|
|
- 2016
一种采用云模型的同驻虚拟机 侧通道攻击威胁度量方法
|
Abstract:
针对云平台中同驻虚拟机间共享物理资源,一些恶意用户通过探测、分析共享资源的信息来隐蔽获取其他用户的私密信息,进而可能引发侧通道攻击潜在威胁的问题,提出了一种基于云模型的同驻虚拟机侧通道攻击威胁度量方法。该方法在分析同驻虚拟机侧通道攻击特征的基础上,利用云模型在多属性决策不确定性转换及模糊性与随机性评估上的强大优势,对云用户的潜在侧通道攻击威胁进行了多指标综合度量评价。实验结果表明,利用该方法对云用户进行威胁度量得出的最大相似度为58.42%、36.47%、46.96%的评价结果符合假定的威胁等级,验证了该方法的可行性。该方法综合考虑了侧通道攻击威胁指标,充分发挥了云模型的度量优势,为云环境中同驻虚拟机间的侧通道攻击检测和防御研究与应用提供了重要依据。
A cloud model??based method for measuring the side??channel??attacks threat of the co-residency virtual machines is proposed to solve the potential threat problem of the side??channel??attacks, which is caused by the fact that some malicious users stealthily obtain other users’ private information through detecting and analyzing the physical resources shared among the co-residency virtual machines in the cloud platform. Based on the analysis of the side??channel??attacks features, the method makes a comprehensive evaluation for users’ potential threat from side-channel-attacks by using the cloud model, which has great advantages in the uncertainty conversion of multi??attribute decision making and the evaluation of fuzziness and randomness. Experimental results show that the maximum similarities 58.42%, 36.47% and 46.96% of the cloud users in the evaluation of the proposed method comply with the assumed threat level, proving the feasibility of the method. The method comprehensively considers the indexes of the side-channel??attacks threat, takes full advantage of the cloud model in metrics, and provides an important basis for the research and application of the side-channel-attacks threat detection and defense for co-residency virtual machines in cloud environment
| [1] | DING Yan, WANG Huaimin, SHI Peichang, et al. Trusted cloud service [J]. Chinese Journal of Computers, 2015, 38(1): 133??149. |
| [2] | [11]LI Deyi, LIU Changyu, LIU Luying, et al. Study on the universality of the normal cloud model [J]. Engineering Sciences, 2005(2): 18??24. |
| [3] | [4]WU Z, XU Z, WANG H. Whispers in the hyper??space: high??bandwidth and reliable covert channel attacks inside the cloud [J]. IEEE/ACM Transactions on Networking, 2015, 23(2): 603??614. |
| [4] | [7]乔然, 胡俊, 荣星, 等. 云计算客户虚拟机间的安全机制研究与实现 [J]. 计算机工程, 2014(12): 26??32. |
| [5] | QIAO Ran, HU Jun, RONG Xing, et al. Research and implementation of security mechanism among guest virtual machine in cloud computing [J]. Computer Engineering, 2014(12): 26??32. |
| [6] | [9]SERDAR C, CARLA E B, CLAY S. IP covert channel detection [J]. ACM Trans on Information and System Security, 2009, 12(4): 1??29. |
| [7] | [14]KIM H, BRUCE N, LEE H J, et al. Side channel attacks on cryptographic module: EM and PA attacks accuracy analysis [J]. Lecture Notes in Electrical Engineering, 2015, 339: 509??516. |
| [8] | [1]丁滟, 王怀民, 史佩昌, 等. 可信云服务 [J]. 计算机学报, 2015, 38(1): 133??149. |
| [9] | [2]BATES A, MOOD B, PLETCHER J, et al. On detecting co??resident cloud instances using network flow water??marking techniques [J]. International Journal of Information Security, 2014, 13(2): 171??189. |
| [10] | [3]GENKIN D, PIPMAN I, TROMER E. Get your hands off my laptop: physical side??channel key??extraction attacks on PCs [J]. Lecture Notes in Computer Science, 2014, 8731: 242??260. |
| [11] | [8]DAI W, JIN H, ZOU D, et al. TEE: a virtual DRTM based execution environment for secure cloud??end computing [J]. Future Generation Computer Systems, 2010, 49(3): 663??665. |
| [12] | [10]YU Si, GUI Xiaolin, ZHANG Xuejun, et al. Detecting cache??based side channel attacks in the cloud: an approach with cascade detection mode [J]. Journal of Internet Technology, 2014, 15(6): 903??915. |
| [13] | [12]王晓峰, 洪磊. 基于云的概念空间模型研究 [J]. 计算机工程与应用, 2010, 46(20): 202??206. |
| [14] | WANG Xiaofeng, HONG Lei. Study on concept space model based on the cloud theory [J]. Computer Engineering and Applications, 2010, 46(20): 202??206. |
| [15] | [13]KOCHER P, JAFFE J, JUN B. Differential power Analysis [J]. Lecture Notes in Computer Science, 1999, 1666: 388??397. |
| [16] | [15]RISTENPART T, TROMER E, SHACHAM H, et al. Hey, you, get off of my cloud: exploring information leakage in third??party compute clouds [C]∥Proceedings of the 16th ACM Conference on Computer and Communications Security. New York, USA: ACM, 2009: 199??212. |
| [17] | [16]ALABDULHAFEZ A, EZHILCHELVAN P. Experimenting on virtual machines co??residency in the cloud: a comparative study of available test beds [C]∥Proceedings of the 29th Annual ACM Symposium on Applied Computing. New York, USA: ACM, 2014: 363??365. |
| [18] | [17]桂小林, 余思, 黄汝维, 等. 一种面向云计算环境侧通道攻击防御的虚拟机部署方法: 中国, CN2011 10376037??0 [P]. 2012??07??11. |
| [19] | [18]杜湘瑜, 尹全军, 黄柯棣, 等. 基于云模型的定性定量转换方法及其应用 [J]. 系统工程与电子技术, 2008, 30(4): 772??776. |
| [20] | DU Xiangyu, YIN Quanjun, HUANG Keli, et al. Transformation between qualitative variables and quantity based on cloud models and its application [J]. Systems Engineering and Electronics, 2008, 30(4): 772??776. |
| [21] | [19]陈思, 王曙燕, 孙家泽, 等. 基于云模型的可信软件可靠性度量模型 [J]. 计算机应用研究, 2014, 31(9): 2729??2731. |
| [22] | CHEN Si, WANG Shuyan, SUN Jiaze, et al. Trusted software reliability measures based on cloud model [J]. Application Research of Computers, 2014, 31(9): 2729??2731. |
| [23] | [5]LING Z, LUO J, ZHANG Y, et al. A novel network delay based side channel attack: modeling and defense [C]∥Proceedings of the 2012 IEEE Conference on Computer Communications. Piscataway, NJ, USA: IEEE, 2012: 2390??2398. |
| [24] | [6]RAJ H, NATHUJI R, SINGH A, et al. Resource management for isolation enhanced cloud services [C]∥Proceedings of the 2009 ACM Workshop on Cloud Computing Security. New York, USA: ACM, 2009: 77??84. |
