Efficient Identification of Applications in Co-resident VMs via a Memory Side-Channel - ICT Systems Security and Privacy Protection Access content directly
Conference Papers Year : 2018

Efficient Identification of Applications in Co-resident VMs via a Memory Side-Channel

Jens Lindemann
  • Function : Author
  • PersonId : 1042921
Mathias Fischer
  • Function : Author
  • PersonId : 1042922

Abstract

Memory deduplication opens a side-channel that enables attackers to detect if there is a second copy of a memory page on a host their Virtual Machine (VM) is running on, and thus to gain information about co-resident VMs. In former work, we presented a practical side-channel attack that can even detect which specific versions of applications are being executed in co-resident VMs. In this paper, we enhance this attack by testing for representative groups of pages for certain groups of application versions, so-called page signatures, instead of testing for a single application version only. As a result, our new attack is significantly more efficient. Our results indicate that the attack duration can be reduced from several hours to minutes at the cost of a small loss in precision only.
Fichier principal
Vignette du fichier
472722_1_En_18_Chapter.pdf (385.21 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-02023744 , version 1 (21-02-2019)

Licence

Attribution

Identifiers

Cite

Jens Lindemann, Mathias Fischer. Efficient Identification of Applications in Co-resident VMs via a Memory Side-Channel. 33th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Sep 2018, Poznan, Poland. pp.245-259, ⟨10.1007/978-3-319-99828-2_18⟩. ⟨hal-02023744⟩
74 View
61 Download

Altmetric

Share

Gmail Facebook X LinkedIn More