Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Information and Operational Technology Security Systems

IOSec 2018: Information and Operational Technology Security Systems pp 27–38Cite as

Protecting Cloud-Based CIs: Covert Channel Vulnerabilities at the Resource Level

  • Conference paper
  • First Online:

  • 660 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11398))

Abstract

Critical Infrastructures (CIs) increasingly leverage Cloud computing given its benefits of on-demand scalability, high availability and cost efficiency. However, the Cloud is typically characterized by the co-location of users from varied security domains that also use shared computing resources. This introduces a number of resource/architecture-level vulnerabilities. For example, the usage of a basic shared storage component, such as a memory cache, can expose the entire Cloud system to security risks such as covert-channel attacks. The success of these exploits depends on various execution environment properties. Thus, providing means to assess the feasibility of these attacks in a specific execution environment and enabling postmortem analysis is needed.

While attacks at the architectural level represent a potent vulnerability to exfiltrate information, the low-level often get neglected with techniques such as intrusion detection focused more on the high-level network/middleware threats. Interestingly, cache-based covert-channel attacks are typically not detectable by traditional intrusion detection systems as covert channels do not obey any access rights or other security policies. This paper focuses on the information provided at the low architectural level to cope with the cache-based covert-channel threat. We propose the usage of feasibility metrics collected at the low level to monitor the core-private cache covert channel and, infer information regarding the probability of a covert-channel exploit happening. We also illustrate the applicability of the proposed feasibility metrics in a use case.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    CCAs and SCAs represent a threat to the Cloud settings despite the presumed secure isolation among the Cloud users.

  2. 2.

    The terms covert channel and side channel are used interchangeably within the paper.

References

  1. Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side—channel(s). In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_4

    Chapter  Google Scholar 

  2. Gartner, Inc.: Why a No-Cloud Policy Will Become Extinct (2016). https://www.gartner.com/smarterwithgartner/cloud-computing-predicts/. Accessed 10 July 2018

  3. Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. Cryptology ePrint Archive, Report 2013/857 (2013). http://eprint.iacr.org/

  4. HIMMS Analytics: 2014 HIMMS Analytics Cloud Survey (2014). https://www.himss.org/file/1308371/download?token=CBkkly5K. Accessed 07 July 2018

  5. Hlavacs, H., Treutner, T., Gelas, J.P., Lefevre, L., Orgerie, A.C.: Energy consumption side-channel attack at virtual machines in a cloud. In: Proceedings of the 2011 IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2011), pp. 605–612 (2011)

    Google Scholar 

  6. Hu, W.M.: Reducing timing channels with fuzzy time. In: Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 8–20, May 1991

    Google Scholar 

  7. Hu, W.M.: Lattice scheduling and covert channels. In: Proceedings of the 1992 IEEE Symposium on Security and Privacy, SP 1992, pp. 52–61. IEEE Computer Society, Washington (1992). http://dl.acm.org/citation.cfm?id=882488.884165

  8. Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Wait a minute! A fast, cross-VM attack on AES. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 299–319. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11379-1_15

    Chapter  Google Scholar 

  9. Kerrisk, M.: The Linux man-pages project (2013). http://man7.org/linux/man-pages/man7/sched.7.html. Accessed 02 July 2018

  10. Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: Proceedings of the 2015 IEEE Symposium on Security and Privacy, SP 2015, pp. 605–622. IEEE Computer Society, Washington, May 2015

    Google Scholar 

  11. Maurice, C., et al.: Hello from the other side: SSH over robust cache covert channels in the cloud. In: Proceedings of the 24th Annual Network and Distributed System Security Symposium, NDSS 2017 (2017)

    Google Scholar 

  12. Maurice, C., Neumann, C., Heen, O., Francillon, A.: C5: cross-cores cache covert channel. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 46–64. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_3

    Chapter  Google Scholar 

  13. Maurice, C., Le Scouarnec, N., Neumann, C., Heen, O., Francillon, A.: Reverse engineering intel last-level cache complex addressing using performance counters. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 48–65. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26362-5_3

    Chapter  Google Scholar 

  14. Mendelson, A., Suri, N.: Designing high-performance and reliable superscalar architectures: the out of order reliable superscalar (O3RS) Approach. In: Proceedings of the International Conference on Dependable Systems and Networks, DSN 2000, pp. 473–481. IEEE Computer Society, June 2000

    Google Scholar 

  15. Messerges, T., Dabbish, E., Sloan, R.: Investigations of power analysis attacks on smartcards. In: Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology, WOST 1999, p. 17. USENIX Association, Berkeley (1999)

    Google Scholar 

  16. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, You, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 199–212. ACM, New York (2009)

    Google Scholar 

  17. Timor, A., Mendelson, A., Birk, Y., Suri, N.: Using underutilized CPU resources to enhance its reliability. IEEE Trans. Dependable Secure Comput. 7(1), 94–109 (2010)

    Article  Google Scholar 

  18. Varadarajan, V., Ristenpart, T., Swift, M.: Scheduler-based defenses against cross-VM side-channels. In: Proceedings of the 23rd USENIX Security Symposium, USENIX Security 2014, pp. 687–702. USENIX Association, San Diego (2014)

    Google Scholar 

  19. Vateva-Gurova, T., Luna, J., Pellegrino, G., Suri, N.: Towards a framework for assessing the feasibility of side-channel attacks in virtualized environments. In: Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, ICETE 2014, pp. 113–124. SciTePress (2014)

    Google Scholar 

  20. Vateva-Gurova, T., Suri, N., Mendelson, A.: The impact of hypervisor scheduling on compromising virtualized environments. In: Proceedings of the 2015 IEEE International Conference on Dependable, Autonomic and Secure Computing, DASC 2015, pp. 1910–1917 (2015)

    Google Scholar 

  21. VMware: additional transparent page sharing management capabilities and new default settings. Technical report 2097593, VMware. https://kb.vmware.com/s/article/2097593. Accessed 07 June 2018

  22. VMware: security considerations and disallowing inter-virtual machine transparent page sharing. Technical report 2080735, VMware. https://kb.vmware.com/s/article/2080735. Accessed 07 June 2018

  23. Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., Schlichting, R.: An exploration of L2 cache covert channels in virtualized environments. In: Proceedings of the Workshop on Cloud Computing Security, pp. 29–40 (2011)

    Google Scholar 

  24. Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: Proceedings of the 23rd USENIX Security Symposium, USENIX Security 2014, pp. 719–732. USENIX Association, San Diego (2014)

    Google Scholar 

  25. Yarom, Y., Ge, Q., Liu, F., Lee, R.B., Heiser, G.: Mapping the intel last-level cache. IACR Cryptology ePrint Archive 2015, 905 (2015)

    Google Scholar 

  26. Zhang, Y., Juels, A., Reiter, M., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 305–316. ACM, New York (2012)

    Google Scholar 

Download references

Acknowledgements

Research supported in part by EC NECS GA#675320 and CIPSEC GA#700378.

Author information

Authors and Affiliations

  1. CS Department, Technische Universität Darmstadt, Darmstadt, Germany

    Tsvetoslava Vateva-Gurova, Salman Manzoor & Neeraj Suri

  2. Atos Research and Innovation, Madrid, Spain

    Ruben Trapero

Authors
  1. Tsvetoslava Vateva-Gurova
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Salman Manzoor
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ruben Trapero
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Neeraj Suri
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tsvetoslava Vateva-Gurova .

Editor information

Editors and Affiliations

  1. University of Patras, Patras, Greece

    Apostolos P. Fournaris

  2. University of Patras, Patras, Greece

    Konstantinos Lampropoulos

  3. Advanced Network Architectures Lab, Barcelona, Spain

    Eva Marín Tordera

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Vateva-Gurova, T., Manzoor, S., Trapero, R., Suri, N. (2019). Protecting Cloud-Based CIs: Covert Channel Vulnerabilities at the Resource Level. In: Fournaris, A., Lampropoulos, K., Marín Tordera, E. (eds) Information and Operational Technology Security Systems. IOSec 2018. Lecture Notes in Computer Science(), vol 11398. Springer, Cham. https://doi.org/10.1007/978-3-030-12085-6_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-12085-6_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-12084-9

  • Online ISBN: 978-3-030-12085-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation