CacheSCDefender: VMM-based Comprehensive Framework against Cache-based Side-channel Attacks

• Chao Yang,
• Yunfei Guo,
• Hongchao Hu,
• Wenyan Liu,

Vol. 12, No. 12, December 30, 2018
10.3837/tiis.2018.12.026, Download Paper (Free):

• Cloud computing
• cache-based side-channel attacks
• dynamic remapping
• cache cleansing
• comprehensive defense

Abstract

Cache-based side-channel attacks have achieved more attention along with the development of cloud computing technologies. However, current host-based mitigation methods either provide bad compatibility with current cloud infrastructure, or turn out too application-specific. Besides, they are defending blindly without any knowledge of on-going attacks. In this work, we present CacheSCDefender, a framework that provides a (Virtual Machine Monitor) VMM-based comprehensive defense framework against all levels of cache attacks. In designing CacheSCDefender, we make three key contributions: (1) an attack-aware framework combining our novel dynamic remapping and traditional cache cleansing, which provides a comprehensive defense against all three cases of cache attacks that we identify in this paper; (2) a new defense method called dynamic remapping which is a developed version of random permutation and is able to deal with two cases of cache attacks; (3) formalization and quantification of security improvement and performance overhead of our defense, which can be applicable to other defense methods. We show that CacheSCDefender is practical for deployment in normal virtualized environment, while providing favorable security guarantee for virtual machines.

Statistics

Cite this article