Mitigating Access-Driven Timing Channels in Clouds using StopWatch

Author

Peng LI
Debin GAO, Singapore Management UniversityFollow
Michael K. Reiter

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

6-2013

Abstract

This paper presents StopWatch , a system that defends against timing-based side-channel attacks that arise from coresidency of victims and attackers in infrastructure-as-a-service clouds. StopWatchtriplicates each cloud-resident guest virtual machine (VM) and places replicas so that the three replicas of a guest VM are coresident with nonoverlapping sets of (replicas of) other VMs. StopWatch uses thetiming of I/O events at a VM's replicas collectively to determine the timings observed by each one or by an external observer, so that observable timing behaviors are similarly likely in the absence of any other individual, coresident VM. We detail the design and implementation of StopWatch in Xen, evaluate the factors that influence its performance, and address the problem of placing VM replicas in a cloudunder the constraints of StopWatch so as to still enable adequate cloud utilization.

Discipline

Information Security

Research Areas

Information Security and Trust

Publication

43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2013)

First Page

1

Last Page

12

Identifier

10.1109/DSN.2013.6575299

Publisher

IEEE

City or Country

Budapest, Hungary

Citation

LI, Peng; GAO, Debin; and Reiter, Michael K.. Mitigating Access-Driven Timing Channels in Clouds using StopWatch. (2013). 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2013). 1-12.
Available at: https://ink.library.smu.edu.sg/sis_research/2038

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

http://dx.doi.org/10.1109/DSN.2013.6575299