Skip to Main content Skip to Navigation
Theses

Unified isolation architectures and mechanisms against side channel attacks for decentralized cloud infrastructures

Mohammad-Mahdi Bazm 1, 2
2 STACK - Software Stack for Massively Geo-Distributed Infrastructures
Inria Rennes – Bretagne Atlantique , LS2N - Laboratoire des Sciences du Numérique de Nantes
Abstract : In this thesis, we first provide a survey on the isolation challenge and on the cache- based side-channel attacks in cloud computing infrastructures. We then present different approaches to detect/mitigate cross-VM/cross-containers cache-based side-channel attacks. Regarding the detection of cache-based side-channel attacks, we achieve that by leveraging Hardware performance Counters (HPCs) and Intel Cache Monitoring Technology (CMT) with anomaly detection approaches to identify a malicious virtual machine or a Linux container. Our experimental results show a high detection rate.We then leverage an approach based on Moving Target Defense (MTD) theory to interrupt a cache-based side-channel attack between two Linux containers. MTD allows us to make the configuration of system more dynamic and consequently more harder to attack by an adversary, by using shuffling at different level of system and cloud. Our approach does not need to carrying modification neither into the guest OS or the hypervisor. Ex- perimental results show that our approach imposes very low performance overhead.
Complete list of metadatas

Cited literature [154 references]  Display  Hide  Download

https://hal.inria.fr/tel-02417362
Contributor : Mario Südholt <>
Submitted on : Wednesday, December 18, 2019 - 10:42:35 AM
Last modification on : Wednesday, June 24, 2020 - 4:19:52 PM
Long-term archiving on: : Thursday, March 19, 2020 - 4:42:26 PM

File

phd-final-MohammadMahdiBAZM-19...
Files produced by the author(s)

Identifiers

  • HAL Id : tel-02417362, version 1

Citation

Mohammad-Mahdi Bazm. Unified isolation architectures and mechanisms against side channel attacks for decentralized cloud infrastructures. Software Engineering [cs.SE]. Université de Nantes (UNAM), 2019. English. ⟨tel-02417362⟩

Share

Metrics

Record views

135

Files downloads

299