| Title | : | Mitigating Cache Side Channel Attacks in Clouds by Memory Bus Monitoring and Cache Obfuscation |
| Speaker | : | Arun Raj (IITM) |
| Details | : | Tue, 20 Feb, 2018 3:00 PM @ A M Turing Hall |
| Abstract: | : | Virtualization technology enables cloud providers to host multiple virtual machines (VMs) on the same physical host and rent them to different customers. Though virtualization might give an notion of isolated environments, the VMs still share the underlying hardware resources. As a result, cloud instances are vulnerable to cross-core, cross-VM attacks against the shared, inclusive last-level cache. Automated cache template attacks, in particular, are very powerful as the vulnerabilities do not need to be manually identified. We present a method based on memory bus monitoring to identify and mitigate such attacks. This approach allows us to identify suspicious cache accesses automatically, without prior knowledge about the system or access to hardware metrics. We first execute a memory bus benchmark to measure the available bus bandwidth and derive information about cache accesses and possible side channel attacks. Our experiments with cache attacks show a reduction of up to 16% in the memory bandwidth during the attack. When an attack is detected, temporal cache obfuscation is performed which generates random noise and obscures the information gathered by the attacker. The proposed approach is effective against both Prime+Probe as well as Flush+Reload attacks. It incurs modest overheads of less than 8% and moreover, does not require support from the cloud provider or changes to the hypervisor. |
