Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

A novel approach to prevent cache based side-channel attack in the cloud (1)

Summary of “A Novel Approach to Prevent Cache-Based Side-Channel Attack in the Cloud”
Read more at https://mrg-goel.medium.com/summary-of-a-novel-approach-to-prevent-cache-based-side-channel-attack-in-the-cloud-2bd802e20155

  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

A novel approach to prevent cache based side-channel attack in the cloud (1)

  1. 1. A Novel Approach to Prevent Cache-Based Side-Channel Attack in the Cloud Writtenby MuhammedSadiqueUK*, DivyaJamesin 2016
  2. 2. AGENDA 1. Cloud and side channels 2. Side channel attacks 3. Existing sol vs. proposed sol. 4. Decision algorithm 5. Conclusion
  4. 4. The Cloud Model ❏ Resources for more than one client ❏ Hidden details of infrastructure ❏ Always on ❏ Pay per use ❏ Servers accessed remotely ❏ Example : Amazon web services, Google cloud, Microsoft Azure
  5. 5. Side-Channel ❏ A mode of bypassing virtual machine for gaining information from the physical implementation rather than brute force or theoretical weaknesses in the algorithm
  6. 6. Side-Channel Attack ❏ A side channel attack is any attack based on information gained from the implementation of a computer system, rather than a weakness in the implemented algorithm itself. ❏ The things which can be exploited in side channel attack can be timing information, power consumption, electromagnetic leaks or even sound as all of these can provide an extra source of information.
  7. 7. How secure is your cache against side- channel attacks? ❏ caches are essential for the performance of modern computers ❏ Security-critical data can leak through very unexpected side channels, making side- channel attacks very dangerous threats
  8. 8. Cache-Based Side-Channel Attack ❏ Cache side channel attacks are basically attacks based on attackers ability to monitor cache accesses made by the victim in a shared physical system asi in virtualized environment or a type of cloud service ❏ AIM: Extract Information ❏ Source : leakage ❏ Procedure : convert leakage into information ❏ Types: sequential and parallel
  9. 9. Purpose of the paper ❏ cache-based side-channels in a cloud environment ❏ sequential type of side channel attack. ❏ There are several server-side defences inpace to handle cache-based side channels. ❏ Ex. cache flushing - Make cache useless ❏ prevent the side-channel’s occurrence - an algorithm designed to implement the technique. ❏ Minimalistic fashion to help minimize resulting overhead
  10. 10. Existing solution vs. suggested solution
  11. 11. Currentscenario ❏ Focusses on flushing the cache ❏ Reduces usefulness of the cache ❏ Increased cost due to flushing the cache Solution ❏ Focuses on disabling the difference in access time ❏ Includes two new functions in hypervisor: wait function, Algorithm ❏ Prevents time information parameter leakage in the cache of the cloud ❏ Usefulness of cache, decrease the cost and prevent the data loss
  12. 12. Cache-Wait ❏ If the time taken for the cache miss is greater than the cache hit, Cache-Wait operates. ❏ Cache-Wait will hold the cache execution process for the specific time. ❏ The specific time is determined from the difference in the accessing time required for fetching data from the main memory and the cache memory. That is, the difference in accessing time required between cache miss and cache hit. ❏ In general, a wait would only be necessary before the Probe step
  13. 13. Decision Algorithm Function contextSwitch(DomX,DomY) { // from DomX to DomY If Main_T > Cache_T waitCache(); return; } EndFunction
  14. 14. Statistical Analysis This analysis suggests that algorithm is efficient
  15. 15. Graphical presentation
  16. 16. Conclusion ❏ cloud’s architecture is particularly susceptible to cache-based side-channel attacks. ❏ interfering with the cloud model is necessary ( ❏ sequential side-channels are taken care by their solution ❏ Focus cache-based side-channels in the Cloud and does not interfere with the Cloud model ❏ The time information parameter leakage ❏ Efficient algorithm proposed
  17. 17. Our Opinion ❏ Great job in reducing cost when ❏ Future plan is to implement this approach in real- time environment and in the Docker ❏ Amount of flush function execution is much more when there are five or more virtual machines. ❏ Parallel cache-based side channel attacks or hardware based side channel attacks are still large area to focus in security terms.