As Cloud services become more commonplace, recent works have uncovered vulnerabilities unique to such systems. Specifi cally, the paradigm promotes a risk of information leakage across virtual machine isolation via side-channels. Unlike conventional
computing, the infrastructure supporting a Cloud environment allows mutually dis-
trusting clients simultaneous access to the underlying hardware, a seldom met requirement for a side-channel attack. This thesis investigates the current state of
side-channel vulnerabilities involving the CPU cache, and identifi es the shortcomings
of traditional defenses in a Cloud environment. It explores why solutions to non-Cloud cache-based side-channels cease to work in Cloud environments, and describes
new mitigation techniques applicable for Cloud security. Speci cally, it separates
canonical cache-based side-channel attacks into two categories, Sequential and Parallel attacks, based on their implementation and devises a unique mitigation technique
for each. Applying these solutions to a canonical Cloud environment, this thesis
demonstrates the validity of these Cloud-specifi c, cache-based side-channel mitigation techniques. Furthermore, it shows that they can be implemented, together, as a
server-side approach to improve security without inconveniencing the client. Finally,
it conducts a comparison of our solutions to the current state-of-the-art. / Thesis (Master, Computing) -- Queen's University, 2013-09-25 18:03:47.737
Identifer | oai:union.ndltd.org:LACETR/oai:collectionscanada.gc.ca:OKQ.1974/8320 |
Date | 26 September 2013 |
Creators | Godfrey, Michael |
Contributors | Queen's University (Kingston, Ont.). Theses (Queen's University (Kingston, Ont.)) |
Source Sets | Library and Archives Canada ETDs Repository / Centre d'archives des thèses électroniques de Bibliothèque et Archives Canada |
Language | English, English |
Detected Language | English |
Type | Thesis |
Rights | This publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner. |
Relation | Canadian theses |
Page generated in 0.0044 seconds