TY - JOUR
T1 - Detecting cache-based side channel attacks in the cloud
T2 - An approach with cascade detection mode
AU - Yu, Si
AU - Gui, Xiaolin
AU - Zhang, Xuejun
AU - Lin, Jiancai
AU - Dai, Min
PY - 2014
Y1 - 2014
N2 - Information leakage introduced by side channel attacks (SCA) has become a serious threat to the cloud. Using SCA, malicious users can steal private information from other virtual machines by analyzing third party distinct resource-contention responses. To the best of our knowledge, the investigation in detecting SCA in the cloud is very limited. In this paper, we introduce a novel approach for detecting cache-based side channel attacks, named SideDetector, based on the observation that the creation of a side channel has certain effects on the resource utilization in both the host machines and virtual machines. First, exploring this observation, we analyze the attack features from both the hosts and guests and propose four detection metrics. Second, we investigate the use of cascade detection mode, which consists of the stage of host detection and guest detection. Third, shape tests and regularity tests are used to calculate the detection metrics, and pattern recognition techniques are used to indicate the attacks. Finally, we conduct a series of experiments to evaluate the SideDetector. The experimental results show that SideDetector is capable of detecting the cache-based side channel attacks in the cloud effectively.
AB - Information leakage introduced by side channel attacks (SCA) has become a serious threat to the cloud. Using SCA, malicious users can steal private information from other virtual machines by analyzing third party distinct resource-contention responses. To the best of our knowledge, the investigation in detecting SCA in the cloud is very limited. In this paper, we introduce a novel approach for detecting cache-based side channel attacks, named SideDetector, based on the observation that the creation of a side channel has certain effects on the resource utilization in both the host machines and virtual machines. First, exploring this observation, we analyze the attack features from both the hosts and guests and propose four detection metrics. Second, we investigate the use of cascade detection mode, which consists of the stage of host detection and guest detection. Third, shape tests and regularity tests are used to calculate the detection metrics, and pattern recognition techniques are used to indicate the attacks. Finally, we conduct a series of experiments to evaluate the SideDetector. The experimental results show that SideDetector is capable of detecting the cache-based side channel attacks in the cloud effectively.
KW - Attack detection
KW - Cloud computing
KW - Information security
KW - Side channel attacks
KW - Virtualization
UR - https://www.scopus.com/pages/publications/84916926749
U2 - 10.6138/JIT.2014.15.6.03
DO - 10.6138/JIT.2014.15.6.03
M3 - 文章
AN - SCOPUS:84916926749
SN - 1607-9264
VL - 15
SP - 903
EP - 915
JO - Journal of Internet Technology
JF - Journal of Internet Technology
IS - 6
ER -