Side Channels in the Cloud: Isolation Challenges, Attacks, and Countermeasures

Abstract : Cloud computing is based on the sharing of physical resources among several virtual machines through a virtualization layer providing software isolation. Despite advances in virtualization, data security and isolation guarantees remain important challenges for cloud providers. Some of the most prominent isolation violations come from side-channel attacks that aim at exploiting and using a leaky channel to obtain sensitive data such as encryption keys. Such channels may be created by vulnerable implementations of cryptographic algorithms, exploiting weaknesses of processor architectures or of resource sharing in the virtualization layer. In this paper, we provide a comprehensive survey of side-channel attacks (SCA) and mitigation techniques for virtualized environments, focusing on cache-based attacks. We review isolation challenges, attack classes and techniques. We also provide a layer-based taxonomy of applicable countermeasures , from the hardware to the application level, with an assessment of their effectiveness.
Type de document :
Pré-publication, Document de travail
2017
Liste complète des métadonnées

Littérature citée [105 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01591808
Contributeur : Mohammad Mahdi Bazm <>
Soumis le : vendredi 22 septembre 2017 - 09:24:04
Dernière modification le : mardi 16 janvier 2018 - 14:40:52
Document(s) archivé(s) le : samedi 23 décembre 2017 - 12:50:57

Fichier

sca_survey.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-01591808, version 1

Collections

Citation

Mohammad-Mahdi Bazm, Marc Lacoste, Mario Südholt, Jean-Marc Menaud. Side Channels in the Cloud: Isolation Challenges, Attacks, and Countermeasures. 2017. 〈hal-01591808〉

Partager

Métriques

Consultations de la notice

764

Téléchargements de fichiers

166