On the Detection of Adaptive Side-Channel Attackers in Cloud Environments

Hisham Alhulayyil; Karim Khalil; Srikanth V. Krishnamurthy; Derya Cansever; Thomas La Porta; Ananthram Swami

doi:10.1109/GLOCOM.2018.8647868

On the Detection of Adaptive Side-Channel Attackers in Cloud Environments

Hisham Alhulayyil
, Karim Khalil
, Srikanth V. Krishnamurthy
, Derya Cansever
, Thomas La Porta
, Ananthram Swami

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Scopus citations

Abstract

Malicious coresidency is a precursor to side-channel attacks that target information leakage. In this paper, we seek to understand the interactions between a defender (the cloud service provider) who tries to detect malicious coresidency by an attacker, who in turn attempts to co-reside its VM with a victim VM on the same physical machine by exploiting the VM allocation policy employed by the cloud service provider while at the same time, trying to evade detection. The problem is modeled as a two-player game. Specifically, the attacker chooses how long to keep its VM operational before terminating and relaunching it to increase its odds of success. On the other hand, the defender attempts to detect and penalize malicious VMs based on their activity in a given time window. The defender estimates a maliciousness measure for all active VMs which then modulates the likelihood of a specific VM being migrated to a different physical machine. We study the equilibrium strategies for both players for different ranges of environment parameters and show the non-existence of equilibrium with pure strategies. Subsequently, we characterize the equilibrium of the game with mixed strategies.

Original language	English (US)
Title of host publication	2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781538647271
DOIs	https://doi.org/10.1109/GLOCOM.2018.8647868
State	Published - 2018
Event	2018 IEEE Global Communications Conference, GLOBECOM 2018 - Abu Dhabi, United Arab Emirates Duration: Dec 9 2018 → Dec 13 2018

Publication series

Name	2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings

Conference

Conference	2018 IEEE Global Communications Conference, GLOBECOM 2018
Country/Territory	United Arab Emirates
City	Abu Dhabi
Period	12/9/18 → 12/13/18

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 7 Affordable and Clean Energy

All Science Journal Classification (ASJC) codes

Information Systems and Management
Renewable Energy, Sustainability and the Environment
Safety, Risk, Reliability and Quality
Signal Processing
Modeling and Simulation
Instrumentation
Computer Networks and Communications

Access to Document

10.1109/GLOCOM.2018.8647868

Cite this

Alhulayyil, H., Khalil, K., Krishnamurthy, S. V., Cansever, D., La Porta, T., & Swami, A. (2018). On the Detection of Adaptive Side-Channel Attackers in Cloud Environments. In 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings Article 8647868 (2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/GLOCOM.2018.8647868

@inproceedings{2cf3603d04af4d4aa12b711553234b5b,

title = "On the Detection of Adaptive Side-Channel Attackers in Cloud Environments",

abstract = "Malicious coresidency is a precursor to side-channel attacks that target information leakage. In this paper, we seek to understand the interactions between a defender (the cloud service provider) who tries to detect malicious coresidency by an attacker, who in turn attempts to co-reside its VM with a victim VM on the same physical machine by exploiting the VM allocation policy employed by the cloud service provider while at the same time, trying to evade detection. The problem is modeled as a two-player game. Specifically, the attacker chooses how long to keep its VM operational before terminating and relaunching it to increase its odds of success. On the other hand, the defender attempts to detect and penalize malicious VMs based on their activity in a given time window. The defender estimates a maliciousness measure for all active VMs which then modulates the likelihood of a specific VM being migrated to a different physical machine. We study the equilibrium strategies for both players for different ranges of environment parameters and show the non-existence of equilibrium with pure strategies. Subsequently, we characterize the equilibrium of the game with mixed strategies.",

author = "Hisham Alhulayyil and Karim Khalil and Krishnamurthy, \{Srikanth V.\} and Derya Cansever and \{La Porta\}, Thomas and Ananthram Swami",

note = "Publisher Copyright: {\textcopyright} 2018 IEEE.; 2018 IEEE Global Communications Conference, GLOBECOM 2018 ; Conference date: 09-12-2018 Through 13-12-2018",

year = "2018",

doi = "10.1109/GLOCOM.2018.8647868",

language = "English (US)",

series = "2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings",

address = "United States",

}

Alhulayyil, H, Khalil, K, Krishnamurthy, SV, Cansever, D, La Porta, T & Swami, A 2018, On the Detection of Adaptive Side-Channel Attackers in Cloud Environments. in 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings., 8647868, 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings, Institute of Electrical and Electronics Engineers Inc., 2018 IEEE Global Communications Conference, GLOBECOM 2018, Abu Dhabi, United Arab Emirates, 12/9/18. https://doi.org/10.1109/GLOCOM.2018.8647868

On the Detection of Adaptive Side-Channel Attackers in Cloud Environments. / Alhulayyil, Hisham; Khalil, Karim; Krishnamurthy, Srikanth V. et al.
2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2018. 8647868 (2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - On the Detection of Adaptive Side-Channel Attackers in Cloud Environments

AU - Alhulayyil, Hisham

AU - Khalil, Karim

AU - Krishnamurthy, Srikanth V.

AU - Cansever, Derya

AU - La Porta, Thomas

AU - Swami, Ananthram

PY - 2018

Y1 - 2018

N2 - Malicious coresidency is a precursor to side-channel attacks that target information leakage. In this paper, we seek to understand the interactions between a defender (the cloud service provider) who tries to detect malicious coresidency by an attacker, who in turn attempts to co-reside its VM with a victim VM on the same physical machine by exploiting the VM allocation policy employed by the cloud service provider while at the same time, trying to evade detection. The problem is modeled as a two-player game. Specifically, the attacker chooses how long to keep its VM operational before terminating and relaunching it to increase its odds of success. On the other hand, the defender attempts to detect and penalize malicious VMs based on their activity in a given time window. The defender estimates a maliciousness measure for all active VMs which then modulates the likelihood of a specific VM being migrated to a different physical machine. We study the equilibrium strategies for both players for different ranges of environment parameters and show the non-existence of equilibrium with pure strategies. Subsequently, we characterize the equilibrium of the game with mixed strategies.

AB - Malicious coresidency is a precursor to side-channel attacks that target information leakage. In this paper, we seek to understand the interactions between a defender (the cloud service provider) who tries to detect malicious coresidency by an attacker, who in turn attempts to co-reside its VM with a victim VM on the same physical machine by exploiting the VM allocation policy employed by the cloud service provider while at the same time, trying to evade detection. The problem is modeled as a two-player game. Specifically, the attacker chooses how long to keep its VM operational before terminating and relaunching it to increase its odds of success. On the other hand, the defender attempts to detect and penalize malicious VMs based on their activity in a given time window. The defender estimates a maliciousness measure for all active VMs which then modulates the likelihood of a specific VM being migrated to a different physical machine. We study the equilibrium strategies for both players for different ranges of environment parameters and show the non-existence of equilibrium with pure strategies. Subsequently, we characterize the equilibrium of the game with mixed strategies.

UR - https://www.scopus.com/pages/publications/85063447195

UR - https://www.scopus.com/pages/publications/85063447195#tab=citedBy

U2 - 10.1109/GLOCOM.2018.8647868

DO - 10.1109/GLOCOM.2018.8647868

M3 - Conference contribution

AN - SCOPUS:85063447195

T3 - 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings

BT - 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2018 IEEE Global Communications Conference, GLOBECOM 2018

Y2 - 9 December 2018 through 13 December 2018

ER -

Alhulayyil H, Khalil K, Krishnamurthy SV, Cansever D, La Porta T, Swami A. On the Detection of Adaptive Side-Channel Attackers in Cloud Environments. In 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2018. 8647868. (2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings). doi: 10.1109/GLOCOM.2018.8647868

On the Detection of Adaptive Side-Channel Attackers in Cloud Environments

Abstract

Publication series

Conference

UN SDGs

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this