Driftor: mitigating cloud-based side-channel attacks by switching and migrating multi-executor virtual machines

Chao YANG, Yun-fei GUO, Hong-chao HU, Ya-wen WANG, Qing TONG, Ling-shu LI

PDF(851 KB)
PDF(851 KB)
Front. Inform. Technol. Electron. Eng ›› 2019, Vol. 20 ›› Issue (5) : 731-748. DOI: 10.1631/FITEE.1800526
Orginal Article
Orginal Article

Driftor: mitigating cloud-based side-channel attacks by switching and migrating multi-executor virtual machines

Author information +
History +

Abstract

Co-residency of different tenants’ virtual machines (VMs) in cloud provides a good chance for side-channel attacks, which results in information leakage. However, most of current defense suffers from the generality or compatibility problem, thus failing in immediate real-world deployment. VM migration, an inherit mechanism of cloud systems, envisions a promising countermeasure, which limits co-residency by moving VMs between servers. Therefore, we first set up a unified practical adversary model, where the attacker focuses on effective side channels. Then we propose Driftor, a new cloud system that contains VMs of a multi-executor structure where only one executor is active to provide service through a proxy, thus reducing possible information leakage. Active state is periodically switched between executors to simulate defensive effect of VM migration. To enhance the defense, real VM migration is enabled at the same time. Instead of solving the migration satisfiability problem with intractable CIRCUIT-SAT, a greedy-like heuristic algorithm is proposed to search for a viable solution by gradually expanding an initial has-to-migrate set of VMs. Experimental results show that Driftor can not only defend against practical fast side-channel attack, but also bring about reasonable impacts on real-world cloud applications.

Keywords

Cloud computing / Side-channel attack / Information leakage / Multi-executor structure / Virtual machine switch / Virtual machine migration

Cite this article

Download citation ▾
Chao YANG, Yun-fei GUO, Hong-chao HU, Ya-wen WANG, Qing TONG, Ling-shu LI. Driftor: mitigating cloud-based side-channel attacks by switching and migrating multi-executor virtual machines. Front. Inform. Technol. Electron. Eng, 2019, 20(5): 731‒748 https://doi.org/10.1631/FITEE.1800526

RIGHTS & PERMISSIONS

2019 Zhejiang University and Springer-Verlag GmbH Germany, part of Springer Nature
PDF(851 KB)

Accesses

Citations

Detail

Sections
Recommended

/