[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1109/SP.2011.31guideproceedingsArticle/Chapter ViewAbstractPublication PagesConference Proceedingsacm-pubtype
Article

HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis

Published: 22 May 2011 Publication History

Abstract

Security is a major barrier to enterprise adoption of cloud computing. Physical co-residency with other tenants poses a particular risk, due to pervasive virtualization in the cloud. Recent research has shown how side channels in shared hardware may enable attackers to exfiltrate sensitive data across virtual machines (VMs). In view of such risks, cloud providers may promise physically isolated resources to select tenants, but a challenge remains: Tenants still need to be able to verify physical isolation of their VMs. We introduce Home Alone, a system that lets a tenant verify its VMs' exclusive use of a physical machine. The key idea in Home Alone is to invert the usual application of side channels. Rather than exploiting a side channel as a vector of attack, Home Alone uses a side-channel (in the L2 memory cache) as a novel, defensive detection tool. By analyzing cache usage during periods in which "friendly" VMs coordinate to avoid portions of the cache, a tenant using Home Alone can detect the activity of a co-resident "foe" VM. Key technical contributions of Home Alone include classification techniques to analyze cache usage and guest operating system kernel modifications that minimize the performance impact of friendly VMs sidestepping monitored cache portions. Home Alone requires no modification of existing hyper visors and no special action or cooperation by the cloud provider.

Cited By

View all
  • (2024)Pentimento: Data Remanence in Cloud FPGAsProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3620665.3640355(862-878)Online publication date: 27-Apr-2024
  • (2024)Everywhere All at Once: Co-Location Attacks on Public Cloud FaaSProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 110.1145/3617232.3624867(133-149)Online publication date: 27-Apr-2024
  • (2023)CACHEQLProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620350(2009-2026)Online publication date: 9-Aug-2023
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings
SP '11: Proceedings of the 2011 IEEE Symposium on Security and Privacy
May 2011
527 pages
ISBN:9780769544021

Publisher

IEEE Computer Society

United States

Publication History

Published: 22 May 2011

Author Tags

  1. Cloud computing
  2. Infrastructure-as-a-Service (IaaS)
  3. co-residency detection
  4. side-channel analysis

Qualifiers

  • Article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)0
  • Downloads (Last 6 weeks)0
Reflects downloads up to 28 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Pentimento: Data Remanence in Cloud FPGAsProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3620665.3640355(862-878)Online publication date: 27-Apr-2024
  • (2024)Everywhere All at Once: Co-Location Attacks on Public Cloud FaaSProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 110.1145/3617232.3624867(133-149)Online publication date: 27-Apr-2024
  • (2023)CACHEQLProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620350(2009-2026)Online publication date: 9-Aug-2023
  • (2023)FlushTime: Towards Mitigating Flush-based Cache Attacks via Collaborating Flush Instructions and Timers on ARMv8-AProceedings of the 2023 ACM Asia Conference on Computer and Communications Security10.1145/3579856.3595803(190-204)Online publication date: 10-Jul-2023
  • (2022)Ready Raider OneProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560647(1993-2007)Online publication date: 7-Nov-2022
  • (2022)NVMe-oAFProceedings of the 31st International Symposium on High-Performance Parallel and Distributed Computing10.1145/3502181.3531476(56-70)Online publication date: 27-Jun-2022
  • (2021)Packet Scheduling with Optional Client PrivacyProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3485371(3415-3430)Online publication date: 12-Nov-2021
  • (2021)Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow LinearizationProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484583(715-733)Online publication date: 12-Nov-2021
  • (2020)Exposing cache timing side-channel leaks through out-of-order symbolic executionProceedings of the ACM on Programming Languages10.1145/34282154:OOPSLA(1-32)Online publication date: 13-Nov-2020
  • (2019)Rendered privateProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361453(1645-1660)Online publication date: 14-Aug-2019
  • Show More Cited By

View Options

View options

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media