On the Feasibility of Side-Channel Attacks in a Virtualized Environment

  • Tsvetoslava Vateva-GurovaEmail author
  • Jesus Luna
  • Giancarlo Pellegrino
  • Neeraj Suri
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 554)


The isolation among physically co-located virtual machines is an important prerequisite for ensuring the security in a virtualized environment (VE). The VE should prevent from exploitation of side-channels stemming from the usage of shared resources, being hardware or software. However, despite the presumed secure logical isolation, a possible information leakage beyond the boundaries of a virtual machine due to side-channel exploits is a key concern in the VE. Such exploits have been demonstrated in the academic world during the last years. This paper takes into consideration the side-channel attacks threat, and points out that the feasibility of a SCA strongly depends on the specific context of the execution environment. The paper proposes a framework for feasibility assessment of SCAs using cache-based exploits as an example scenario. Furthermore, we provide a proof of concept to show how the feasibility of cache-based SCAs can be assessed using the proposed approach.


Feasibility analysis Feasibility factors Security classifications Side-channel attacks 



Research supported by TU Darmstadt’s project LOEWE- CASED and the Deutsche Forschungsgemeinschaft Graduiertenkolleg 1362 - DFG GRK 1362.


  1. 1.
    Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side—channel(s). In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003)Google Scholar
  2. 2.
    Amazon Web Services: Amazon Virtual Private Cloud User Guide-Dedicated Instances (2014).
  3. 3.
    Anderson, R., Bond, M., Clulow, J., Skorobogatov, S.: Cryptographic processors-a survey. Proc. IEEE 94(2), 357–369 (2006)CrossRefGoogle Scholar
  4. 4.
    Bauer, A., Jaulmes, E., Prouff, E., Wild, J.: Horizontal and vertical side-channel attacks against secure RSA implementations. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 1–17. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  5. 5.
    Carlier, V., Chabanne, H., Dottax, E., Pelletier, H.: Electromagnetic side channels of an FPGA implementation of AES. IACR Cryptology ePrint Archive, p. 145 (2004)Google Scholar
  6. 6.
    Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Horizontal correlation analysis on exponentiation. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 46–61. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  7. 7.
    Department of Defense: Trusted Computer System Evaluation Criteria. Technical report DoD 5200.28-STD, National Computer Security Center, Ft. Meade, MD 20755, also known as the “Orange Book”, December 1985Google Scholar
  8. 8.
    Figueiredo, R., Dinda, P.A., Fortes, J.: Guest editors’ introduction: resource virtualization renaissance. Computer 38(5), 28–31 (2005)CrossRefGoogle Scholar
  9. 9.
    Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. Cryptology ePrint Archive, Report 2013/857 (2013).
  10. 10.
    Hlavacs, H., Treutner, T., Gelas, J.P., Lefevre, L., Orgerie, A.C.: Energy consumption side-channel attack at virtual machines in a cloud. In: International Conference on Cloud and Green Computing (CGC 2011) (2011)Google Scholar
  11. 11.
    Intel Corporation: Secure the enterprise with Intel AES-NI. (2010). Last Accessed on 22 April 2014
  12. 12.
    Kim, T., Peinado, M., Mainar-Ruiz, G.: STEALTHMEM: system-level protection against cache-based side channel attacks in the cloud. In: USENIX Security Symposium, p. 11. USENIX Association (2012)Google Scholar
  13. 13.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996) Google Scholar
  14. 14.
    Li, P., Gao, D., Reiter, M.K.: Mitigating access-driven timing channels in clouds using StopWatch. In: DSN, pp. 1–12. IEEE (2013)Google Scholar
  15. 15.
    Marty, M., Hill, M.: Virtual hierarchies to support server consolidation. SIGARCH Comput. Archit. News 35(2), 46–56 (2007)CrossRefGoogle Scholar
  16. 16.
    Mell, P., Grance, T.: The NIST Definition of Cloud Computing. Technical report 800–145, National Institute of Standards and Technology (NIST), September 2009Google Scholar
  17. 17.
    Messerges, T., Dabbish, E., Sloan, R.: Investigations of power analysis attacks on smartcards. In: USENIX WOST, p. 17. USENIX Association (1999)Google Scholar
  18. 18.
    Mowery, K., Keelveedhi, S., Shacham, H.: Are AES x86 cache timing attacks still feasible? In: CCSW, pp. 19–24. ACM (2012)Google Scholar
  19. 19.
    Padala, P., Zhu, X., Wang, Z., Singhal, S., Shin, K.: Performance Evaluation of Virtualization Technologies for Server Consolidation. Technical report HPL-2007-59, HP Laboratories Palo Alto (2007)Google Scholar
  20. 20.
    Pearce, M., Zeadally, S., Hunt, R.: Virtualization: issues, security threats, and solutions. ACM Comput. Surv. 45(2), 17:1–17:39 (2013)CrossRefGoogle Scholar
  21. 21.
    Percival, C.: Cache missing for fun and profit. In: The Technical BSC Conference (BSDCan) (2005)Google Scholar
  22. 22.
    Popek, G., Goldberg, R.: Formal requirements for virtualizable third generation architectures. Commun. ACM 17(7), 412–421 (1974)zbMATHMathSciNetCrossRefGoogle Scholar
  23. 23.
    Ratanpal, G.B., Williams, R., Blalock, T.: An on-chip signal suppression countermeasure to power analysis attacks. Dependable Secure Comput. 1(3), 179–189 (2004)CrossRefGoogle Scholar
  24. 24.
    Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: CCS, pp. 199–212. ACM (2009)Google Scholar
  25. 25.
    Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)Google Scholar
  26. 26.
    Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and timing attacks on SSH. In: USENIX Security Symposium, p. 25. USENIX Association (2001)Google Scholar
  27. 27.
    Stefan, D., Buiras, P., Yang, E.Z., Levy, A., Terei, D., Russo, A., Mazières, D.: Eliminating cache-based timing attacks with instruction-based scheduling. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 718–735. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  28. 28.
    Tiri, K., Hwang, D., Hodjat, A., Lai, B., Yang, S., Schaumont, P., Verbauwhede, I.: A side-channel leakage free coprocessor IC in 0.18 \(\mu \)m CMOS for embedded AES-based cryptographic and biometric processing. In: Design Automation Conference, pp. 222–227, June 2005Google Scholar
  29. 29.
    Uddin, M., Rahman, A.A.: Server consolidation: an approach to make data centers energy efficient and green. Int. J. Eng. Sci. Res. 1 (2010)Google Scholar
  30. 30.
    Wu, Z., Xu, Z., Wang, H.: Whispers in the hyper-space: high-speed covert channel attacks in the cloud. In: USENIX Security Symposium, p. 9. USENIX Association (2012)Google Scholar
  31. 31.
    Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., Schlichting, R.: An exploration of L2 cache covert channels in virtualized environments. In: CCSW, pp. 29–40. ACM (2011)Google Scholar
  32. 32.
    Yarom, Y., Falkner, K.: Flush+Reload: a high resolution, low noise, L3 cache side-channel attack. IACR Cryptology ePrint Archive (2013)Google Scholar
  33. 33.
    Zhang, Y., Juels, A., Reiter, M., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: CCS, pp. 305–316. ACM (2012)Google Scholar
  34. 34.
    Zhou, Y., DengGuo, F.: Side-channel attacks: ten years after its publication and the impacts on cryptographic module security testing. Cryptology ePrint Archive, Report 2005/388 (2005)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Tsvetoslava Vateva-Gurova
    • 1
    Email author
  • Jesus Luna
    • 1
    • 2
  • Giancarlo Pellegrino
    • 1
  • Neeraj Suri
    • 1
  1. 1.Department of CSTU DarmstadtDarmstadtGermany
  2. 2.Cloud Security AllianceEdinburghUK

Personalised recommendations