A shared memory based cross-VM side channel attacks in IaaS cloud

Ziqi Wang, Rui Yang, Xiao Fu, Xiaojiang Du, Bin Luo

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

22 Scopus citations

Abstract

Cloud providers usually use virtualization to maximize the utilization of their computing resources, e.g. many virtual machines (VMs) run on a shared physical infrastructure. However co-residency with other VMs will cause high security risks, such as side channel attacks. This kind of attack is difficult to detect and prevent, so it's necessary to study it deeply. Recent research has shown attackers can build up cross-VM side channels to obtain sensitive information. However, due to the features of shared resources (e.g. CPU cache), the sensitive information obtained is usually limited and coarse-grained. In this paper, we present a novel side channel, which is based on shared physical memory and exploits the vulnerabilities of balloon driver. Balloon driver is a very popular mechanism used by current virtual machine managers (VMMs) to balance physical memory among several VMs. Because it is widely used in IaaS cloud, our side channel attack can achieve a high success rate. And compared with current cross-VM side channels, it can transmit more fine-grained data. Using Xen as a case study, we explore how to transmit data by this side channel.

Original languageEnglish
Title of host publication2016 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2016
Pages181-186
Number of pages6
ISBN (Electronic)9781467399555
DOIs
StatePublished - 6 Sep 2016
Event35th IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2016 - San Francisco, United States
Duration: 10 Apr 201614 Apr 2016

Publication series

NameProceedings - IEEE INFOCOM
Volume2016-September
ISSN (Print)0743-166X

Conference

Conference35th IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2016
Country/TerritoryUnited States
CitySan Francisco
Period10/04/1614/04/16

Keywords

  • Infrastructure-as-a-Service (IaaS)
  • cloud computing
  • cloud security
  • side channel attack

Fingerprint

Dive into the research topics of 'A shared memory based cross-VM side channel attacks in IaaS cloud'. Together they form a unique fingerprint.

Cite this