On the Prevention of Cache-Based Side-Channel Attacks in a Cloud Environment

• Main Author: Godfrey, Michael
• Other Authors: Queen's University (Kingston, Ont.). Theses (Queen's University (Kingston, Ont.))
• Language: en; en
• Published: 2013
• Subjects: CPU Cache; Server Side Defense; Cloud Computing; Security; Side Channel
• Online Access: http://hdl.handle.net/1974/8320

As Cloud services become more commonplace, recent works have uncovered vulnerabilities unique to such systems. Specifi cally, the paradigm promotes a risk of information leakage across virtual machine isolation via side-channels. Unlike conventional computing, the infrastructure supporting a Cloud environment allows mutually dis- trusting clients simultaneous access to the underlying hardware, a seldom met requirement for a side-channel attack. This thesis investigates the current state of side-channel vulnerabilities involving the CPU cache, and identifi es the shortcomings of traditional defenses in a Cloud environment. It explores why solutions to non-Cloud cache-based side-channels cease to work in Cloud environments, and describes new mitigation techniques applicable for Cloud security. Speci cally, it separates canonical cache-based side-channel attacks into two categories, Sequential and Parallel attacks, based on their implementation and devises a unique mitigation technique for each. Applying these solutions to a canonical Cloud environment, this thesis demonstrates the validity of these Cloud-specifi c, cache-based side-channel mitigation techniques. Furthermore, it shows that they can be implemented, together, as a server-side approach to improve security without inconveniencing the client. Finally, it conducts a comparison of our solutions to the current state-of-the-art. === Thesis (Master, Computing) -- Queen's University, 2013-09-25 18:03:47.737