A Server-Side Solution to Cache-Based Side-Channel Attacks in the Cloud

摘要

As Cloud services become more common place, recent work have uncovered vulnerabilities unique to Cloud systems. Specifically, the paradigm promotes a risk of information leakage across virtual machine isolation via side-channels. In this paper, we investigate the current state of side-channel vulnerabilities involving the CPU cache, and identify the shortcomings of traditional defenses in a Cloud environment. We explore why solutions to non-Cloud cache-based side-channels cease to work in Cloud environments, and develop a mitigation technique applicable for Cloud security. Applying this solution to a canonical Cloud environment, we demonstrate the validity of this Cloud-specific, cache-based side-channel mitigation technique. Furthermore, we show that it can be implemented as a server-side approach to improve security without inconveniencing the client. Finally, we conduct a comparison of our solution to the current state-of-the-art.