Preventing and detecting cache side-channel attacks in cloud computing

2017 ◽  
Author(s):  
Younis A. Younis ◽  
Kashif Kifayat ◽  
Abir Hussain
Keyword(s):  
Cloud Computing ◽  
Side Channel ◽  
Side Channel Attacks

Adaptive multilevel fuzzy-based authentication framework to mitigate Cache side channel attack in cloud computing

2018 ◽  
Vol 09 (05) ◽  
pp. 1850045 ◽  
Author(s):  
Bharati Ainapure ◽  
Deven Shah ◽  
A. Ananda Rao
Keyword(s):  
Cloud Computing ◽  
Private Information ◽  
Privacy Preservation ◽  
Virtual Machines ◽  
Fuzzy Rule ◽  
Data Access ◽  
Side Channel ◽  
Side Channel Attack ◽  
Side Channel Attacks ◽  
Cloud Providers

Cloud computing supports multitenancy to satisfy the users’ demands for accessing resources and simultaneously it increases revenue for cloud providers. Cloud providers adapt multitenancy by virtualizing the resources, like CPU, network interfaces, peripherals, hard drives and memory using hypervisor to fulfill the demand. In a virtualized environment, many virtual machines (VMs) can run on the same core with the help of the hypervisor by sharing the resources. The VMs running on the same core are the target for the malicious or abnormal attacks like side channel attacks. Among various side channel attacks in cloud computing, cache-based side channel attack is one that leaks private information of the users based on the shared resources. Here, as the shared resource is the cache, a process can utilize the cache usage of another by cache contention. Cache sharing provides a way for the attackers to gain considerable information so that the key used for encryption can be inferred. Discovering this side channel attack is a challenging task. This requires identification of a feature that influences the attack. Even though there are various techniques available in the literature to mitigate such attacks, an effective solution to reduce the cache-based side channel attack is still an issue. Therefore, a novel fuzzy rule-based mechanism is integrated to detect the cache side channel attackers by monitoring the cache data access (CDA). The factor that determines the attack is CDA in a log file created by the framework during authorization. The proposed framework also utilizes certain security properties including ECC and hashing for the privacy preservation and the decision is made with the aid of a fuzzy logic system.

Side Channel Attacks in Cloud Computing

2019 ◽  
pp. 77-98 ◽  
Author(s):  
Ramanujam Elangovan ◽  
Prianga M.
Keyword(s):  
Cloud Computing ◽  
Statistical Methods ◽  
Personal Computer ◽  
Service Provider ◽  
The Internet ◽  
Side Channel ◽  
Law And Order ◽  
Side Channel Attack ◽  
Side Channel Attacks ◽  
Privacy Concerns

Cloud computing is used for storing and managing information using the remote servers, which is hosted on the internet instead of storing it in a normal server or personal computer. The main purpose of why most of the companies use the cloud for storing and managing data is to not have to pay money for storing data. The main aim is to allow users to benefit from all technologies. Virtualization is considered to be the main technology of cloud computing. Several privacy concerns are caused by the cloud because the service provider can access the data at any time. Cloud providers can also share the information for the purpose of law and order. The information gathered from the physical implementation is called a side channel attack. Some technical knowledge is required for side channel attacks and these attacks are based on statistical methods. It works by monitoring the security critical operations. The side channel attack is based on the information which is leaking and the information which is kept secret.

scholarly journals A Security-Awareness Virtual Machine Management Scheme Based on Chinese Wall Policy in Cloud Computing

2014 ◽  
Vol 2014 ◽  
pp. 1-12 ◽  
Author(s):  
Si Yu ◽  
Xiaolin Gui ◽  
Jiancai Lin ◽  
Feng Tian ◽  
Jianqiang Zhao ◽  
...  
Keyword(s):  
Cloud Computing ◽  
Virtual Machine ◽  
Utilization Rate ◽  
Side Channel ◽  
Security Awareness ◽  
Side Channel Attacks ◽  
Privacy Leakage ◽  
Management Scheme ◽  
Series Of Experiments ◽  
And Migration

Cloud computing gets increasing attention for its capacity to leverage developers from infrastructure management tasks. However, recent works reveal that side channel attacks can lead to privacy leakage in the cloud. Enhancing isolation between users is an effective solution to eliminate the attack. In this paper, to eliminate side channel attacks, we investigate the isolation enhancement scheme from the aspect ofvirtual machine(VM) management. The security-awareness VMs management scheme (SVMS), a VMs isolation enhancement scheme to defend against side channel attacks, is proposed. First, we use theaggressive conflict of interest relation(ACIR) andaggressive in ally with relation(AIAR) to describe user constraint relations. Second, based on the Chinese wall policy, we put forward four isolation rules. Third, the VMs placement and migration algorithms are designed to enforce VMs isolation between the conflict users. Finally, based on the normal distribution, we conduct a series of experiments to evaluate SVMS. The experimental results show that SVMS is efficient in guaranteeing isolation between VMs owned by conflict users, while the resource utilization rate decreases but not by much.

Sign in / Sign up

Export Citation Format

Share Document