MemWander: Memory Dynamic Remapping via Hypervisor Against Cache-Based Side-Channel Attacks

Abstract

Current countermeasures against last level cache (LLC) based non-memory-sharing side-channel attacks (LNSA), which is a powerful and practical cache attack in the cloud, fail in practical due to their shortage of generality or efficiency. Motivated by random cache access, we propose a novel defense method called dynamic remapping which dynamically changes mapping relationship from virtual memory to cache at hypervisor layer. It aims to confuse the attacker about the relationship between observed cache activities and values of demanded secret. In order to guarantee scalability and deployability, we formalize the problem of remapping, and design a sequential classified selection algorithm to decide how to remap all those protected memory. Furthermore, we implement MemWander, a prototype system integrated in Xen and OpenStack which are popular cloud settings. And its security improvement and performance overhead are evaluated on various applications and an apache server as a simulated cloud service. The experimental results show that MemWander not only provides enough security guarantees for general services in cloud, but also induces low performance overhead as no more than 7%, which is tolerable in most scenarios.