Side Channels in the Cloud: Isolation Challenges, Attacks, and Countermeasures

Abstract : Cloud computing is based on the sharing of physical resources among several virtual machines through a virtualization layer providing software isolation. Despite advances in virtualization, data security and isolation guarantees remain important challenges for cloud providers. Some of the most prominent isolation violations come from side-channel attacks that aim at exploiting and using a leaky channel to obtain sensitive data such as encryption keys. Such channels may be created by vulnerable implementations of cryptographic algorithms, exploiting weaknesses of processor architectures or of resource sharing in the virtualization layer. In this paper, we provide a comprehensive survey of side-channel attacks (SCA) and mitigation techniques for virtualized environments, focusing on cache-based attacks. We review isolation challenges, attack classes and techniques. We also provide a layer-based taxonomy of applicable countermeasures , from the hardware to the application level, with an assessment of their effectiveness.
Type de document :
Pré-publication, Document de travail
Liste complète des métadonnées

Littérature citée [98 références]  Voir  Masquer  Télécharger
Contributeur : Mohammad Mahdi Bazm <>
Soumis le : vendredi 22 septembre 2017 - 09:24:04
Dernière modification le : mardi 4 décembre 2018 - 11:08:10
Document(s) archivé(s) le : samedi 23 décembre 2017 - 12:50:57


Fichiers produits par l'(les) auteur(s)


  • HAL Id : hal-01591808, version 1


Mohammad-Mahdi Bazm, Marc Lacoste, Mario Südholt, Jean-Marc Menaud. Side Channels in the Cloud: Isolation Challenges, Attacks, and Countermeasures. 2017. 〈hal-01591808〉



Consultations de la notice


Téléchargements de fichiers