| Titel | CPU-based Covert- and Side-Channels in Cloud Ecosystems / Johann Betz, Dirk Westhoff |
|---|
| Person | Betz, Johann [Verfasser/in]
Westhoff, Dirk [Verfasser/in] |
|---|
| Physische Beschreibung | 1 Tabelle (Sonstige Angaben) |
|---|
| Anmerkungen | Referenzen |
|---|
| Sprache | Englisch |
|---|
| Nummer | 1725235269 (K10Plus-Nummer) |
|---|
| In | 2nd Baden-Württemberg Center of Applied Research Symposium on Information and Communication Systems - SInCom 2015 / [Herausgeber:] Dirk Benyoucef, Jürgen Freudenberger ; Baden-Württemberg Center of Applied Research (BW-CAR). - Konstanz - (2015), S.19-23 |
|---|
| Schlagwortfolge | Zentraleinheit ; Verdeckter Kanal |
|---|
| Inhalt | Covert and Side-Channels have been known for a long time due to their versatile forms of appearance. For nearly every technical improvement or change in technology, such channels have been (re-)created or known methods have been adapted. For example the introduction of hyperthreading technology has introduced new possibilities for covert communication between malicious processes because they can now share the arithmetic logical unit (ALU) as well as the L1 and L2 cache which enables establishing multiple covert channels. Even virtualization which is known for its isolation of multiple machines is prone to covert and side-channel attacks due to the sharing of resources. Therefore itis not surprising that cloud computing is not immune to this kind of attacks. Even more, cloud computing with multiple, possibly competing users or customers using the same shared resources may elevate the risk of unwanted communication. In such a setting the ”air gap” between physical servers and networks disappears and only the means of isolation and virtual separation serve as a barrier between adversary and victim. In the work at hand we will provide a survey on weak spots an adversary trying to exfiltrate private data from target virtual machines could exploit in a cloud environment. We will evaluate the feasibility of example attacks and point out possible mitigation solutions if they exist. |
|---|