![](/images/graphics-bg.png)
Leveraging KVM Events to Detect Cache-Based Side Channel Attacks in a Virtualization Environment
Joint Authors
Paundu, Ady Wahyudi
Fall, Doudou
Miyamoto, Daisuke
Kadobayashi, Youki
Source
Security and Communication Networks
Issue
Vol. 2018, Issue 2018 (31 Dec. 2018), pp.1-18, 18 p.
Publisher
Hindawi Publishing Corporation
Publication Date
2018-02-25
Country of Publication
Egypt
No. of Pages
18
Main Subjects
Information Technology and Computer Science
Abstract EN
Cache-based side channel attack (CSCa) techniques in virtualization systems are becoming more advanced, while defense methods against them are still perceived as nonpractical.
The most recent CSCa variant called Flush + Flush has showed that the current detection methods can be easily bypassed.
Within this work, we introduce a novel monitoring approach to detect CSCa operations inside a virtualization environment.
We utilize the Kernel Virtual Machine (KVM) event data in the kernel and process this data using a machine learning technique to identify any CSCa operation in the guest Virtual Machine (VM).
We evaluate our approach using Receiver Operating Characteristic (ROC) diagram of multiple attack and benign operation scenarios.
Our method successfully separate the CSCa datasets from the non-CSCa datasets, on both trained and nontrained data scenarios.
The successful classification also include the Flush + Flush attack scenario.
We are also able to explain the classification results by extracting the set of most important features that separate both classes using their Fisher scores and show that our monitoring approach can work to detect CSCa in general.
Finally, we evaluate the overhead impact of our CSCa monitoring method and show that it has a negligible computation overhead on the host and the guest VM.
American Psychological Association (APA)
Paundu, Ady Wahyudi& Fall, Doudou& Miyamoto, Daisuke& Kadobayashi, Youki. 2018. Leveraging KVM Events to Detect Cache-Based Side Channel Attacks in a Virtualization Environment. Security and Communication Networks،Vol. 2018, no. 2018, pp.1-18.
https://search.emarefa.net/detail/BIM-1214123
Modern Language Association (MLA)
Paundu, Ady Wahyudi…[et al.]. Leveraging KVM Events to Detect Cache-Based Side Channel Attacks in a Virtualization Environment. Security and Communication Networks No. 2018 (2018), pp.1-18.
https://search.emarefa.net/detail/BIM-1214123
American Medical Association (AMA)
Paundu, Ady Wahyudi& Fall, Doudou& Miyamoto, Daisuke& Kadobayashi, Youki. Leveraging KVM Events to Detect Cache-Based Side Channel Attacks in a Virtualization Environment. Security and Communication Networks. 2018. Vol. 2018, no. 2018, pp.1-18.
https://search.emarefa.net/detail/BIM-1214123
Data Type
Journal Articles
Language
English
Notes
Includes bibliographical references
Record ID
BIM-1214123