Co-residency Detection Scheme based on Shared Cache in the Cloud
-
Graphical Abstract
-
Abstract
Cloud computing, an emerging computing and service paradigm, where the computing and storage capabilities are outsourced on demand, offers the advanced capabilities of sharing and multi-tenancy. However, it also introduces a range of new vulnerabilities, such as side channel attacks. Malicious users can extract sensitive information from other users covertly via side channel attack, which breaks the isolation between the co-resident virtual machines (VMs). In the existing works, interferences introduced by other co-resident VMs are not considered sufficiently. However, they are realistic in the multi-tenancy cloud. Based on the existing results, we propose the co-residency detection scheme via cache-based side channel attacks in the virtual computing environment, considering the interferences of the VMs. In the scheme, we investigate the use of expectation and entropy to describe the cache load characteristics relating to the location of victim VM. Then, the algorithm based on clustering technique is used to extract the cache load characteristics, and the VMs co-residency detection rules are proposed to complete detection. The experimental results show that the scheme can obtain the load profile efficiently and accurately, and realize co-residency detection with high true detection rate. It further demonstrates that side channel attack is a significant security challenge faced by cloud computing.
-
-