Standards and architecture for token-ring local area networks
ACM '86 Proceedings of 1986 ACM Fall joint computer conference
A note on the confinement problem
Communications of the ACM
Lattice Scheduling and Covert Channels
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
On Introducing Noise into the Bus-Contention Channel
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
CITC5 '04 Proceedings of the 5th conference on Information technology education
IP covert timing channels: design and detection
Proceedings of the 11th ACM conference on Computer and communications security
Covert and Side Channels Due to Processor Architecture
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Information security technology?...don't rely on it: a case study in social engineering
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
A novel cache architecture with enhanced performance and security
Proceedings of the 41st annual IEEE/ACM International Symposium on Microarchitecture
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Proceedings of the 16th ACM conference on Computer and communications security
Managing security of virtual machine images in a cloud environment
Proceedings of the 2009 ACM workshop on Cloud computing security
Satori: enlightened page sharing
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
Covert channels through external interference
WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies
HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
An exploration of L2 cache covert channels in virtualized environments
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
AmazonIA: when elasticity snaps back
Proceedings of the 18th ACM conference on Computer and communications security
TerraCheck: verification of dedicated cloud storage
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
| Hi-index | 0.00 |
Information security and privacy in general are major concerns that impede enterprise adaptation of shared or public cloud computing. Specifically, the concern of virtual machine (VM) physical co-residency stems from the threat that hostile tenants can leverage various forms of side channels (such as cache covert channels) to exfiltrate sensitive information of victims on the same physical system. However, on virtualized ×86 systems, covert channel attacks have not yet proven to be practical, and thus the threat is widely considered a "potential risk". In this paper, we present a novel covert channel attack that is capable of high-bandwidth and reliable data transmission in the cloud. We first study the application of existing cache channel techniques in a virtualized environment, and uncover their major insufficiency and difficulties. We then overcome these obstacles by (1) redesigning a pure timing-based data transmission scheme, and (2) exploiting the memory bus as a high-bandwidth covert channel medium. We further design and implement a robust communication protocol, and demonstrate realistic covert channel attacks on various virtualized ×86 systems. Our experiments show that covert channels do pose serious threats to information security in the cloud. Finally, we discuss our insights on covert channel mitigation in virtualized environments.