TY - JOUR
T1 - Cross-VM cache-based side channel attacks and proposed prevention mechanisms
T2 - A survey
AU - Anwar, Shahid
AU - Inayat, Zakira
AU - Zolkipli, Mohamad Fadli
AU - Zain, Jasni Mohamad
AU - Gani, Abdullah
AU - Anuar, Nor Badrul
AU - Khan, Muhammad Khurram
AU - Chang, Victor
N1 - Publisher Copyright:
© 2017
PY - 2017/9/1
Y1 - 2017/9/1
N2 - The state-of-the-art Cloud Computing (CC) has been commercially popular for shared resources of third party applications. A cloud platform enables to share resources among mutually distrusting CC clients and offers cost-effective, on-demand scaling. With the exponential growth of CC environment, vulnerabilities and their corresponding exploitation of the prevailing cloud resources may potentially increase. Although CC provides numerous benefits to the cloud computing tenant. However, features namely resource sharing and Virtual Machine (VM) physical co-residency raising the potential for sensitive information leakages such as Side Channel (SC) attacks. In particular, the physical co-residency feature allows attackers to communicate with another VM on the same physical machine and leak the confidential information due to inadequate logical isolation. Unlike encryption, which protects information from being decoded by unauthorized persons, SC attacks aim to exploit the encryption systems and to hide the occurrence of communication. SC attacks were initially identified as the main threat on multi-level secure systems i.e. OS, database, and networks. More recently, the focus of the researchers has shifted toward SC attacks in CC. Since the last level cache (L2 or L3) is always shared between VM, is the most targeting device for these attacks. Therefore, the aim of this article is to explore cross-VM SC attacks involving the CPU cache and their countermeasures in CC and to compare with the traditional SC attacks and countermeasures. We categorized the SC attacks according to the hardware medium they target and exploit, the ways they access the module and the method they use to extract confidential information. We identified that traditional prevention mechanisms for SC attacks are not appropriate for prevention of cross-VM cache-based SC attacks. We also proposed countermeasures for the prevention of these attacks in order to improve security in CC.
AB - The state-of-the-art Cloud Computing (CC) has been commercially popular for shared resources of third party applications. A cloud platform enables to share resources among mutually distrusting CC clients and offers cost-effective, on-demand scaling. With the exponential growth of CC environment, vulnerabilities and their corresponding exploitation of the prevailing cloud resources may potentially increase. Although CC provides numerous benefits to the cloud computing tenant. However, features namely resource sharing and Virtual Machine (VM) physical co-residency raising the potential for sensitive information leakages such as Side Channel (SC) attacks. In particular, the physical co-residency feature allows attackers to communicate with another VM on the same physical machine and leak the confidential information due to inadequate logical isolation. Unlike encryption, which protects information from being decoded by unauthorized persons, SC attacks aim to exploit the encryption systems and to hide the occurrence of communication. SC attacks were initially identified as the main threat on multi-level secure systems i.e. OS, database, and networks. More recently, the focus of the researchers has shifted toward SC attacks in CC. Since the last level cache (L2 or L3) is always shared between VM, is the most targeting device for these attacks. Therefore, the aim of this article is to explore cross-VM SC attacks involving the CPU cache and their countermeasures in CC and to compare with the traditional SC attacks and countermeasures. We categorized the SC attacks according to the hardware medium they target and exploit, the ways they access the module and the method they use to extract confidential information. We identified that traditional prevention mechanisms for SC attacks are not appropriate for prevention of cross-VM cache-based SC attacks. We also proposed countermeasures for the prevention of these attacks in order to improve security in CC.
KW - Cache-based Side channel attacks
KW - Cloud computing
KW - Countermeasures
KW - Cross-VM Cache-based side channel attacks
UR - http://www.scopus.com/inward/record.url?scp=85021948534&partnerID=8YFLogxK
U2 - 10.1016/j.jnca.2017.06.001
DO - 10.1016/j.jnca.2017.06.001
M3 - Review article
AN - SCOPUS:85021948534
SN - 1084-8045
VL - 93
SP - 259
EP - 279
JO - Journal of Network and Computer Applications
JF - Journal of Network and Computer Applications
ER -