Side Channels in the Cloud: Isolation Challenges, Attacks, and Countermeasures

Abstract : Cloud computing is based on the sharing of physical resources among several virtual machines through a virtualization layer providing software isolation. Despite advances in virtualization, data security and isolation guarantees remain important challenges for cloud providers. Some of the most prominent isolation violations come from side-channel attacks that aim at exploiting and using a leaky channel to obtain sensitive data such as encryption keys. Such channels may be created by vulnerable implementations of cryptographic algorithms, exploiting weaknesses of processor architectures or of resource sharing in the virtualization layer. In this paper, we provide a comprehensive survey of side-channel attacks (SCA) and mitigation techniques for virtualized environments, focusing on cache-based attacks. We review isolation challenges, attack classes and techniques. We also provide a layer-based taxonomy of applicable countermeasures , from the hardware to the application level, with an assessment of their effectiveness.
Document type :
Preprints, Working Papers, ...
Liste complète des métadonnées

Cited literature [98 references]  Display  Hide  Download

https://hal.inria.fr/hal-01591808
Contributor : Mohammad Mahdi Bazm <>
Submitted on : Friday, September 22, 2017 - 9:24:04 AM
Last modification on : Tuesday, March 26, 2019 - 9:25:22 AM
Document(s) archivé(s) le : Saturday, December 23, 2017 - 12:50:57 PM

File

sca_survey.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01591808, version 1

Citation

Mohammad-Mahdi Bazm, Marc Lacoste, Mario Südholt, Jean-Marc Menaud. Side Channels in the Cloud: Isolation Challenges, Attacks, and Countermeasures. 2017. ⟨hal-01591808⟩

Share

Metrics

Record views

2565

Files downloads

1520