高级检索

    云环境中基于cache共享的虚拟机同驻检测方法

    Co-residency Detection Scheme based on Shared Cache in the Cloud

    • 摘要: 云计算是一种新型计算模型,按需提供外包计算和存储服务,具有资源共享、多租户服务等特性.但是,它也面临着新的安全威胁,例如侧通道攻击.通过侧通道攻击,恶意用户可以突破虚拟机隔离性,以一种隐蔽的方式获取其他用户的私密信息.现有侧通道攻击方法缺乏对其他同驻虚拟机干扰的分析.然而,这种干扰在多租户云环境中是不可避免的.针对该问题,提出一种基于cache侧通道攻击的虚拟机同驻检测方法.该方法基于期望和熵分析了cache负载特征,采用基于聚类的方法提取cache负载特征,通过同驻检测策略实现虚拟机同驻检测.实验结果表明,该方法能够有效地提取cache负载特征,并以较高的成功率实现虚拟机同驻检测.同时进一步表明,侧通道攻击是云计算面临的一种重要安全挑战.

       

      Abstract: Cloud computing, an emerging computing and service paradigm, where the computing and storage capabilities are outsourced on demand, offers the advanced capabilities of sharing and multi-tenancy. However, it also introduces a range of new vulnerabilities, such as side channel attacks. Malicious users can extract sensitive information from other users covertly via side channel attack, which breaks the isolation between the co-resident virtual machines (VMs). In the existing works, interferences introduced by other co-resident VMs are not considered sufficiently. However, they are realistic in the multi-tenancy cloud. Based on the existing results, we propose the co-residency detection scheme via cache-based side channel attacks in the virtual computing environment, considering the interferences of the VMs. In the scheme, we investigate the use of expectation and entropy to describe the cache load characteristics relating to the location of victim VM. Then, the algorithm based on clustering technique is used to extract the cache load characteristics, and the VMs co-residency detection rules are proposed to complete detection. The experimental results show that the scheme can obtain the load profile efficiently and accurately, and realize co-residency detection with high true detection rate. It further demonstrates that side channel attack is a significant security challenge faced by cloud computing.

       

    /

    返回文章
    返回