Interference-based VM Migration to Mitgate Cache-based Side-channel Attacks in Cloud

摘要

Co-residency of different clients' VMs on the same hardware platform puts users at risk of cache-based side-channel attacks in cloud. While current countermeasures fail to be general and precise, we observe that cache behaviors of co-resident VMs interfere with each other. So we set up a novel cache interference model which precisely depicts how a bystander's behavior affects cache side channels between VMs. Based on this model, we propose an interference-based VM migration strategy to defend against cache attacks by co-locating multiple VMs so as to maximize the effect of one VM's cache activities on disrupting the cache access pattern of another VM which might be utilized by side-channel attackers. Simulation result shows that our approach is effective against cache attacks by improving the average interference ratio by about 35%.