Covertlnspector: Identification of Shared Memory Covert Timing Channel in Multi-tenanted Cloud

Sheng Wang; Weizhong Qiang; Hai Jin; Jinfeng Yuan

首页> 外文期刊>International journal of parallel programming >Covertlnspector: Identification of Shared Memory Covert Timing Channel in Multi-tenanted Cloud

【24h】

Covertlnspector: Identification of Shared Memory Covert Timing Channel in Multi-tenanted Cloud

机译：CovertInspector：多租户云中共享内存隐蔽时序通道的标识

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Memory deduplication improves the memory efficiency of common multi-tenanted cloud. Due to the cross-VM memory sharing, malicious users can mount covert channel attack to steal secret information. While this kind of attack does not break the normal restrictions, it is very hard to detect and defend. In the paper, we present the design, implementation and evaluation of Covertlnspector-a VMM-based system to identify and eliminate a covert timing channel constructed on shared memory. Our proof-of-concept prototype is built on KVM and Kernel Samepage Merging (KSM), with minor modification to KVM hypervisor (about 300 LOC). Further evaluation shows that Covertlnspector is able to fully identify and eliminate such kind of covert channel with tolerable impact to the performance of guest VMs.

机译：内存重复数据删除可提高常见的多租户云的内存效率。由于跨VM内存共享，恶意用户可以发起隐蔽通道攻击来窃取秘密信息。尽管这种攻击没有打破常规限制，但很难检测和防御。在本文中，我们介绍了CovertInspector（一种基于VMM的系统）的设计，实现和评估，该系统可以识别和消除在共享内存上构建的隐式定时通道。我们的概念验证原型基于KVM和内核Samepage合并（KSM），对KVM虚拟机管理程序进行了较小的修改（大约300 LOC）。进一步的评估表明，CovertInspector能够完全识别和消除此类隐蔽通道，并且对来宾VM的性能具有可容忍的影响。

著录项

来源
《International journal of parallel programming》 |2017年第1期|142-156|共15页
作者
Sheng Wang; Weizhong Qiang; Hai Jin; Jinfeng Yuan;
展开▼
作者单位

Services Computing Technology and System Lab, Cluster and Grid Computing Lab, School of Computer Science and Technology, Huazhong University of Science and Technology,Wuhan 430074, China;

Services Computing Technology and System Lab, Cluster and Grid Computing Lab, School of Computer Science and Technology, Huazhong University of Science and Technology,Wuhan 430074, China;

Services Computing Technology and System Lab, Cluster and Grid Computing Lab, School of Computer Science and Technology, Huazhong University of Science and Technology,Wuhan 430074, China;

Shield Lab, Huawei Technologies Co. Ltd., Shenzhen 518129, China;

展开▼
收录信息美国《科学引文索引》(SCI);美国《工程索引》(EI);
原文格式 PDF
正文语种 eng
中图分类
关键词
Multi-tenant; Memory deduplication; Covert channel; Cloud computing;

机译：多租户;内存重复数据删除;隐秘渠道;云计算;

相似文献

外文文献
中文文献
专利

1. SnapCatch: Automatic Detection of Covert Timing Channels Using Image Processing and Machine Learning [J] . Shorouq Al-Eidi, Omar Darwish, Yuanzhu Chen, Quality Control, Transactions . 2021,第1期

机译：Snapcatch：使用图像处理和机器学习自动检测隐蔽定时通道
2. Inter-packet delays normalization to limit IP covert timing channels [J] . Artem Sokolov, Konstantin Kogos Procedia Computer Science . 2020,第5期

机译：分组间延迟归一化以限制IP隐蔽定时通道
3. A sensitive network jitter measurement for covert timing channels over interactive traffic [J] . Zhang Quanxin, Gong Hanxiao, Zhang Xiaosong, Multimedia Tools and Applications . 2019,第3期

机译：灵敏的网络抖动测量，用于交互流量上的秘密定时信道
4. Identification and Evaluation of Sharing Memory Covert Timing Channel in Xen Virtual Machines [C] . Wu JingZheng, Ding Liping, Wang Yongji, 2011 IEEE 4th International Conference on Cloud Computing . 2011

机译：Xen虚拟机中共享内存隐蔽定时通道的识别和评估
5. Real-Time Detection of Covert Timing Channels Using a Parallel System. [D] . Gegan, Ross Kieran. 2015

机译：使用并行系统实时检测隐蔽定时通道。
6. Polar Codes for Covert Communications over Asynchronous Discrete Memoryless Channels [O] . Guillaume Frèche, Matthieu R. Bloch, Michel Barret 2018

机译：异步离散记忆频道的隐蔽通信的极性代码
7. Implementation of covert timing channels based on http cache headers in cloud file storage services [O] . D. N. Kolegov, O. V. Broslavsky, N. E. Oleksov 2015

机译：基于云文件存储服务中的HTTP缓存标头的隐蔽定时频道实现

Covertlnspector: Identification of Shared Memory Covert Timing Channel in Multi-tenanted Cloud

摘要

著录项

相似文献

相关主题

期刊订阅