DeepAI AI Chat
Log In Sign Up

Deterministically Deterring Timing Attacks in Deterland

by   Weiyi Wu, et al.

The massive parallelism and resource sharing embodying today's cloud business model not only exacerbate the security challenge of timing channels, but also undermine the viability of defenses based on resource partitioning. We propose hypervisor-enforced timing mitigation to control timing channels in cloud environments. This approach closes "reference clocks" internal to the cloud by imposing a deterministic view of time on guest code, and uses timing mitigators to pace I/O and rate-limit potential information leakage to external observers. Our prototype hypervisor is the first system to mitigate timing-channel leakage across full-scale existing operating systems such as Linux and applications in arbitrary languages. Mitigation incurs a varying performance cost, depending on workload and tunable leakage-limiting parameters, but this cost may be justified for security-critical cloud applications and data.


page 10

page 11

page 12


Determinating Timing Channels in Compute Clouds

Timing side-channels represent an insidious security challenge for cloud...

Ozone: Efficient Execution with Zero Timing Leakage for Modern Microarchitectures

Time variation during program execution can leak sensitive information. ...

IOTLB-SC: An Accelerator-Independent Leakage Source in Modern Cloud Systems

Recent research in micro-architectural attacks has uncovered a variety o...

A Game-Theoretic Framework for the Virtual Machines Migration Timing Problem

In a multi-tenant cloud, a number of Virtual Machines (VMs) are collocat...

Frequency Throttling Side-Channel Attack

Modern processors dynamically control their operating frequency to optim...

Quantitative Mitigation of Timing Side Channels

Timing side channels pose a significant threat to the security and priva...