Skip to main content
SpringerLink
Log in

Cross-VM Attacks: Attack Taxonomy, Defense Mechanisms, and New Directions

  • Chapter
  • First Online:
Versatile Cybersecurity

Part of the book series: Advances in Information Security ((ADIS,volume 72))

Abstract

Cloud computing is a service which provides virtual machines (VMs) to the cloud customer with an ability to scale its resources on-demand. Cloud offers logical isolation among the VMs to isolate one VM from another VM. VMs running on the same physical server share the same resources. Hence, cross-VM attacks are possible in the multi-tenant virtualized environment. Most of the researchers focus on cross-VM attacks which primarily target the cache memory. There are additional attack instances which target other essential resources such as CPU, memory, I/O devices, and the cloud network. This chapter features a taxonomic classification of the cross-VM attacks and discusses the attacks space and the solution space to combat the cross-VM attacks. We also explain new sophistication in the cross-VM attack space and provide a comprehensive discussion to the solution design and guidelines.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Onur Acıiçmez, Çetin Kaya Koç, and Jean-Pierre Seifert. Predicting secret keys via branch prediction. In CT-RSA, volume 2007, pages 225–242. Springer, 2007.

    Google Scholar 

  2. Shahid Anwar, Zakira Inayat, Mohamad Fadli Zolkipli, Jasni Mohamad Zain, Abdullah Gani, Nor Badrul Anuar, Muhammad Khurram Khan, and Victor Chang. Cross-vm cache-based side channel attacks and proposed prevention mechanisms: A survey. Journal of Network and Computer Applications, 93:259–279, 2017.

    Article  Google Scholar 

  3. Aslan Askarov, Danfeng Zhang, and Andrew C Myers. Predictive black-box mitigation of timing channels. In Proceedings of the 17th ACM conference on Computer and communications security, pages 297–307. ACM, 2010.

    Google Scholar 

  4. Amittai Aviram, Sen Hu, Bryan Ford, and Ramakrishna Gummadi. Determinating timing channels in compute clouds. In Proceedings of the 2010 ACM workshop on Cloud computing security workshop, pages 103–108. ACM, 2010.

    Google Scholar 

  5. Andrey Bogdanov, Thomas Eisenbarth, Christof Paar, and Malte Wienecke. Differential cache-collision timing attacks on aes with applications to embedded cpus. In CT-RSA, volume 10, pages 235–251. Springer, 2010.

    Google Scholar 

  6. Ernie Brickell, Gary Graunke, Michael Neve, and Jean-Pierre Seifert. Software mitigations to hedge aes against cache-based software side channel vulnerabilities. IACR Cryptology ePrint Archive, 2006:52, 2006.

    Google Scholar 

  7. Ron C Chiang, Sundaresan Rajasekaran, Nan Zhang, and H Howie Huang. Swiper: Exploiting virtual machine vulnerability in third-party clouds with competition for i/o resources. IEEE Transactions on Parallel and Distributed Systems, 26(6):1732–1742, 2015.

    Article  Google Scholar 

  8. Cisco. 2017 annual cybersecurity report, January 2017. Available at https://engage2demand.cisco.com/en-us-annual-cybersecurity-report-2017.

  9. Stephen Crane, Andrei Homescu, Stefan Brunthaler, Per Larsen, and Michael Franz. Thwarting cache side-channel attacks through dynamic software diversity. In NDSS, pages 8–11, 2015.

    Google Scholar 

  10. Jean-Francois Dhem, Francois Koeune, Philippe-Alexandre Leroux, Patrick Mestré, Jean-Jacques Quisquater, and Jean-Louis Willems. A practical implementation of the timing attack. In International Conference on Smart Card Research and Advanced Applications, pages 167–182. Springer, 1998.

    Google Scholar 

  11. Craig Disselkoen, David Kohlbrenner, Leo Porter, and Dean Tullsen. Prime+abort: A timer-free high-precision l3 cache attack using intel tsx. In 26th USENIX Security Symposium (USENIX Security 17), Vancouver, BC, 2017. USENIX Association.

    Google Scholar 

  12. Xing Gao, Zhongshu Gu, Mehmet Kayaalp, Dimitrios Pendarakis, and Haining Wang. Containerleaks: Emerging security threats of information leakages in container clouds. In Dependable Systems and Networks (DSN), 2017 47th Annual IEEE/IFIP International Conference on, pages 237–248. IEEE, 2017.

    Google Scholar 

  13. Vinodh Gopal, James Guilford, Erdinc Ozturk, Wajdi Feghali, Gil Wolrich, and Martin Dixon. Fast and constant-time implementation of modular exponentiation. Embedded Systems and Communications Security, Niagara Falls, NY, US, 2009.

    Google Scholar 

  14. Sudhakar Govindavajhala and Andrew W Appel. Using memory errors to attack a virtual machine. In Security and Privacy, 2003. Proceedings. 2003 Symposium on, pages 154–165. IEEE, 2003.

    Google Scholar 

  15. Daniel Gruss, Clémentine Maurice, Klaus Wagner, and Stefan Mangard. Flush+ flush: a fast and stealthy cache attack. In Detection of Intrusions and Malware, and Vulnerability Assessment, pages 279–299. Springer, 2016.

    Google Scholar 

  16. David Gullasch, Endre Bangerter, and Stephan Krenn. Cache games–bringing access-based cache attacks on aes to practice. In Security and Privacy (SP), 2011 IEEE Symposium on, pages 490–505. IEEE, 2011.

    Google Scholar 

  17. Berk Gülmezoğlu, Mehmet Sinan Inci, Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. A faster and more realistic flush+ reload attack on aes. In International Workshop on Constructive Side-Channel Analysis and Secure Design, pages 111–126. Springer, 2015.

    Google Scholar 

  18. Yi Han, Jeffrey Chan, Tansu Alpcan, and Christopher Leckie. Using virtual machine allocation policies to defend against co-resident attacks in cloud computing. IEEE Transactions on Dependable and Secure Computing, 14(1):95–108, 2017.

    Google Scholar 

  19. Mehmet Sinan Inci, Berk Gulmezoglu, Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. Cache attacks enable bulk key recovery on the cloud. In International Conference on Cryptographic Hardware and Embedded Systems, pages 368–388. Springer, 2016.

    Google Scholar 

  20. Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. S $ a: a shared cache attack that works across cores and defies vm sandboxing–and its application to aes. In Security and Privacy (SP), 2015 IEEE Symposium on, pages 591–604. IEEE, 2015.

    Google Scholar 

  21. Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, and Berk Sunar. Fine grain cross-vm attacks on xen and vmware. In Big Data and Cloud Computing (BdCloud), 2014 IEEE Fourth International Conference on, pages 737–744. IEEE, 2014.

    Google Scholar 

  22. Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, and Berk Sunar. Wait a minute! a fast, cross-vm attack on aes. In International Workshop on Recent Advances in Intrusion Detection, pages 299–319. Springer, 2014.

    Google Scholar 

  23. Georgios Keramidas, Alexandros Antonopoulos, Dimitrios N Serpanos, and Stefanos Kaxiras. Non deterministic caches: A simple and effective defense against side channel attacks. Design Automation for Embedded Systems, 12(3):221–230, 2008.

    Article  Google Scholar 

  24. Taesoo Kim, Marcus Peinado, and Gloria Mainar-Ruiz. Stealthmem: System-level protection against cache-based side channel attacks in the cloud. In USENIX Security symposium, pages 189–204, 2012.

    Google Scholar 

  25. Paul C Kocher. Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In Annual International Cryptology Conference, pages 104–113. Springer, 1996.

    Google Scholar 

  26. Robert Könighofer. A fast and cache-timing resistant implementation of the aes. Topics in Cryptology–CT-RSA 2008, pages 187–202, 2008.

    MATH  Google Scholar 

  27. Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, and Stefan Mangard. Armageddon: Cache attacks on mobile devices. In USENIX Security Symposium, pages 549–564, 2016.

    Google Scholar 

  28. Alan Litchfield and Abid Shahzad. Virtualization technology: Cross-vm cache side channel attacks make it vulnerable. arXiv preprint arXiv:1606.01356, 2016.

    Google Scholar 

  29. Fangfei Liu, Qian Ge, Yuval Yarom, Frank Mckeen, Carlos Rozas, Gernot Heiser, and Ruby B Lee. Catalyst: Defeating last-level cache side channel attacks in cloud computing. In High Performance Computer Architecture (HPCA), 2016 IEEE International Symposium on, pages 406–418. IEEE, 2016.

    Google Scholar 

  30. Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B Lee. Last-level cache side-channel attacks are practical. In Security and Privacy (SP), 2015 IEEE Symposium on, pages 605–622. IEEE, 2015.

    Google Scholar 

  31. Weijie Liu, Debin Gao, and Michael K Reiter. On-demand time blurring to support side-channel defense. In European Symposium on Research in Computer Security, pages 210–228. Springer, 2017.

    Google Scholar 

  32. Stefan Mangard. Malware guard extension: Using sgx to conceal cache attacks. In Detection of Intrusions and Malware, and Vulnerability Assessment: 14th International Conference, DIMVA 2017, Bonn, Germany, July 6–7, 2017, Proceedings, volume 10327, page 3. Springer, 2017.

    Google Scholar 

  33. Preeti Mishra, Emmanuel S Pilli, Vijay Varadharajan, and Udaya Tupakula. Out-vm monitoring for malicious network packet detection in cloud. In Asia Security and Privacy (ISEASP), 2017 ISEA, pages 1–10. IEEE, 2017.

    Google Scholar 

  34. Ahmad Moghimi, Gorka Irazoqui, and Thomas Eisenbarth. Cachezoom: How sgx amplifies the power of cache attacks. arXiv preprint arXiv:1703.06986, 2017.

    Google Scholar 

  35. Bodo Möller. Securing elliptic curve point multiplication against side-channel attacks. In International Conference on Information Security, pages 324–334. Springer, 2001.

    Google Scholar 

  36. Soo-Jin Moon, Vyas Sekar, and Michael K Reiter. Nomad: Mitigating arbitrary cloud side channels via provider-assisted migration. In Proceedings of the 22nd acm sigsac conference on computer and communications security, pages 1595–1606. ACM, 2015.

    Google Scholar 

  37. Amin Nezarat and Yaser Shams. A game theoretic-based distributed detection method for vm-to-hypervisor attacks in cloud environment. The Journal of Supercomputing, pages 1–21, 2017.

    Google Scholar 

  38. Keisuke Okamura and Yoshihiro Oyama. Load-based covert channels between xen virtual machines. In Proceedings of the 2010 ACM Symposium on Applied Computing, pages 173–180. ACM, 2010.

    Google Scholar 

  39. Yossef Oren, Vasileios P Kemerlis, Simha Sethumadhavan, and Angelos D Keromytis. The spy in the sandbox: Practical cache attacks in javascript and their implications. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 1406–1418. ACM, 2015.

    Google Scholar 

  40. Dag Arne Osvik, Adi Shamir, and Eran Tromer. Cache attacks and countermeasures: the case of aes. In Cryptographers Track at the RSA Conference, pages 1–20. Springer, 2006.

    Google Scholar 

  41. Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, and Stefan Mangard. Drama: Exploiting dram addressing for cross-cpu attacks. In USENIX Security Symposium, pages 565–581, 2016.

    Google Scholar 

  42. Xing Pu, Ling Liu, Yiduo Mei, Sankaran Sivathanu, Younggyun Koh, and Calton Pu. Understanding performance interference of i/o workload in virtualized cloud environments. In Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on, pages 51–58. IEEE, 2010.

    Google Scholar 

  43. Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security, pages 199–212. ACM, 2009.

    Google Scholar 

  44. Michael Schwarz, Clémentine Maurice, Daniel Gruss, and Stefan Mangard. Fantastic timers and where to find them: high-resolution microarchitectural attacks in javascript. In International Conference on Financial Cryptography and Data Security, pages 247–267. Springer, 2017.

    Google Scholar 

  45. Gaurav Somani, Manoj Singh Gaur, Dheeraj Sanghi, Mauro Conti, and Rajkumar Buyya. Ddos attacks in cloud computing: issues, taxonomy, and future directions. Computer Communications, 2017.

    Google Scholar 

  46. Eran Tromer, Dag Arne Osvik, and Adi Shamir. Efficient cache attacks on aes, and countermeasures. Journal of Cryptology, 23(1):37–71, 2010.

    Google Scholar 

  47. Venkatanathan Varadarajan, Yinqian Zhang, Thomas Ristenpart, and Michael M Swift. A placement vulnerability study in multi-tenant public clouds. In USENIX Security Symposium, pages 913–928, 2015.

    Google Scholar 

  48. Omar Abdel Wahab, Jamal Bentahar, Hadi Otrok, and Azzam Mourad. Optimal load distribution for the detection of vm-based ddos attacks in the cloud. IEEE Transactions on Services Computing, 2017.

    Google Scholar 

  49. Sheng Wang, Weizhong Qiang, Hai Jin, and Jinfeng Yuan. Covertinspector: Identification of shared memory covert timing channel in multi-tenanted cloud. International Journal of Parallel Programming, 45(1):142–156, 2017.

    Article  Google Scholar 

  50. Zhe Wang, Chenggang Wu, Jianjun Li, Yuanming Lai, Xiangyu Zhang, Wei-Chung Hsu, and Yueqiang Cheng. Reranz: A light-weight virtual machine to mitigate memory disclosure attacks. In Proceedings of the 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pages 143–156. ACM, 2017.

    Google Scholar 

  51. Zhenghong Wang and Ruby B Lee. Covert and side channels due to processor architecture. In Computer Security Applications Conference, 2006. ACSAC’06. 22nd Annual, pages 473–482. IEEE, 2006.

    Google Scholar 

  52. Zhenghong Wang and Ruby B Lee. New cache designs for thwarting software cache-based side channel attacks. In ACM SIGARCH Computer Architecture News, volume 35, pages 494–505. ACM, 2007.

    Google Scholar 

  53. Ziqi Wang, Rui Yang, Xiao Fu, Xiaojiang Du, and Bin Luo. A shared memory based cross-vm side channel attacks in iaas cloud. In Computer Communications Workshops (INFOCOM WKSHPS), 2016 IEEE Conference on, pages 181–186. IEEE, 2016.

    Google Scholar 

  54. Michael Weiß, Benedikt Heinz, and Frederic Stumpf. A cache timing attack on aes in virtualization environments. Financial Cryptography and Data Security, pages 314–328, 2012.

    Google Scholar 

  55. Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, and Radu Teodorescu. One bit flips, one cloud flops: Cross-vm row hammer attacks and privilege escalation. In USENIX Security Symposium, pages 19–35, 2016.

    Google Scholar 

  56. Zhang Xu, Haining Wang, and Zhenyu Wu. A measurement study on co-residence threat inside the cloud. In USENIX Security Symposium, pages 929–944, 2015.

    Google Scholar 

  57. Ziye Yang, Haifeng Fang, Yingjun Wu, Chungi Li, Bin Zhao, and H Howie Huang. Understanding the effects of hypervisor i/o scheduling for virtual machine performance interference. In Cloud Computing Technology and Science (CloudCom), 2012 IEEE 4th International Conference on, pages 34–41. IEEE, 2012.

    Google Scholar 

  58. Yuval Yarom and Naomi Benger. Recovering openssl ecdsa nonces using the flush+ reload cache side-channel attack. IACR Cryptology ePrint Archive, 2014:140, 2014.

    Google Scholar 

  59. Yuval Yarom and Katrina Falkner. Flush+ reload: A high resolution, low noise, l3 cache side-channel attack. In USENIX Security Symposium, pages 719–732, 2014.

    Google Scholar 

  60. Tianwei Zhang, Yinqian Zhang, and Ruby B Lee. Memory dos attacks in multi-tenant clouds: Severity and mitigation. arXiv preprint arXiv:1603.03404, 2016.

    Google Scholar 

  61. Tianwei Zhang, Yinqian Zhang, and Ruby B Lee. Dos attacks on your memory in cloud. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pages 253–265. ACM, 2017.

    Google Scholar 

  62. Xiaokuan Zhang, Yuan Xiao, and Yinqian Zhang. Return-oriented flush-reload side channels on arm and their implications for android devices. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 858–870. ACM, 2016.

    Google Scholar 

  63. Yinqian Zhang, Ari Juels, Michael K Reiter, and Thomas Ristenpart. Cross-vm side channels and their use to extract private keys. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 305–316. ACM, 2012.

    Google Scholar 

  64. Yinqian Zhang and Michael K Reiter. Düppel: Retrofitting commodity operating systems to mitigate cache side channels in the cloud. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pages 827–838. ACM, 2013.

    Google Scholar 

  65. Ziqiao Zhou, Michael K Reiter, and Yinqian Zhang. A software approach to defeating side channels in last-level caches. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 871–882. ACM, 2016.

    Google Scholar 

  66. Rui Zhuang, Scott A DeLoach, and Xinming Ou. Towards a theory of moving target defense. In Proceedings of the First ACM Workshop on Moving Target Defense, pages 31–40. ACM, 2014.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Central University of Rajasthan, Ajmer, India

    Gulshan Kumar Singh & Gaurav Somani

Authors
  1. Gulshan Kumar Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gaurav Somani
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Mathematics, University of Padua, Padua, Italy

    Mauro Conti

  2. Department of Computer Science and Engineering, Central University of Rajasthan, Ajmer, India

    Gaurav Somani

  3. Department of Electrical Engineering, University of Washington, Seattle, WA, USA

    Radha Poovendran

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Singh, G.K., Somani, G. (2018). Cross-VM Attacks: Attack Taxonomy, Defense Mechanisms, and New Directions. In: Conti, M., Somani, G., Poovendran, R. (eds) Versatile Cybersecurity. Advances in Information Security, vol 72. Springer, Cham. https://doi.org/10.1007/978-3-319-97643-3_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-97643-3_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-97642-6

  • Online ISBN: 978-3-319-97643-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation