Advertisement

Wireless Personal Communications

, Volume 97, Issue 3, pp 4827–4854 | Cite as

Preventing from Cross-VM Side-Channel Attack Using New Replacement Method

  • Sandeep SaxenaEmail author
  • Goutam Sanyal
  • Shashank Srivastava
  • Ruhul Amin
Article
  • 253 Downloads

Abstract

As Cloud services are gaining importance, many recent works have discovered vulnerabilities unique to such systems. Specifically, like it promotes a risk of information leakage across virtual machine isolation via side-channels. Cloud environment allows mutually distrusting clients access to the shared hardware simultaneously, which can be termed as the main reason for a side-channel attack (SCA). This paper tries to investigate the current state of side-channel vulnerabilities involving the central processing unit cache and identifies the shortcomings of earlier defenses in a Cloud environment. Through cache-based SCA, fined grained information can be collected by attacker easily, and this information may be used by the attacker to infer meaningful results like a secret key, etc. In this article, we detect the SCA at an earlier stage through flush-reload based statistical techniques which exploit the vulnerabilities of Square and Multiply algorithm. Upon detection of SCA, we proposed random permutation function for cache mapping to hide the pattern of cache replacement policy. Additionally, we take the concept of hypothesis testing, deterministic formalism, and information theory to validate our approach.

Keywords

Side channel attack (SCA) Cloud computing Virtualization Random permutation cache 

Notes

Compliance with Ethical Standards

Conflict of interest

The authors declare that they have no conflict of interest.

References

  1. 1.
  2. 2.
    CLOUD SECURITY ALLIANCE The Treacherous 12—Cloud Computing Top Threats in 2016.Google Scholar
  3. 3.
    Osvik, D. A., Shamir, A., & Tromer, E. (2006). Cache attacks and countermeasures: The case of AES. In D. Pointcheval (Ed.), Topics in cryptology CT-RSA 2006. CT-RSA 2006. Lecture notes in computer science (Vol. 3860). Berlin: Springer.Google Scholar
  4. 4.
    Godfrey, M. M., & Zulkernine, M. (2014). Preventing cache-based side-channel attacks in a cloud environment. IEEE Transactions on Cloud Computing, 2(4), 395–408.CrossRefGoogle Scholar
  5. 5.
    Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., & Schlichting, R. (2011). An exploration of L2 cache covert channels in virtualized environments. In Proceedings of the 3rd ACM workshop on Cloud computing security workshop (CCSW ’11) (pp. 29–40). New York, NY: ACM.Google Scholar
  6. 6.
    Kim, T., Peinado, M., & Mainar-Ruiz, G. (2012). STEALTHMEM: System-level protection against cache-based side channel attacks in the cloud. In Proceedings of the 21st USENIX conference on Security symposium (Security’12) (p. 11). Berkeley, CA: USENIX Association.Google Scholar
  7. 7.
    Raj, H., Nathuji, R., Singh, A., & England, P. (2009). Resource management for isolation enhanced cloud services. In Proceedings of the 2009 ACM workshop on Cloud computing security (CCSW ’09) (pp. 77–84). New York, NY: ACM.Google Scholar
  8. 8.
    Page, D. (2003). Defending against cache-based side-channel attacks. Information Security Technical Report, 8(1), 30–44. ISSN 1363-4127.Google Scholar
  9. 9.
    Han, Y., Chan, J., Alpcan, T., & Leckie, C. (2017). Using virtual machine allocation policies to defend against co-resident attacks in cloud computing. IEEE Transactions on Dependable and Secure Computing, 14(1), 95–108.Google Scholar
  10. 10.
    Ristenpart, T., Tromer, E., Shacham, H., & Savage, S. (2009). Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on computer and communications security (CCS 09) (pp. 199–212). New York, NY: ACM.Google Scholar
  11. 11.
    Zhang, Y., Juels, A., Reiter, M. K., & Ristenpart, T. (2012). Cross-VM side channels and their use to extract private keys. In Proceedings of the 2012 ACM conference on computer and communications security (CCS 12) (pp. 305–316). New York, NY: ACM.Google Scholar
  12. 12.
    Lampson, B. W. (1973). A note on the confinement problem. Communication of ACM, 16(10), 613–615.CrossRefGoogle Scholar
  13. 13.
    Kong, J., Acicmez, O., Seifert, J.-P., & Zhou, H. (2008). Deconstructing new cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 2nd ACM workshop on computer security architectures (CSAW 08) (pp. 25–34). New York, NY: ACM.Google Scholar
  14. 14.
    Bernstein, D. J. (2005). Cache-timing attacks on AES. https://cr.yp.to/antiforgery/cachetiming-20050414.pdf.
  15. 15.
    Osvik, D. A., Shamir, A., & Tromer, E. (2005). Cache attacks and countermeasures: The case of AES. In Topics in cryptology—CT-RSA 2006, the cryptographers track at the RSA conference 2006 (p. 120).Google Scholar
  16. 16.
    Yarom, Y., & Katrina, F. (2014). FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack. In Proceedings of the 23rd USENIX conference on Security Symposium (SEC14) (pp. 719–732). Berkeley, CA: USENIX Association.Google Scholar
  17. 17.
    Gruss, D., Spreitzer, R., & Mangard, S. (2015). Cache template attacks: Automating attacks on inclusive last-level caches. In Proceedings of the 24th USENIX security symposium (pp. 897–912).Google Scholar
  18. 18.
    Gruss, D., Maurice, C., Wagner, K., & Mangard, S. (2016). Flush+Flush: A fast and stealthy cache attack. In J. Caballero, U. Zurutuza, & R. J. Rodrguez (Eds.), Proceedings of the 13th international conference on detection of intrusions and malware, and vulnerability assessment—(DIMVA 2016) (Vol. 9721). (pp. 279–299). New York, NY: Springer.Google Scholar
  19. 19.
    Wang, Z., & Lee, R. B. (2007). New cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 34th annual international symposium on computer architecture (ISCA 07) (pp. 494–505). New York, NY: ACM.Google Scholar
  20. 20.
    Kong, J., Aciicmez, O., Seifert, J.-P., & Zhou, H. (2008). Deconstructing new cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 2nd ACM workshop on computer security architectures (CSAW 08) (pp. 25–34). New York, NY: ACM.Google Scholar
  21. 21.
    Zhang, Y., Juels, A., Oprea, A., & Reiter, M. K. (2011). HomeAlone: Coresidency detection in the cloud via side-channel analysis. In 2011 IEEE symposium on security and privacy (pp. 313–328). Berkeley, CA.Google Scholar
  22. 22.
    Kim, T., Peinado, M., & Mainar-Ruiz, G. (2012). Stealthmem: System level protection against cache-based side channel attacks in the cloud. In Security12 (pp. 11–15). Berkeley, CA: USENIX Association.Google Scholar
  23. 23.
    Zhou, Z., Reiter, M. K., & Zhang, Y. (2016). A software approach to defeating side channels in last-level caches. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security (CCS ’16) (pp. 871–882). New York, NY: ACM.Google Scholar
  24. 24.
    Liu, F., et al. (2016). CATalyst: Defeating last-level cache side channel attacks in cloud computing. In 2016 IEEE international symposium on high performance computer architecture (HPCA) (pp. 406–418). Barcelona.Google Scholar
  25. 25.
    Liu, F., Yarom, Y., Ge, Q., Heiser, G., & Lee, R. B. (2015). Last-level cache side-channel attacks are practical. In 2015 IEEE symposium on security and privacy (pp. 605–622). San Jose, CA.Google Scholar
  26. 26.
    Bosman, E., Razavi, K., Bos, H., & Giuffrida, C. (2016). Dedup est machina: Memory deduplication as an advanced exploitation vector. In 2016 IEEE symposium on security and privacy (SP) (pp. 987–1004). San Jose, CA.Google Scholar
  27. 27.
    Eldib, H., Wang, C., & Schaumont, P. (2014). Formal verification of software countermeasures against side-channel attacks. ACM Transactions on Software Engineering and Methodology, 24(2), Article 11, 24 pages (2014).Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2017

Authors and Affiliations

  1. 1.NIT DurgapurDurgapurIndia
  2. 2.MNNIT AllahabadAllahabadIndia
  3. 3.Thapar UniversityPatialaIndia

Personalised recommendations