Preventing and detecting cache side-channel attacks in cloud computing

Abstract

Cloud computing offers new cost effective services on-demand such as Software as a service (SaaS), Infrastructure as a service (IaaS) and Platform as a service (PaaS). However, with all of these services promising facilities and benefits, there are still a number of challenges associated with utilizing cloud computing such as data security, cyber-attacks, and multi-tenancy. Multi-tenancy in cloud computing has unique vulnerabilities, one particular issue involves virtual machines physical co-residency, which has been exploited to leak sensitive information and extract sensitive data using hardware side-channels. Side-channel attacks are classified according to the hardware medium they target and exploit, for instance, cache side-channel attacks, which are one of the most common hardware devices targeted by adversaries due to their high-rate interactions and sharing between processes. There are a number of proposed solutions to detect and prevent cache side-channel attacks, which failed due to the deceived normal behavior by cache side-channel in one hand. In the other hand, these solutions mainly rely on attached software or applications to detect any abnormal behavior on the CPU cache. These applications and software will slow down the CPU operations and introduce unwanted overload, which will affect the CPU performance. This paper presents a detailed study and analysis to cache side-channel attacks in cloud computing. It surveys and reports the important directions utilized to detect and prevent them. It also identifies important gaps, which are not fulfilled by the proposed solutions.