TY - GEN
T1 - Cross-VM covert channel risk assessment for cloud computing
T2 - 22nd IEEE International Conference on Network Protocols, ICNP 2014
AU - Zhang, Rui
AU - Qi, Wen
AU - Wang, Jianping
PY - 2014/12/9
Y1 - 2014/12/9
N2 - Cross-VM covert channels leverage physical resources shared between co-resident virtual machines, like CPU cache, memory bus, and disk bus, to leak information. The capacity of cross-VM covert channels varies on different cloud platforms. Thus, it is hard for cloud service providers to estimate the risk of information leakage caused by cross-VM covert channels on their own platforms. In this paper, we develop an Auto Profiling Framework of Covert Channel Capacity (APFC3) to automatically profile the maximum capacities of various cross-VM covert channels on different cloud platforms. The framework consists of automated parameter tuning for various cross-VM covert channels to achieve high data rate and automated capacity estimation of those cross-VM covert channels. We evaluate the proposed framework by constructing fine-tuned cross-VM covert channels on different virtualization platforms and comparing the optimized achievable data rate with the estimated maximum capacity computed using the proposed framework. The experiments show that in most cases, the capacity estimated using APFC3 is very close to the achieved data rate of constructed covert channels with fine-tuned parameters.
AB - Cross-VM covert channels leverage physical resources shared between co-resident virtual machines, like CPU cache, memory bus, and disk bus, to leak information. The capacity of cross-VM covert channels varies on different cloud platforms. Thus, it is hard for cloud service providers to estimate the risk of information leakage caused by cross-VM covert channels on their own platforms. In this paper, we develop an Auto Profiling Framework of Covert Channel Capacity (APFC3) to automatically profile the maximum capacities of various cross-VM covert channels on different cloud platforms. The framework consists of automated parameter tuning for various cross-VM covert channels to achieve high data rate and automated capacity estimation of those cross-VM covert channels. We evaluate the proposed framework by constructing fine-tuned cross-VM covert channels on different virtualization platforms and comparing the optimized achievable data rate with the estimated maximum capacity computed using the proposed framework. The experiments show that in most cases, the capacity estimated using APFC3 is very close to the achieved data rate of constructed covert channels with fine-tuned parameters.
KW - Capacity estimation
KW - Cross-VM covert channel
KW - Shannon entropy
UR - http://www.scopus.com/inward/record.url?scp=84920035906&partnerID=8YFLogxK
UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-84920035906&origin=recordpage
U2 - 10.1109/ICNP.2014.24
DO - 10.1109/ICNP.2014.24
M3 - RGC 32 - Refereed conference paper (with host publication)
SN - 9781479962044
SP - 25
EP - 36
BT - Proceedings - International Conference on Network Protocols, ICNP
PB - IEEE Computer Society
Y2 - 21 October 2014 through 24 October 2014
ER -