Investigating timing channel in IaaS

Rui Yang, Xiaojiang Du, Xiao Fu, Bin Luo

Research output: Contribution to journalConference articlepeer-review

Abstract

In IaaS (such as Amazon EC2 and Microsoft Azure), several VM (virtual-machine) instances usually run in one physical machine so as to improve resource utilization. However this also caused more attack opportunities. A typical example is a cross-VM timing channel. Recent studies show that this kind of covert channel can successfully steal private information (e.g. private key) from the co-resident VM instances. It brought great challenges to the security of the cloud and has absorbed more and more attention in recent years. But to our knowledge, there is still little work on detecting and investigating such covert channel. Therefore, we propose a behavior-based method to automatically detect and investigate the timing channel. First, in order to record the behavior of this covert channel, a page-level memory monitoring method is designed. Second, an automatic identification algorithm is proposed based on some memory activity signatures. Finally, in order to confirm the result, the memory dump will be obtained and the binary code of the suspicious process will be analyzed. We have implemented a prototype on Xen, and the experimental results show that all of these kinds of attacks can be detected even under the disturbance from normal processes.

Original languageEnglish
JournalInternational Conference on Mobile Multimedia Communications (MobiMedia)
DOIs
StatePublished - 2016
Event9th EAI International Conference on Mobile Multimedia Communications, MOBIMEDIA 2016 - Xi'an, China
Duration: 18 Jun 201620 Jun 2016

Keywords

  • Cloud forensics
  • Cloud security
  • Infrastructure as a service
  • Timing channel

Fingerprint

Dive into the research topics of 'Investigating timing channel in IaaS'. Together they form a unique fingerprint.

Cite this