Shuffler: Mitigate cross-VM side-channel attacks via hypervisor scheduling

6Citations
Citations of this article
7Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Cloud computing relies on resources sharing to achieve high resource utilization and economy of scale. Meanwhile, contention on shared resources opens doors for co-located virtual machines (VMs) to have negative impacts on each other, and even introduces vulnerabilities such as information leakage. For example, via CPU cache-based side-channel attacks, an attacker VM can extract crypto keys from a victim VM. To cost-effectively secure the cloud against those threats without sacrificing resource sharing, in this paper, we first investigate the factors that can impact the success of such attacks. Our investigation reveals that the root cause of such attacks is the constant sharing patterns of hardware resources between VMs. Based on our findings, we quantify the negative impacts a VM can have on another VM on the same machine using the vulnerable probability, and propose lightweight and generic scheduler-based defense mechanisms called Shuffler schedulers, which can effectively limit the vulnerable probability of all VMs. The key is that distributing CPU time to vCPUs with equal probability would reduce the overall vulnerable probability of the system. Our analyses and experimental results show that the Shuffler schedulers can effectively reduce information leakage to mitigate cross-VM side-channel attacks, with little performance penalty while preserving high resource utilization.

Cite

CITATION STYLE

APA

Liu, L., Wang, A., Zang, W. Y., Yu, M., Xiao, M., & Chen, S. (2018). Shuffler: Mitigate cross-VM side-channel attacks via hypervisor scheduling. In Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST (Vol. 254, pp. 491–511). Springer Verlag. https://doi.org/10.1007/978-3-030-01701-9_27

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free