Advertisement

Protecting Cloud-Based CIs: Covert Channel Vulnerabilities at the Resource Level

  • Tsvetoslava Vateva-GurovaEmail author
  • Salman Manzoor
  • Ruben Trapero
  • Neeraj Suri
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11398)

Abstract

Critical Infrastructures (CIs) increasingly leverage Cloud computing given its benefits of on-demand scalability, high availability and cost efficiency. However, the Cloud is typically characterized by the co-location of users from varied security domains that also use shared computing resources. This introduces a number of resource/architecture-level vulnerabilities. For example, the usage of a basic shared storage component, such as a memory cache, can expose the entire Cloud system to security risks such as covert-channel attacks. The success of these exploits depends on various execution environment properties. Thus, providing means to assess the feasibility of these attacks in a specific execution environment and enabling postmortem analysis is needed.

While attacks at the architectural level represent a potent vulnerability to exfiltrate information, the low-level often get neglected with techniques such as intrusion detection focused more on the high-level network/middleware threats. Interestingly, cache-based covert-channel attacks are typically not detectable by traditional intrusion detection systems as covert channels do not obey any access rights or other security policies. This paper focuses on the information provided at the low architectural level to cope with the cache-based covert-channel threat. We propose the usage of feasibility metrics collected at the low level to monitor the core-private cache covert channel and, infer information regarding the probability of a covert-channel exploit happening. We also illustrate the applicability of the proposed feasibility metrics in a use case.

Keywords

Information leakage Scheduling Side channels Covert channels Feasibility 

Notes

Acknowledgements

Research supported in part by EC NECS GA#675320 and CIPSEC GA#700378.

References

  1. 1.
    Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side—channel(s). In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36400-5_4CrossRefGoogle Scholar
  2. 2.
    Gartner, Inc.: Why a No-Cloud Policy Will Become Extinct (2016). https://www.gartner.com/smarterwithgartner/cloud-computing-predicts/. Accessed 10 July 2018
  3. 3.
    Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. Cryptology ePrint Archive, Report 2013/857 (2013). http://eprint.iacr.org/
  4. 4.
    HIMMS Analytics: 2014 HIMMS Analytics Cloud Survey (2014). https://www.himss.org/file/1308371/download?token=CBkkly5K. Accessed 07 July 2018
  5. 5.
    Hlavacs, H., Treutner, T., Gelas, J.P., Lefevre, L., Orgerie, A.C.: Energy consumption side-channel attack at virtual machines in a cloud. In: Proceedings of the 2011 IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2011), pp. 605–612 (2011)Google Scholar
  6. 6.
    Hu, W.M.: Reducing timing channels with fuzzy time. In: Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 8–20, May 1991Google Scholar
  7. 7.
    Hu, W.M.: Lattice scheduling and covert channels. In: Proceedings of the 1992 IEEE Symposium on Security and Privacy, SP 1992, pp. 52–61. IEEE Computer Society, Washington (1992). http://dl.acm.org/citation.cfm?id=882488.884165
  8. 8.
    Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Wait a minute! A fast, cross-VM attack on AES. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 299–319. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-11379-1_15CrossRefGoogle Scholar
  9. 9.
    Kerrisk, M.: The Linux man-pages project (2013). http://man7.org/linux/man-pages/man7/sched.7.html. Accessed 02 July 2018
  10. 10.
    Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: Proceedings of the 2015 IEEE Symposium on Security and Privacy, SP 2015, pp. 605–622. IEEE Computer Society, Washington, May 2015Google Scholar
  11. 11.
    Maurice, C., et al.: Hello from the other side: SSH over robust cache covert channels in the cloud. In: Proceedings of the 24th Annual Network and Distributed System Security Symposium, NDSS 2017 (2017)Google Scholar
  12. 12.
    Maurice, C., Neumann, C., Heen, O., Francillon, A.: C5: cross-cores cache covert channel. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 46–64. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-20550-2_3CrossRefGoogle Scholar
  13. 13.
    Maurice, C., Le Scouarnec, N., Neumann, C., Heen, O., Francillon, A.: Reverse engineering intel last-level cache complex addressing using performance counters. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 48–65. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-26362-5_3CrossRefGoogle Scholar
  14. 14.
    Mendelson, A., Suri, N.: Designing high-performance and reliable superscalar architectures: the out of order reliable superscalar (O3RS) Approach. In: Proceedings of the International Conference on Dependable Systems and Networks, DSN 2000, pp. 473–481. IEEE Computer Society, June 2000Google Scholar
  15. 15.
    Messerges, T., Dabbish, E., Sloan, R.: Investigations of power analysis attacks on smartcards. In: Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology, WOST 1999, p. 17. USENIX Association, Berkeley (1999)Google Scholar
  16. 16.
    Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, You, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 199–212. ACM, New York (2009)Google Scholar
  17. 17.
    Timor, A., Mendelson, A., Birk, Y., Suri, N.: Using underutilized CPU resources to enhance its reliability. IEEE Trans. Dependable Secure Comput. 7(1), 94–109 (2010)CrossRefGoogle Scholar
  18. 18.
    Varadarajan, V., Ristenpart, T., Swift, M.: Scheduler-based defenses against cross-VM side-channels. In: Proceedings of the 23rd USENIX Security Symposium, USENIX Security 2014, pp. 687–702. USENIX Association, San Diego (2014)Google Scholar
  19. 19.
    Vateva-Gurova, T., Luna, J., Pellegrino, G., Suri, N.: Towards a framework for assessing the feasibility of side-channel attacks in virtualized environments. In: Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, ICETE 2014, pp. 113–124. SciTePress (2014)Google Scholar
  20. 20.
    Vateva-Gurova, T., Suri, N., Mendelson, A.: The impact of hypervisor scheduling on compromising virtualized environments. In: Proceedings of the 2015 IEEE International Conference on Dependable, Autonomic and Secure Computing, DASC 2015, pp. 1910–1917 (2015)Google Scholar
  21. 21.
    VMware: additional transparent page sharing management capabilities and new default settings. Technical report 2097593, VMware. https://kb.vmware.com/s/article/2097593. Accessed 07 June 2018
  22. 22.
    VMware: security considerations and disallowing inter-virtual machine transparent page sharing. Technical report 2080735, VMware. https://kb.vmware.com/s/article/2080735. Accessed 07 June 2018
  23. 23.
    Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., Schlichting, R.: An exploration of L2 cache covert channels in virtualized environments. In: Proceedings of the Workshop on Cloud Computing Security, pp. 29–40 (2011)Google Scholar
  24. 24.
    Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: Proceedings of the 23rd USENIX Security Symposium, USENIX Security 2014, pp. 719–732. USENIX Association, San Diego (2014)Google Scholar
  25. 25.
    Yarom, Y., Ge, Q., Liu, F., Lee, R.B., Heiser, G.: Mapping the intel last-level cache. IACR Cryptology ePrint Archive 2015, 905 (2015)Google Scholar
  26. 26.
    Zhang, Y., Juels, A., Reiter, M., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 305–316. ACM, New York (2012)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Tsvetoslava Vateva-Gurova
    • 1
    Email author
  • Salman Manzoor
    • 1
  • Ruben Trapero
    • 2
  • Neeraj Suri
    • 1
  1. 1.CS DepartmentTechnische Universität DarmstadtDarmstadtGermany
  2. 2.Atos Research and InnovationMadridSpain

Personalised recommendations