An exploration of L2 cache covert channels in virtualized environments
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
Do you know where your cloud files are?
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
Whispers in the hyper-space: high-speed covert channel attacks in the cloud
Security'12 Proceedings of the 21st USENIX conference on Security symposium
STEALTHMEM: system-level protection against cache-based side channel attacks in the cloud
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Detecting co-residency with active traffic analysis techniques
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
Resource-freeing attacks: improve your cloud performance (at your neighbor's expense)
Proceedings of the 2012 ACM conference on Computer and communications security
Cross-VM side channels and their use to extract private keys
Proceedings of the 2012 ACM conference on Computer and communications security
New approaches to security and availability for cloud data
Communications of the ACM
An experimental study of cascading performance interference in a virtualized environment
ACM SIGMETRICS Performance Evaluation Review
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Verification of data redundancy in cloud storage
Proceedings of the 2013 international workshop on Security in cloud computing
Implementing side-channel attacks on suggest boxes in web applications
Proceedings of the First International Conference on Security of Internet of Things
Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Cloudoscopy: services discovery and topology mapping
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
TerraCheck: verification of dedicated cloud storage
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
| Hi-index | 0.02 |
Security is a major barrier to enterprise adoption of cloud computing. Physical co-residency with other tenants poses a particular risk, due to pervasive virtualization in the cloud. Recent research has shown how side channels in shared hardware may enable attackers to exfiltrate sensitive data across virtual machines (VMs). In view of such risks, cloud providers may promise physically isolated resources to select tenants, but a challenge remains: Tenants still need to be able to verify physical isolation of their VMs. We introduce Home Alone, a system that lets a tenant verify its VMs' exclusive use of a physical machine. The key idea in Home Alone is to invert the usual application of side channels. Rather than exploiting a side channel as a vector of attack, Home Alone uses a side-channel (in the L2 memory cache) as a novel, defensive detection tool. By analyzing cache usage during periods in which "friendly" VMs coordinate to avoid portions of the cache, a tenant using Home Alone can detect the activity of a co-resident "foe" VM. Key technical contributions of Home Alone include classification techniques to analyze cache usage and guest operating system kernel modifications that minimize the performance impact of friendly VMs sidestepping monitored cache portions. Home Alone requires no modification of existing hyper visors and no special action or cooperation by the cloud provider.