Abstract
Live migration is commonly employed by cloud providers for performance reasons (e.g., ensuring load balancing). Recently, migration has been considered as a countermeasure against cloud-based side-channel attacks. In this paper, we discover an attack using which an adversary can effectively stall a live migration; this can not only hurt performance but also hurt the usage of virtual machine (VM) migration as a defense against cloud-based side channel attacks. Specifically, we discover a KVM vulnerability which, if exploited by a co-resident attacker, can suspend or stall the live migration time by up to 3x in some scenarios. The attacker can also delay her own VM migration, indefinitely to ensure sustained co-residency. The attacks that we propose are essentially based on increasing the volume of dirty pages and creating bus contention, leading to delaying the migration process. We show that this approach does not cause significant interference to side channel attacks such as the Flush+reload attack, which the attacker can continue to carry out in parallel. In fact, the success rates of the Flush+reload can increase by about 100 % (when the defender invokes migrations), if a stalling attack is simultaneously launched.
| Original language | English (US) |
|---|---|
| State | Published - 2017 |
| Event | 11th USENIX Workshop on Offensive Technologies, WOOT 2017, co-located with USENIX Security 2017 - Vancouver, Canada Duration: Aug 14 2017 → Aug 15 2017 |
Conference
| Conference | 11th USENIX Workshop on Offensive Technologies, WOOT 2017, co-located with USENIX Security 2017 |
|---|---|
| Country/Territory | Canada |
| City | Vancouver |
| Period | 8/14/17 → 8/15/17 |
All Science Journal Classification (ASJC) codes
- Computer Networks and Communications
- Hardware and Architecture
- Information Systems
- Software