
English
topic QA76 Computer software
spellingShingle QA76 Computer software
Shahid, Anwar
Mohamad Fadli, Zolkipli
Zakira, Inayat
Jasni, Mohamad Zain
Abdullah, Gani
Nor Badrul, Anuar
Khan, Muhammad Khurram
Chang, Victor
Cross-VM Cache-based Side Channel Attacks and Proposed Prevention Mechanisms: A Survey
description The state-of-the-art Cloud Computing (CC) has been commercially popular for shared resources of third party applications. A cloud platform enables to share resources among mutually distrusting CC clients and offers cost-effective, on-demand scaling. With the exponential growth of CC environment, vulnerabilities and their corresponding exploitation of the prevailing cloud resources may potentially increase. Although CC provides numerous benefits to the cloud computing tenant. However, features namely resource sharing and Virtual Machine (VM) physical co-residency raising the potential for sensitive information leakages such as Side Channel (SC) attacks. In particular, the physical co-residency feature allows attackers to communicate with another VM on the same physical machine and leak the confidential information due to inadequate logical isolation. Unlike encryption, which protects information from being decoded by unauthorized persons, SC attacks aim to exploit the encryption systems and to hide the occurrence of communication. SC attacks were initially identified as the main threat on multi-level secure systems i.e. OS, database, and networks. More recently, the focus of the researchers has shifted toward SC attacks in CC. Since the last level cache (L2 or L3) is always shared between VM, is the most targeting device for these attacks. Therefore, the aim of this article is to explore cross-VM SC attacks involving the CPU cache and their countermeasures in CC and to compare with the traditional SC attacks and countermeasures. We categorized the SC attacks according to the hardware medium they target and exploit, the ways they access the module and the method they use to extract confidential information. We identified that traditional prevention mechanisms for SC attacks are not appropriate for prevention of cross-VM cache-based SC attacks. We also proposed countermeasures for the prevention of these attacks in order to improve security in CC.
format Article
author Shahid, Anwar
Mohamad Fadli, Zolkipli
Zakira, Inayat
Jasni, Mohamad Zain
Abdullah, Gani
Nor Badrul, Anuar
Khan, Muhammad Khurram
Chang, Victor
author_facet Shahid, Anwar
Mohamad Fadli, Zolkipli
Zakira, Inayat
Jasni, Mohamad Zain
Abdullah, Gani
Nor Badrul, Anuar
Khan, Muhammad Khurram
Chang, Victor
author_sort Shahid, Anwar
title Cross-VM Cache-based Side Channel Attacks and Proposed Prevention Mechanisms: A Survey
title_short Cross-VM Cache-based Side Channel Attacks and Proposed Prevention Mechanisms: A Survey
title_full Cross-VM Cache-based Side Channel Attacks and Proposed Prevention Mechanisms: A Survey
title_fullStr Cross-VM Cache-based Side Channel Attacks and Proposed Prevention Mechanisms: A Survey
title_full_unstemmed Cross-VM Cache-based Side Channel Attacks and Proposed Prevention Mechanisms: A Survey
title_sort cross-vm cache-based side channel attacks and proposed prevention mechanisms: a survey
publisher Elsevier Ltd
publishDate 2017
url http://umpir.ump.edu.my/id/eprint/18325/
http://umpir.ump.edu.my/id/eprint/18325/
http://umpir.ump.edu.my/id/eprint/18325/
http://umpir.ump.edu.my/id/eprint/18325/1/Cross-VM%20cache-based%20side%20channel%20attacks%20and%20proposed%20prevention%20mechanisms-%20A%20survey.pdf
http://umpir.ump.edu.my/id/eprint/18325/2/Cross-VM%20cache-based%20side%20channel%20attacks%20and%20proposed%20prevention%20mechanisms-%20A%20survey%201.pdf
first_indexed 2023-09-18T22:25:54Z
last_indexed 2023-09-18T22:25:54Z
_version_ 1777415963760656384