CLC number: TP393
On-line Access: 2019-06-10
Received: 2018-08-31
Revision Accepted: 2018-11-26
Crosschecked: 2019-05-13
Cited: 0
Clicked: 4814
Chao Yang, Yun-fei Guo, Hong-chao Hu, Ya-wen Wang, Qing Tong, Ling-shu Li. Driftor: mitigating cloud-based side-channel attacks by switching and migrating multi-executor virtual machines[J]. Frontiers of Information Technology & Electronic Engineering,in press.https://doi.org/10.1631/FITEE.1800526 @article{title="Driftor: mitigating cloud-based side-channel attacks by switching and migrating multi-executor virtual machines", %0 Journal Article TY - JOUR
基于切换和迁移多执行体架构虚拟机的云侧信道攻击防御技术关键词组: Darkslateblue:Affiliate; Royal Blue:Author; Turquoise:Article
Reference[1]Almeida JB, Barbosa M, Barthe G, et al., 2016. Verifiable side-channel security of cryptographic implementations: constant-time MEE-CBC. 23rd Int Conf on Fast Software Encryption, p.163-184. [2]Amazon EC2, 2018. Amazon EC2. https://amazonaws-china.com/cn/events/ec2/?sc_channel=ps&sc_campaign=inbounddg&sc_publisher=baidu&sc_detail={ec2%20amazon}&sc_country=cn&sc_geo=chna&sc_category=ec2&sc_segment={AWS%20EC2|brand}&sc_outcome=field&trkCampaign=inbounddg_ec2& trk=Baidu|AWS%20EC2|brand|ec2%20amazon&audience=205636 [Accessed on Aug. 4, 2018]. [3]Bosman E, Razavi K, Bos H, et al., 2016. Dedup est Machina: memory deduplication as an advanced exploitation vector. IEEE Symp on Security and Privacy, p.987-1004. [4]Douceur JR, 2002. The Sybil attack. 1st Int Workshop on Peer-to-Peer Systems, p.251-260. [5]Ezhilchelvan PD, Mitrani I, 2017. Evaluating the probability of malicious co-residency in public clouds. IEEE Trans Cloud Comput, 5(3):420-427. [6]Feng DG, Zhang M, Zhang Y, et al., 2011. Study on cloud computing security. J Softw, 22(1):71-83 (in Chinese). [7]Garey MR, Johnson DS, 1979. Computers and intractability: a guide to the theory of NP-completeness. W.H. Freeman & Co., New York, NY, USA, p.498-500. [8]Gruss D, Maurice C, Wagner K, et al., 2016. Flush+Flush: a fast and stealthy cache attack. Int Conf on Detection of Intrusions and Malware, and Vulnerability Assessment, p.279-299. [9]Han Y, Alpcan T, Chan J, et al., 2016. A game theoretical approach to defend against co-resident attacks in cloud computing: preventing co-residence using semi-supervised learning. IEEE Trans Inform Forens Secur, 11(3):556-570. [10]Han Y, Chan J, Alpcan T, et al., 2017. Using virtual machine allocation policies to defend against co-resident attacks in cloud computing. IEEE Trans Depend Secur Comput, 14(1):95-108. [11]Hu HC, Wu JX, Wang ZP, et al., 2018. Mimic defense: a designed-in cybersecurity defense framework. IET Inform Secur, 12(3):226-237. [12]Irazoqui G, Eisenbarth T, Sunar B, 2015. S$A: a shared cache attack that works across cores and defies VM sandboxing --and its application to AES. IEEE Symp on Security and Privacy, p.591-604. [13]Kämäräinen T, Shan YQ, Siekkinen M, et al., 2015. Virtual machines vs. containers in cloud gaming systems. Int Workshop on Network and Systems Support for Games, p.1-6. [14]Kim T, Peinado M, Mainar-Ruiz G, 2012. STEALTHMEM: system-level protection against cache-based side channel attacks in the cloud. 21st USENIX Conf on Security Symp, p.1-11. [15]Kwiat L, Kamhoua CA, Kwiat KA, et al., 2015. Security-aware virtual machine allocation in the cloud: a game theoretic approach. Proc IEEE 8th Int Conf on Cloud Computing, p.556-563. [16]Li H, Ota K, Dong MX, et al., 2017. Multimedia processing pricing strategy in GPU-accelerated cloud computing. IEEE Trans Cloud Comput, p.1. [17]Li H, Ota K, Dong MX, 2018. Virtual network recognition and optimization in SDN-enabled cloud environment. IEEE Trans Cloud Comput, p.1. [18]Li P, Gao DB, Reiter MK, 2014. StopWatch: a cloud architecture for timing channel mitigation. ACM Trans Inform Syst Secur, 17(2):28. [19]Lingeling, 2018. Lingeling, Plingeling and Treengeling. http://fmv.jku.at/lingeling/ [Accessed on Aug. 4, 2018]. [20]Liu FF, Lee RB, 2014. Random fill cache architecture. 47th Annual IEEE/ACM Int Symp on Microarchitecture, p.203-215. [21]Liu FF, Yarom Y, Ge Q, et al., 2015. Last-level cache side-channel attacks are practical. IEEE Symp on Security and Privacy, p.605-622. [22]MariaDB, 2018. The MariaDB Foundation–Supporting Continuity and Open Collaboration in the MariaDB Ecosystem. https://mariadb.org [Accessed on Aug. 4, 2018]. [23]Microsoft Azure, 2018. Microsoft Azure. https://azure.microsoft.com/zh-cn/ [Accessed on Aug. 4, 2018]. [24]Migrate Instances, 2018. Migrate Instances. https://docs.openstack.org/nova/rocky/admin/migration.html [Accessed on Aug. 4, 2018]. [25]Moon SJ, Sekar V, Reiter MK, 2015. Nomad: mitigating arbitrary cloud side channels via provider-assisted migration. 22nd ACM SIGSAC Conf on Computer and Communications Security, p.1595-1606. [26]Moscibroda T, Mutlu O, 2007. Memory performance attacks: denial of memory service in multi-core systems. Proc 16th USENIX Security Symp, Article 18. [27]Nginx, 2018. Nginx News. http://nginx.org/ [Accessed on Aug. 4, 2018]. [28]OpenStack, 2018. The Open Infrastructure Summit CFP is Now Open! https://www.openstack.org/ [Accessed on Aug. 4, 2018]. [29]Pattuk E, Kantarcioglu M, Lin ZQ, et al., 2014. Preventing cryptographic key leakage in cloud virtual machines. Proc 23rd USENIX Conf on Security Symp, p.703-718. [30]Rackspace, 2018. Transform the Way You Do Business. https://www.rackspace.com/ [Accessed on Aug. 4, 2018]. [31]Raj H, Nathuji R, Singh A, et al., 2009. Resource management for isolation enhanced cloud services. Proc ACM Workshop on Cloud Computing Security, p.77-84. [32]Ristenpart T, Tromer E, Shacham H, et al., 2009. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. Proc 16th ACM Conf on Computer and Communications Security, p.199-212. [33]Shyamasundar RK, 1996. Introduction to algorithms. Resonance, 1(9):14-24. [34]Thompson M, Evans N, Kisekka V, 2014. Multiple OS rotational environment an implemented moving target defense. 7th Int Symp on Resilient Control Systems, p.1-6. [35]Varadarajan V, Ristenpart T, Swift M, 2014. Scheduler-based defenses against cross-VM side-channels. Proc 23rd USENIX Conf on Security Symp, p.687-702. [36]Vattikonda BC, Das S, Shacham H, 2011. Eliminating fine grained timers in Xen. 3rd ACM Workshop on Cloud Computing Security Workshop, p.41-46. [37]Wang HX, Li F, Chen SQ, 2016. Towards cost-effective moving target defense against DDoS and covert channel attacks. Proc ACM Workshop on Moving Target Defense, p.15-25. [38]Wang ZH, Lee RB, 2007. New cache designs for thwarting software cache-based side channel attacks. ACM SIGARCH Comput Arch News, 35(2):494-505. [39]Wang ZH, Lee RB, 2008. A novel cache architecture with enhanced performance and security. 41st IEEE/ACM Int Symp on Microarchitecture, p.83-93. [40]WikiBench, 2018. WikiBench. http://www.wikibench.eu/ [Accessed on Aug. 4, 2018]. [41]Wu J, Dong MX, Ota K, et al., 2017. FCSS: fog computing based content-aware filtering for security services in information centric social networks. IEEE Trans Emerg Top Comput, p.1. [42]Wu J, Dong MX, Ota K, et al., 2018. Big data analysis-based secure cluster management for optimized control plane in software-defined networks. IEEE Trans Netw Serv Manag, 15(1):27-38. [43]Wu JX, 2016. Research on cyber mimic defense. J Cyber Secur, 1(4):1-10 (in Chinese). [44]Yarom Y, Falkner K, 2014. FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. Proc 23rd USENIX Conf on Security Symp, p.719-732. [45]Zhang YL, Li M, Bai K, et al., 2012. Incentive compatible moving target defense against VM-colocation attacks in clouds. In: Gritzalis D, Furnell S, Theoharidou M (Eds.), Information Security and Privacy Research. Springer Berlin Heidelberg, Germany, p.388-399. [46]Zhang YQ, Reiter MK, 2013. Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud. Proc ACM SIGSAC Conf on Computer & Communications Security, p.827-838. [47]Zhang YQ, Juels A, Reiter MK, et al., 2012. Cross-VM side channels and their use to extract private keys. Proc ACM Conf on Computer and Communications Security, p.305- 316. [48]Zhang YQ, Juels A, Reiter MK, et al., 2014. Cross-tenant side- channel attacks in PaaS clouds. Proc ACM SIGSAC Conf on Computer and Communications Security, p.990-1003. Journal of Zhejiang University-SCIENCE, 38 Zheda Road, Hangzhou
310027, China
Tel: +86-571-87952783; E-mail: cjzhang@zju.edu.cn Copyright © 2000 - 2024 Journal of Zhejiang University-SCIENCE |
Open peer comments: Debate/Discuss/Question/Opinion
<1>