Protecting Shared Virtualized Environments against Cache Side-channel Attacks

Abdullah Albalawi; Vassilios Vassilakis; Radu Calinescu

doi:10.5220/0010897800003120

Protecting Shared Virtualized Environments against Cache Side-channel Attacks

Abdullah Albalawi, Vassilios Vassilakis, Radu Calinescu

2022

Abstract

We introduce a side-channel attack detection and protection method that combines dynamic and static analysis. The dynamic analysis uses Linux Perf to obtain readings from 13 hardware performance counters related to the shared cache. Based on these readings, the virtual machine (VM) behaviour is then classified into suspicious or benign using logistic regression classification. As a second step, the static analysis extracts the executable files from the disk image or the RAM image of the suspicious VM. It then checks whether these files contain operating codes for side-channel attacks. Based on this, the threat level of these files is determined using the SoftMax classification algorithm; we have four threat levels in total. After that, VMs that pose a threat to the shared environment are excluded. As a hypervisor, we employed KVM (Kernel-based Virtual Machine), and as guest operating systems, we utilized Linux Ubuntu 18.04.5 LTS (64bits). We then conducted experiments on several host machines, namely Ubuntu 18.04.5 LTS, Debian 10, and CentOS 8, with various processor models. The accuracy of detecting suspicious behaviour and classifying the threat level was recorded as 96%– 99% with between 0.6%–25% CPU overheads for dynamic and static analysis.

Download

Paper Citation

in Harvard Style

Albalawi A., Vassilakis V. and Calinescu R. (2022). Protecting Shared Virtualized Environments against Cache Side-channel Attacks. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-553-1, pages 507-514. DOI: 10.5220/0010897800003120

in Bibtex Style

@conference{icissp22,
author={Abdullah Albalawi and Vassilios Vassilakis and Radu Calinescu},
title={Protecting Shared Virtualized Environments against Cache Side-channel Attacks},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2022},
pages={507-514},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010897800003120},
isbn={978-989-758-553-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Protecting Shared Virtualized Environments against Cache Side-channel Attacks
SN - 978-989-758-553-1
AU - Albalawi A.
AU - Vassilakis V.
AU - Calinescu R.
PY - 2022
SP - 507
EP - 514
DO - 10.5220/0010897800003120