A note on the confinement problem
Communications of the ACM
Performance and scalability of EJB applications
OOPSLA '02 Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
IP covert timing channels: design and detection
Proceedings of the 11th ACM conference on Computer and communications security
Proceedings of the 44th annual Design Automation Conference
Detecting covert timing channels: an entropy-based approach
Proceedings of the 14th ACM conference on Computer and communications security
Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Proceedings of the 16th ACM conference on Computer and communications security
Communications of the ACM
Outlook: Cloudy with a Chance of Security Challenges and Improvements
IEEE Security and Privacy
Covert messaging through TCP timestamps
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Load-based covert channels between Xen virtual machines
Proceedings of the 2010 ACM Symposium on Applied Computing
NoHype: virtualized cloud infrastructure without the virtualization
Proceedings of the 37th annual international symposium on Computer architecture
Predictive black-box mitigation of timing channels
Proceedings of the 17th ACM conference on Computer and communications security
HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Whispers in the hyper-space: high-speed covert channel attacks in the cloud
Security'12 Proceedings of the 21st USENIX conference on Security symposium
STEALTHMEM: system-level protection against cache-based side channel attacks in the cloud
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Detecting co-residency with active traffic analysis techniques
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
Are AES x86 cache timing attacks still feasible?
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
Resource-freeing attacks: improve your cloud performance (at your neighbor's expense)
Proceedings of the 2012 ACM conference on Computer and communications security
Cross-VM side channels and their use to extract private keys
Proceedings of the 2012 ACM conference on Computer and communications security
A covert channel construction in a virtualized environment
Proceedings of the 2012 ACM conference on Computer and communications security
Cloudoscopy: services discovery and topology mapping
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
Small is better: avoiding latency traps in virtualized data centers
Proceedings of the 4th annual Symposium on Cloud Computing
TerraCheck: verification of dedicated cloud storage
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
| Hi-index | 0.00 |
Recent exploration into the unique security challenges of cloud computing have shown that when virtual machines belonging to different customers share the same physical machine, new forms of cross-VM covert channel communication arise. In this paper, we explore one of these threats, L2 cache covert channels, and demonstrate the limits of these this threat by providing a quantification of the channel bit rates and an assessment of its ability to do harm. Through progressively refining models of cross-VM covert channels from the derived maximums, to implementable channels in the lab, and finally in Amazon EC2 itself we show how a variety of factors impact our ability to create effective channels. While we demonstrate a covert channel with considerably higher bit rate than previously reported, we assess that even at such improved rates, the harm of data exfiltration from these channels is still limited to the sharing of small, if important, secrets such as private keys.