Integrated Protection Mechanisms for Mitigating Microarchitectural Attacks in Cloud Computing

Abstract

By utilising the multi-tenancy characteristic, cloud computing promises to reduce expenses through less spending on hardware, infrastructure, and software. Even with all of its advantages, multi-tenancy poses hazards for cloud computing. Without suitable cloud security solutions, security concerns might end up being the main factor delaying adoption. Additionally, multi-tenancy enabled by virtualisation, which is one of the key elements of a cloud, creates significant security vulnerabilities and does not provide adequate isolation between various instances running on the same physical system. The three strategies we suggest to secure shared virtualised systems against microarchitectural attacks are presented in this re- search as a comprehensive solution. This includes experiments for combining the three approaches and assessing them in potential operational contexts. The assessment techniques have used several host systems to assess the system overhead, CPU usage, and protection accuracy. The studies we have conducted on both Debian 10 and Ubuntu 18.04 LTS physical servers utilising the KVM hypervisor demonstrate that our comprehensive protection can identify attacks with about 97% accuracy, and depending on how many mechanisms were used in the various experimental scenario settings, the proportion of CPU consumption has varied significantly. The CPU usage rate in experiments with different scenarios has ranged from 27% to 68%, while the average system load over 5 minutes has ranged from 1.40 to 4.2. This shows our proposed mechanisms are subject to refinement and enhancement, especially in cases that require a high processing load. Note that if we had used servers with more computing power, the results would certainly have been better.