Side-Channels Beyond the Cloud Edge : New Isolation Threats and Solutions

Abstract : Fog and edge computing leverage resources of end users and edge devices rather than centralized clouds. Isolation is a core security challenge for such paradigms: just like traditional clouds, fog and edge infrastructures are based on virtualization to share physical resources among several self-contained execution environments like virtual machines and containers. Yet, isolation may be threatened due to side-channels, created by the virtualization layer or due to the sharing of physical resources like the processor. Side-channel attacks (SCAs) exploit and use such leaky channels to obtain sensitive data. This paper aims to clarify the nature of this threat for fog and edge infrastructures. Current SCAs are local and exploit isolation challenges of virtualized environments to retrieve sensitive information. We introduce a new concept of distributed side-channel attack (DSCA) that is based on coordinating local attack techniques. We explore how such attacks can threaten isolation of any virtualized environments such as fog and edge computing. Finally, we study a set of different applicable countermeasures for attack mitigation.
Type de document :
Communication dans un congrès
CSNet 2017 : 1st Cyber Security in Networking Conference, Oct 2017, Rio de Janeiro, Brazil. IEEE, pp.1-8, 1st Cyber Security in Networking Conference (CSNet'17). 〈10.1109/CSNET.2017.8241986〉
Liste complète des métadonnées

Littérature citée [35 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01593144
Contributeur : Mohammad Mahdi Bazm <>
Soumis le : vendredi 14 septembre 2018 - 11:34:01
Dernière modification le : lundi 17 septembre 2018 - 09:10:36

Fichier

csnet2017_draft.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Mohammad-Mahdi Bazm, Marc Lacoste, Mario Südholt, Jean-Marc Menaud. Side-Channels Beyond the Cloud Edge : New Isolation Threats and Solutions. CSNet 2017 : 1st Cyber Security in Networking Conference, Oct 2017, Rio de Janeiro, Brazil. IEEE, pp.1-8, 1st Cyber Security in Networking Conference (CSNet'17). 〈10.1109/CSNET.2017.8241986〉. 〈hal-01593144v2〉

Partager

Métriques

Consultations de la notice

71

Téléchargements de fichiers

11