Research Article
Investigating Timing Channel in IaaS
@INPROCEEDINGS{10.4108/eai.18-6-2016.2264107, author={Rui Yang and Xiao Fu and Xiaojiang Du and Bin Luo}, title={Investigating Timing Channel in IaaS}, proceedings={9th EAI International Conference on Mobile Multimedia Communications}, publisher={ACM}, proceedings_a={MOBIMEDIA}, year={2016}, month={12}, keywords={cloud security timing channel infrastructure as a service cloud forensics}, doi={10.4108/eai.18-6-2016.2264107} }- Rui Yang
Xiao Fu
Xiaojiang Du
Bin Luo
Year: 2016
Investigating Timing Channel in IaaS
MOBIMEDIA
ACM
DOI: 10.4108/eai.18-6-2016.2264107
Abstract
In IaaS (such as Amazon EC2 and Microsoft Azure), several VM (virtual-machine) instances usually run in one physical machine so as to improve resource utilization. However this also caused more attack opportunities. A typical example is a cross-VM timing channel. Recent studies show that this kind of covert channel can successfully steal private information (e.g. private key) from the co-resident VM instances. It brought great challenges to the security of the cloud and has absorbed more and more attention in recent years. But to our knowledge, there is still little work on detecting and investigating such covert channel. Therefore, we propose a behavior-based method to automatically detect and investigate the timing channel. First, in order to record the behavior of this covert channel, a page-level memory monitoring method is designed. Second, an automatic identification algorithm is proposed based on some memory activity signatures. Finally, in order to confirm the result, the memory dump will be obtained and the binary code of the suspicious process will be analyzed. We have implemented a prototype on Xen, and the experimental results show that all of these kinds of attacks can be detected even under the disturbance from normal processes.