Skip to main content

HomeAlone: Co-residency detection in the cloud via side-channel analysis

Publication ,  Conference
Zhang, Y; Juels, A; Oprea, A; Reiter, MK
Published in: Proceedings - IEEE Symposium on Security and Privacy
January 1, 2011

Security is a major barrier to enterprise adoption of cloud computing. Physical co-residency with other tenants poses a particular risk, due to pervasive virtualization in the cloud. Recent research has shown how side channels in shared hardware may enable attackers to exfiltrate sensitive data across virtual machines (VMs). In view of such risks, cloud providers may promise physically isolated resources to select tenants, but a challenge remains: Tenants still need to be able to verify physical isolation of their VMs. We introduce HomeAlone, a system that lets a tenant verify its VMs' exclusive use of a physical machine. The key idea in HomeAlone is to invert the usual application of side channels. Rather than exploiting a side channel as a vector of attack, HomeAlone uses a side-channel (in the L2 memory cache) as a novel, defensive detection tool. By analyzing cache usage during periods in which "friendly" VMs coordinate to avoid portions of the cache, a tenant using HomeAlone can detect the activity of a co-resident "foe" VM. Key technical contributions of HomeAlone include classification techniques to analyze cache usage and guest operating system kernel modifications that minimize the performance impact of friendly VMs sidestepping monitored cache portions. Our implementation of HomeAlone on Xen-PVM requires no modification of existing hypervisors and no special action or cooperation by a cloud provider. © 2011 IEEE.

Duke Scholars

Altmetric Attention Stats
Dimensions Citation Stats

Published In

Proceedings - IEEE Symposium on Security and Privacy

DOI

ISSN

1081-6011

Publication Date

January 1, 2011

Start / End Page

313 / 328
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Zhang, Y., Juels, A., Oprea, A., & Reiter, M. K. (2011). HomeAlone: Co-residency detection in the cloud via side-channel analysis. In Proceedings - IEEE Symposium on Security and Privacy (pp. 313–328). https://doi.org/10.1109/SP.2011.31
Zhang, Y., A. Juels, A. Oprea, and M. K. Reiter. “HomeAlone: Co-residency detection in the cloud via side-channel analysis.” In Proceedings - IEEE Symposium on Security and Privacy, 313–28, 2011. https://doi.org/10.1109/SP.2011.31.
Zhang Y, Juels A, Oprea A, Reiter MK. HomeAlone: Co-residency detection in the cloud via side-channel analysis. In: Proceedings - IEEE Symposium on Security and Privacy. 2011. p. 313–28.
Zhang, Y., et al. “HomeAlone: Co-residency detection in the cloud via side-channel analysis.” Proceedings - IEEE Symposium on Security and Privacy, 2011, pp. 313–28. Scopus, doi:10.1109/SP.2011.31.
Zhang Y, Juels A, Oprea A, Reiter MK. HomeAlone: Co-residency detection in the cloud via side-channel analysis. Proceedings - IEEE Symposium on Security and Privacy. 2011. p. 313–328.

Published In

Proceedings - IEEE Symposium on Security and Privacy

DOI

ISSN

1081-6011

Publication Date

January 1, 2011

Start / End Page

313 / 328