TY - JOUR
T1 - Timing Channel in IaaS
T2 - How to Identify and Investigate
AU - Fu, Xiao
AU - Yang, Rui
AU - Du, Xiaojiang
AU - Luo, Bin
AU - Guizani, Mohsen
N1 - Publisher Copyright:
© 2013 IEEE.
PY - 2019
Y1 - 2019
N2 - Recently, the Infrastructure as a Service Cloud (IaaS) (e.g., Amazon EC2) has been widely used by many organizations. However, some IaaS security issues create serious threats to its users. A typical issue is the timing channel. This kind of channel can be a cross-VM information channel, as proven by many researchers. Owing to the fact that it is covert and traceless, the traditional identification methods cannot build an accurate analysis model and obtain a compromised result. We investigated the underlying behavior of the timing channel from the perspective of the memory activity records and summarized the signature of the timing channel in the underlying memory activities. An identification method based on the long-term behavior signatures was proposed. We proposed a complete set of forensics steps including evidence extraction, identification, record reserve, and evidence reports. We studied four typical timing channels, and the experiments showed that these channels can be detected and investigated, even with the disturbances from normal processes.
AB - Recently, the Infrastructure as a Service Cloud (IaaS) (e.g., Amazon EC2) has been widely used by many organizations. However, some IaaS security issues create serious threats to its users. A typical issue is the timing channel. This kind of channel can be a cross-VM information channel, as proven by many researchers. Owing to the fact that it is covert and traceless, the traditional identification methods cannot build an accurate analysis model and obtain a compromised result. We investigated the underlying behavior of the timing channel from the perspective of the memory activity records and summarized the signature of the timing channel in the underlying memory activities. An identification method based on the long-term behavior signatures was proposed. We proposed a complete set of forensics steps including evidence extraction, identification, record reserve, and evidence reports. We studied four typical timing channels, and the experiments showed that these channels can be detected and investigated, even with the disturbances from normal processes.
KW - Digital investigation
KW - IaaS security
KW - timing channel
UR - http://www.scopus.com/inward/record.url?scp=85055044533&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85055044533&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2018.2876146
DO - 10.1109/ACCESS.2018.2876146
M3 - Article
AN - SCOPUS:85055044533
VL - 7
SP - 1
EP - 11
JO - IEEE Access
JF - IEEE Access
M1 - 8492406
ER -