A LLC-based DoS Attack Technique on Virtualization System with Detection and Prevention Model

  title={A LLC-based DoS Attack Technique on Virtualization System with Detection and Prevention Model},
  author={Neha Pimpalkar and Abraham Jibi},
  journal={2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI)},
  • Neha Pimpalkar, Abraham Jibi
  • Published 2018
  • Computer Science
  • 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI)
Businesses have observed a paradigm shift from traditional computing models to “pay as you use” Cloud Computing model. Major Cloud Service Providers(CSPs) like Amazon AWS and Microsoft Azure use virtualization technologies to provide users with Virtual Machines(VM) as they require for the computations. Many VMs unknown to each other are colocated on the same physical machine to maximize resource utilization. However, this poses a serious threat to the security of cloud users. Recent research… Expand
1 Citations
Effective Cache Apportioning for Performance Isolation Under Compiler Guidance
The proposed ComCAS is a compiler guided cache apportioning system that provides smart cache allocation to co-executing applications in a system that improved average throughput by 21%, with a maximum of 54% while maintaining the worst individual application execution time degradation within 15% to meet SLA requirements. Expand


Virtual machine allocation policies against co-resident attacks in cloud computing
A new strategy is introduced that effectively decreases the probability of attackers achieving co-residence in virtual machines allocation policies and can be easily integrated into existing cloud platforms to mitigate the threat of co-resident attacks. Expand
Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring
It is shown that stealing crypto keys in a virtualized cloud may be a real threat by evaluating a cache-based side-channel attack against an encryption process and proposing an approach that leverages dynamic cache coloring: when an application is doing security-sensitive operations, the VMM is notified to swap the associated data to a safe and isolated cache line. Expand
S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES
A fine-grain cross-core cache attack that exploits access time variations on the last level cache and can be customized to work virtually at any cache level/size is introduced. Expand
CATalyst: Defeating last-level cache side channel attacks in cloud computing
  • F. Liu, Qian Ge, +4 authors Ruby B. Lee
  • Computer Science
  • 2016 IEEE International Symposium on High Performance Computer Architecture (HPCA)
  • 2016
CATalyst, a pseudo-locking mechanism which uses CAT to partition the LLC into a hybrid hardware-software managed cache, is presented, and it is shown that LLC side channel attacks can be defeated. Expand
Detecting co-residency with active traffic analysis techniques
Co-resident watermarking is presented, a traffic analysis attack that allows a malicious co-resident VM to inject a watermark signature into the network flow of a target instance, demonstrating the need for the careful design of hardware to be used in the cloud. Expand
A Placement Vulnerability Study in Multi-Tenant Public Clouds
It is found that it is much easier and cheaper to achieve co-location in these three clouds when compared to a secure reference placement policy, and new co-residence tests and multiple customer accounts are used to launch VM instances under different strategies that seek to maximize the likelihood of co-Residency. Expand
Adaptive detection technique for Cache-based Side Channel Attack using Bloom Filter for secure cloud
This technique is adaptive, which makes it possible to detect the CSCA with new patterns, which are not observed yet, and has very less execution time in comparison to the execution time of C SCSCA. Expand
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
It is shown that it is possible to map the internal cloud infrastructure, identify where a particular target VM is likely to reside, and then instantiate new VMs until one is placed co-resident with the target, and how such placement can then be used to mount cross-VM side-channel attacks to extract information from a target VM on the same machine. Expand
Handling Co-Resident Attacks: A Case for Cost-Efficient Dedicated Resource Provisioning
  • T. Duong, Neha Pimpalkar
  • Computer Science
  • 2018 IEEE 11th International Conference on Cloud Computing (CLOUD)
  • 2018
To the best of the knowledge, this work is the first to consider secure and cost-effective VM provisioning from the user perspective and leverages existing secure resource allocation methods provided by public cloud providers such as EC2 Dedicated Instances. Expand
A Secure Virtual Machine Deployment Strategy to Reduce Co-residency in Cloud
This paper proposes a co-residency-resistant VM deployment strategy and defines four thresholds to adjust the strategy for security and load balancing and implements the strategy, implementing the strategy and running experiments on both OpenStack and CloudSim. Expand