Isolation in Cloud Computing Infrastructures: New Security Challenges

Abstract : Cloud computing infrastructures are highly based on the sharing of hardware resources among different clients. The infrastructures leverage virtualization to share physical resources among several self-contained execution environments like virtual machines and Linux containers. Isolation is a core security challenge for such paradigm. It may be threatened through side-channels, created due to the sharing of physical resources like caches of the processor or by mechanisms implemented in the virtualization layer. Side-channel attacks (SCAs) exploit and use such leaky channels to obtain sensitive data like kernel information. This paper aims to clarify the nature of this threat for cloud infrastructures. Current SCAs are done locally and exploit isolation challenges of virtualized environments to retrieve sensitive information. In this paper, we also clarify the concept of distributed side-channel attack (DSCA). We explore how such attacks can threaten isolation of any virtualized environments such as cloud computing infrastructures. Finally, we study a set of different applicable countermeasures for attack mitigation in cloud infrastructures.
Complete list of metadatas

https://hal.inria.fr/hal-01874206
Contributor : Mohammad Mahdi Bazm <>
Submitted on : Friday, September 14, 2018 - 10:28:30 AM
Last modification on : Thursday, April 18, 2019 - 5:06:10 PM

Identifiers

  • HAL Id : hal-01874206, version 1

Citation

Mohammad-Mahdi Bazm, Marc Lacoste, Mario Südholt, Jean-Marc Menaud. Isolation in Cloud Computing Infrastructures: New Security Challenges. Annals of Telecommunications - annales des télécommunications, Springer, In press. ⟨hal-01874206⟩

Share

Metrics

Record views

400