Abstract
Multiple instances of virtual machines can run on a single physical host sharing hardware and software resources in cloud computing. One of the resources that is shared among multiple Virtual Machines (VM) in the cloud is Cache. Such Virtual machines are targeted for an abnormal activity like side channel attack. Cache-based side channel attack is one of the side channel attack in cloud environment which leaks the private information of the client. The proposed approach includes the detection and mitigation of cache-based side channel attack in cloud infrastructure. The proposed approach comprises of three components: a collection of virtual machine status, the Fuzzy controller to detect attack and mitigation. The fuzzy rule-based controller is incorporated in this approach to identify the cache-attack on the log file. This system works dynamically to prevent cache attacks on the cloud environment and will incur very small overhead in performance.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side channel cryptanalysis of product ciphers. J. Comput. Secur. 8(2–3), 141–158 (2000)
Godfrey, M., Zulkernine, M.: Preventing cache-based side-channel attacks in a cloud environment. IEEE Trans. Cloud Comput. 2(4), 395–408 (2015)
Shi, J., Song, X., Chen, H., Zang, B.: Limiting cache-based side-channel in the multi-tenant cloud using the dynamic page coloring. In: Proceedings of International Conference on Dependable Systems and Network shops, pp. 194–199 (2011)
Yu, S., Gui, X., Lin, J.: An approach with two-stage mode to detect cache-based side channel attacks. In: Proceedings of International Conference on Information Networking, pp. 186–191 (2013)
Pfoh, J., Schneider, C., Eckert, C.: Nitro: hardware-based system call tracing for virtual machines. In: Iwata, T., Nishigaki, M. (eds.) IWSEC 2011. LNCS, vol. 7038, pp. 96–112. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25141-2_7
Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: malware analysis via hardware virtualization extensions. In: Proceedings of the 15th ACM Conference on Computer and communications security, pp. 51–62. ACM, New York (2008)
Payne, B.D.: Simplifying Virtual Machine Introspection Using LibVMI. Sandia National Laboratories No. SAND 2012–7818 (2012)
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: CCS, pp. 199–212 (2009)
Acıiçmez, O., Brumley, B.B., Grabher, P.: New results on instruction cache attacks. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 110–124. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15031-9_8
Aciiçmez, O., Koç, Ç., Seifert, J.: On the power of simple branch prediction analysis. In: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS 2007 (2007)
Yarom, Y., Falkner, K.: FLUSH + RELOAD: a high resolution low noise, l3 cache side-channel attack. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 719–732. USENIX Association, San Diego, August 2014
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006). https://doi.org/10.1007/11605805_1
Liu, F., Lee, R.B.: Security testing of a secure cache design. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy - HASP 2013, New York (2013)
Zimmermann, H.J.: Introduction to fuzzy sets. In: Zimmermann, H.J. (ed.) Fuzzy Set Theory—and Its Applications. Springer, Dordrecht (1991). https://doi.org/10.1007/978-94-015-7949-0_1
Wu, Z., Xu, Z., Wang, H.: Whispers in the hyper-space: high-speed covert channel attacks in the cloud. In: USENIX Security, p. 9 (2012)
Canteaut, A., Lauradoux, C., Seznec, A.: Understanding cache attacks. Technical report, April 2006. ftp://ftp.inria.fr/INRIA/publication/publi-pdf/RR/RR-5881.pdf
Ainapure, B.S., Shah, D., Rao, A.A.: Understanding perception of cache-based side-channel attack on cloud environment. In: Sa, P.K., Sahoo, M.N., Murugappan, M., Wu, Y., Majhi, B. (eds.) Progress in Intelligent Computing Techniques: Theory, Practice, and Applications. AISC, vol. 519, pp. 9–21. Springer, Singapore (2018). https://doi.org/10.1007/978-981-10-3376-6_2
Ainapure, B.S., Shah, D., Rao, A.A.: Performance analysis of virtual machine introspection tools in cloud environment. In: Proceedings of the International Conference on Informatics and Analytics, ICIA 2016, Article No. 27. ACM digital library (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Ainapure, B.S., Shah, D., Rao, A.A. (2018). A Novel Approach to Detect and Mitigate Cache Side Channel Attack in Cloud Environment. In: Bhattacharyya, P., Sastry, H., Marriboyina, V., Sharma, R. (eds) Smart and Innovative Trends in Next Generation Computing Technologies. NGCT 2017. Communications in Computer and Information Science, vol 828. Springer, Singapore. https://doi.org/10.1007/978-981-10-8660-1_27
Download citation
DOI: https://doi.org/10.1007/978-981-10-8660-1_27
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-8659-5
Online ISBN: 978-981-10-8660-1
eBook Packages: Computer ScienceComputer Science (R0)