Skip to main content
SpringerLink
Log in

Preventing from Cross-VM Side-Channel Attack Using New Replacement Method

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

As Cloud services are gaining importance, many recent works have discovered vulnerabilities unique to such systems. Specifically, like it promotes a risk of information leakage across virtual machine isolation via side-channels. Cloud environment allows mutually distrusting clients access to the shared hardware simultaneously, which can be termed as the main reason for a side-channel attack (SCA). This paper tries to investigate the current state of side-channel vulnerabilities involving the central processing unit cache and identifies the shortcomings of earlier defenses in a Cloud environment. Through cache-based SCA, fined grained information can be collected by attacker easily, and this information may be used by the attacker to infer meaningful results like a secret key, etc. In this article, we detect the SCA at an earlier stage through flush-reload based statistical techniques which exploit the vulnerabilities of Square and Multiply algorithm. Upon detection of SCA, we proposed random permutation function for cache mapping to hide the pattern of cache replacement policy. Additionally, we take the concept of hypothesis testing, deterministic formalism, and information theory to validate our approach.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. http://www.usatoday.com/story/tech/2014/09/24/data-breach-companies-60/16106197/.

  2. CLOUD SECURITY ALLIANCE The Treacherous 12—Cloud Computing Top Threats in 2016.

  3. Osvik, D. A., Shamir, A., & Tromer, E. (2006). Cache attacks and countermeasures: The case of AES. In D. Pointcheval (Ed.), Topics in cryptology CT-RSA 2006. CT-RSA 2006. Lecture notes in computer science (Vol. 3860). Berlin: Springer.

    Google Scholar 

  4. Godfrey, M. M., & Zulkernine, M. (2014). Preventing cache-based side-channel attacks in a cloud environment. IEEE Transactions on Cloud Computing, 2(4), 395–408.

    Article  Google Scholar 

  5. Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., & Schlichting, R. (2011). An exploration of L2 cache covert channels in virtualized environments. In Proceedings of the 3rd ACM workshop on Cloud computing security workshop (CCSW ’11) (pp. 29–40). New York, NY: ACM.

  6. Kim, T., Peinado, M., & Mainar-Ruiz, G. (2012). STEALTHMEM: System-level protection against cache-based side channel attacks in the cloud. In Proceedings of the 21st USENIX conference on Security symposium (Security’12) (p. 11). Berkeley, CA: USENIX Association.

  7. Raj, H., Nathuji, R., Singh, A., & England, P. (2009). Resource management for isolation enhanced cloud services. In Proceedings of the 2009 ACM workshop on Cloud computing security (CCSW ’09) (pp. 77–84). New York, NY: ACM.

  8. Page, D. (2003). Defending against cache-based side-channel attacks. Information Security Technical Report, 8(1), 30–44. ISSN 1363-4127.

  9. Han, Y., Chan, J., Alpcan, T., & Leckie, C. (2017). Using virtual machine allocation policies to defend against co-resident attacks in cloud computing. IEEE Transactions on Dependable and Secure Computing, 14(1), 95–108.

    Google Scholar 

  10. Ristenpart, T., Tromer, E., Shacham, H., & Savage, S. (2009). Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on computer and communications security (CCS 09) (pp. 199–212). New York, NY: ACM.

  11. Zhang, Y., Juels, A., Reiter, M. K., & Ristenpart, T. (2012). Cross-VM side channels and their use to extract private keys. In Proceedings of the 2012 ACM conference on computer and communications security (CCS 12) (pp. 305–316). New York, NY: ACM.

  12. Lampson, B. W. (1973). A note on the confinement problem. Communication of ACM, 16(10), 613–615.

    Article  Google Scholar 

  13. Kong, J., Acicmez, O., Seifert, J.-P., & Zhou, H. (2008). Deconstructing new cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 2nd ACM workshop on computer security architectures (CSAW 08) (pp. 25–34). New York, NY: ACM.

  14. Bernstein, D. J. (2005). Cache-timing attacks on AES. https://cr.yp.to/antiforgery/cachetiming-20050414.pdf.

  15. Osvik, D. A., Shamir, A., & Tromer, E. (2005). Cache attacks and countermeasures: The case of AES. In Topics in cryptology—CT-RSA 2006, the cryptographers track at the RSA conference 2006 (p. 120).

  16. Yarom, Y., & Katrina, F. (2014). FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack. In Proceedings of the 23rd USENIX conference on Security Symposium (SEC14) (pp. 719–732). Berkeley, CA: USENIX Association.

  17. Gruss, D., Spreitzer, R., & Mangard, S. (2015). Cache template attacks: Automating attacks on inclusive last-level caches. In Proceedings of the 24th USENIX security symposium (pp. 897–912).

  18. Gruss, D., Maurice, C., Wagner, K., & Mangard, S. (2016). Flush+Flush: A fast and stealthy cache attack. In J. Caballero, U. Zurutuza, & R. J. Rodrguez (Eds.), Proceedings of the 13th international conference on detection of intrusions and malware, and vulnerability assessment—(DIMVA 2016) (Vol. 9721). (pp. 279–299). New York, NY: Springer.

  19. Wang, Z., & Lee, R. B. (2007). New cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 34th annual international symposium on computer architecture (ISCA 07) (pp. 494–505). New York, NY: ACM.

  20. Kong, J., Aciicmez, O., Seifert, J.-P., & Zhou, H. (2008). Deconstructing new cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 2nd ACM workshop on computer security architectures (CSAW 08) (pp. 25–34). New York, NY: ACM.

  21. Zhang, Y., Juels, A., Oprea, A., & Reiter, M. K. (2011). HomeAlone: Coresidency detection in the cloud via side-channel analysis. In 2011 IEEE symposium on security and privacy (pp. 313–328). Berkeley, CA.

  22. Kim, T., Peinado, M., & Mainar-Ruiz, G. (2012). Stealthmem: System level protection against cache-based side channel attacks in the cloud. In Security12 (pp. 11–15). Berkeley, CA: USENIX Association.

  23. Zhou, Z., Reiter, M. K., & Zhang, Y. (2016). A software approach to defeating side channels in last-level caches. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security (CCS ’16) (pp. 871–882). New York, NY: ACM.

  24. Liu, F., et al. (2016). CATalyst: Defeating last-level cache side channel attacks in cloud computing. In 2016 IEEE international symposium on high performance computer architecture (HPCA) (pp. 406–418). Barcelona.

  25. Liu, F., Yarom, Y., Ge, Q., Heiser, G., & Lee, R. B. (2015). Last-level cache side-channel attacks are practical. In 2015 IEEE symposium on security and privacy (pp. 605–622). San Jose, CA.

  26. Bosman, E., Razavi, K., Bos, H., & Giuffrida, C. (2016). Dedup est machina: Memory deduplication as an advanced exploitation vector. In 2016 IEEE symposium on security and privacy (SP) (pp. 987–1004). San Jose, CA.

  27. Eldib, H., Wang, C., & Schaumont, P. (2014). Formal verification of software countermeasures against side-channel attacks. ACM Transactions on Software Engineering and Methodology, 24(2), Article 11, 24 pages (2014).

Download references

Author information

Authors and Affiliations

  1. NIT Durgapur, Durgapur, West Bengal, India

    Sandeep Saxena & Goutam Sanyal

  2. MNNIT Allahabad, Allahabad, UP, India

    Shashank Srivastava

  3. Thapar University, Patiala, Punjab, India

    Ruhul Amin

Authors
  1. Sandeep Saxena
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Goutam Sanyal
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shashank Srivastava
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ruhul Amin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sandeep Saxena.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Saxena, S., Sanyal, G., Srivastava, S. et al. Preventing from Cross-VM Side-Channel Attack Using New Replacement Method. Wireless Pers Commun 97, 4827–4854 (2017). https://doi.org/10.1007/s11277-017-4753-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-017-4753-7

Keywords

Search

Navigation