Abstract
We introduce a method for protection against a side-channel attack made possible by the use of a cloud-computing feature called memory deduplication. Memory deduplication improves the efficiency with which physical memory is used by the virtual machines (VMs) running on the same server by keeping in memory only one copy of the libraries and other software used by multiple VMs. However, this allows an attacker’s VM to find out the memory locations (and thus the operations) used by a victim’s VM, as these locations are cached and can be accessed faster than memory locations not used by the victim. To perform the attack, the malicious VM needs to execute an abnormal sequence of cache flushes, and our new method detects this by monitoring memory locations associated with sensitive (e.g., encryption) operations and using logistic regression to identify the abnormal cached operations. Furthermore, by using its own cache flushing, our method disrupts the side channel, making it more difficult for the attacker to acquire useful information. The experiments we ran using the KVM hypervisor and Ubuntu 18.04 LTS VMs on both Debian 10 and CentOS physical servers show that our method can detect attacks with 99% accuracy, and can feed fake information to an attacker with between 2–8% CPU overheads.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
