Abstract
We introduce a method for protection against a side-channel attack made possible by the use of a cloud-computing feature called memory deduplication. Memory deduplication improves the efficiency with which physical memory is used by the virtual machines (VMs) running on the same server by keeping in memory only one copy of the libraries and other software used by multiple VMs. However, this allows an attacker’s VM to find out the memory locations (and thus the operations) used by a victim’s VM, as these locations are cached and can be accessed faster than memory locations not used by the victim. To perform the attack, the malicious VM needs to execute an abnormal sequence of cache flushes, and our new method detects this by monitoring memory locations associated with sensitive (e.g., encryption) operations and using logistic regression to identify the abnormal cached operations. Furthermore, by using its own cache flushing, our method disrupts the side channel, making it more difficult for the attacker to acquire useful information. The experiments we ran using the KVM hypervisor and Ubuntu 18.04 LTS VMs on both Debian 10 and CentOS physical servers show that our method can detect attacks with 99% accuracy, and can feed fake information to an attacker with between 2–8% CPU overheads.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Takabi, H., Joshi, J.B., Ahn, G.-J.: Security and privacy challenges in cloud computing environments. IEEE Secur. Privacy 8(6), 24–31 (2010)
Garrison, G., Kim, S., Wakefield, R.L.: Success factors for deploying cloud computing. Commun. ACM 55(9), 62–68 (2012)
Hussain, S.A., Fatima, M., Saeed, A., Raza, I., Shahzad, R.K.: Multilevel classification of security concerns in cloud computing. Appl. Comput. Inform. 13(1), 57–65 (2017)
Kuyoro, S., Ibikunle, F., Awodele, O.: Cloud computing security issues and challenges. Int. J. Comput. Networks (IJCN) 3(5), 247–255 (2011)
Saxena, S., Sanyal, G., Srivastava, S., Amin, R.: Preventing from cross-vm side-channel attack using new replacement method. Wireless Pers. Commun. 97(3), 4827–4854 (2017)
Anwar, S., et al.: Cross-VM cache-based side channel attacks and proposed prevention mechanisms: a survey. J. Network Comput. Appl. 93, 259–279 (2017)
Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Wait a minute! a fast, cross-vm attack on AES. In: International Workshop on Recent Advances in Intrusion Detection, pp. 299–319 (2014)
Yarom, Y., Falkner, K.: Flush+ reload: a high resolution, low noise, l3 cache side-channel attack. In: 23rd \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 14), pp. 719–732 (2014)
Hornby, T.: Side-channel attacks on everyday applications: distinguishing inputs with flush+reload. BlackHat USA (2016)
Philippe-Jankovic, D., Zia, T.A.: Breaking VM isolation-an in-depth look into the cross VM flush reload cache timing attack. Int. J. Comput. Sci. Network Secur. (IJCSNS) 17(2), 181 (2017)
Bazm, M.-M., Sautereau, T., Lacoste, M., Sudholt, M., Menaud, J.-M.: Cache-based side-channel attacks detection through intel cache monitoring technology and hardware performance counters. In: 3rd International Conference on Fog and Mobile Edge Computing (FMEC), pp. 7–12 (2018)
Chiappetta, M., Savas, E., Yilmaz, C.: Real time detection of cache-based side-channel attacks using hardware performance counters. Appl. Soft Comput. 49, 1162–1174 (2016)
Cho, J., Kim, T., Kim, S., Im, M., Kim, T., Shin, Y.: Real-time detection for cache side channel attack using performance counter monitor. Appl. Sci. 10(3), 984 (2020)
Gulmezoglu, B., Moghimi, A., Eisenbarth, T., Sunar, B.: Fortuneteller: predicting microarchitectural attacks via unsupervised deep learning. arXiv preprint arXiv:1907.03651 (2019)
Mushtaq, M., Akram, A., Bhatti, M.K., Rais, R.N.B., Lapotre, V., Gogniat, G.: Run-time detection of prime+ probe side-channel attack on AES encryption algorithm. In: Global Information Infrastructure and Networking Symposium (GIIS), pp. 1–5 (2018)
Zhang, T., Zhang, Y., Lee, R.B.: Cloudradar: a real-time side-channel attack detection system in clouds. In: International Symposium on Research in Attacks, Intrusions, and Defenses, pp. 118–140 (2016)
Wang, H., Sayadi, H., Rafatirad, S., Sasan, A., Homayoun, H.: Scarf: detecting side-channel attacks at real-time using low-level hardware features. In: IEEE 26th International Symposium on On-Line Testing and Robust System Design (IOLTS), pp. 1–6 (2020)
Xia, W., et al.: A comprehensive study of the past, present, and future of data deduplication. Proc. IEEE 104(9), 1681–1710 (2016)
Suzaki, K., Iijima,K., Yagi, T., Artho, C.: Memory deduplication as a threat to the guest OS. In: 4th European Workshop on System Security, p. 1 (2011)
Xiao, J., Xu, Z., Huang, H., Wang, H.: Security implications of memory deduplication in a virtualized environment. In: 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 1–12 (2013)
Lindemann, J., Fischer, M.: A memory-deduplication side-channel attack to detect applications in co-resident virtual machines. In: 33rd Annual ACM Symposium on Applied Computing, pp. 183–192 (2018)
Yan, L., Guo, Y., Chen, X., Mei, H.: A study on power side channels on mobile devices. In: 7th Asia-Pacific Symposium on Internetware, pp. 30–38 (2015)
Briongos, S., Irazoqui, G., Malagón, P., Eisenbarth, T.: Cacheshield: detecting cache attacks through self-observation. In: 8th ACM Conference on Data and Application Security and Privacy, pp. 224–235 (2018)
Bernstein, D.J.: Cache-timing attacks on AES (2005)
Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Fine grain cross-VM attacks on Xen and VMware. In: IEEE 4th International Conference on Big Data and Cloud Computing, pp. 737–744 (2014)
Jayasinghe, D., Fernando, J., Herath, R., Ragel, R.: Remote cache timing attack on advanced encryption standard and countermeasures. In: 5th International Conference on Information and Automation for Sustainability, pp. 177–182 (2010)
Atici, A.C., Yilmaz, C., Savaş, E.: Cache-timing attacks without a profiling phase. Turkish J. Electr. Eng. Comput. Sci. 26(4), 1953–1966 (2018)
Yarom, Y., Benger, N.: Recovering OpenSSL ECDSA nonces using the Flush+Reload cache side-channel attack. IACR Cryptology ePrint Archive, vol. 2014, p. 140 (2014)
Gullasch, D., Bangerter, E., Krenn, S.: Cache games-bringing access-based cache attacks on AES to practice. In: IEEE Symposium on Security and Privacy, pp. 490–505 (2011)
Base, V.K.: Security considerations and disallowing inter-virtual machine transparent page sharing, VMware Knowledge Base, vol. 2080735 (2014)
Gruss, D., Maurice, C., Wagner, K., Mangard, S.: Flush+ flush: a fast and stealthy cache attack. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 279–299 (2016)
Yarom, Y.: Mastik: a micro-architectural side-channel toolkit. https://cs.adelaide.edu.au/~yval/Mastik/
Intel: Virtual targets. https://software.intel.com/content/www/us/en/develop/documentation/vtune-help/top/set-up-analysis-target/on-virtual-machine.html
Du, J., Sehrawat, N., Zwaenepoel, W.: Performance profiling of virtual machines. In: 7th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pp. 3–14 (2011)
Hat, R.: 2.2. Virtual Performance Monitoring Unit (vPMU) Red Hat Enterprise Linux 7. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_tuning_and_optimization_guide/sect-virtualization_tuning_optimization_guide-monitoring_tools-vpmu
Zhang, Y., Juels, A., Oprea, A., Reiter, M.K.: Homealone: co-residency detection in the cloud via side-channel analysis. In: IEEE Symposium on Security and Privacy, pp. 313–328 (2011)
Xiao, Z., Xiao, Y.: Security and privacy in cloud computing. IEEE Commun. Surv. Tutor. 15(2), 843–859 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Albalawi, A., Vassilakis, V., Calinescu, R. (2021). Memory Deduplication as a Protective Factor in Virtualized Systems. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2021. Lecture Notes in Computer Science(), vol 12809. Springer, Cham. https://doi.org/10.1007/978-3-030-81645-2_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-81645-2_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-81644-5
Online ISBN: 978-3-030-81645-2
eBook Packages: Computer ScienceComputer Science (R0)