On the Detection of Adaptive Side-Channel Attackers in Cloud Environments

Hisham Alhulayyil, Karim Khalil, Srikanth V. Krishnamurthy, Derya Cansever, Thomas F. La Porta, Ananthram Swami

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Malicious coresidency is a precursor to side-channel attacks that target information leakage. In this paper, we seek to understand the interactions between a defender (the cloud service provider) who tries to detect malicious coresidency by an attacker, who in turn attempts to co-reside its VM with a victim VM on the same physical machine by exploiting the VM allocation policy employed by the cloud service provider while at the same time, trying to evade detection. The problem is modeled as a two-player game. Specifically, the attacker chooses how long to keep its VM operational before terminating and relaunching it to increase its odds of success. On the other hand, the defender attempts to detect and penalize malicious VMs based on their activity in a given time window. The defender estimates a maliciousness measure for all active VMs which then modulates the likelihood of a specific VM being migrated to a different physical machine. We study the equilibrium strategies for both players for different ranges of environment parameters and show the non-existence of equilibrium with pure strategies. Subsequently, we characterize the equilibrium of the game with mixed strategies.

Original languageEnglish (US)
Title of host publication2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538647271
DOIs
StatePublished - Jan 1 2018
Event2018 IEEE Global Communications Conference, GLOBECOM 2018 - Abu Dhabi, United Arab Emirates
Duration: Dec 9 2018Dec 13 2018

Publication series

Name2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings

Conference

Conference2018 IEEE Global Communications Conference, GLOBECOM 2018
CountryUnited Arab Emirates
CityAbu Dhabi
Period12/9/1812/13/18

Fingerprint

games
Game
Side Channel Attacks
Mixed Strategy
Odds
Time Windows
stopping
Leakage
Precursor
attack
Nonexistence
Likelihood
leakage
Choose
Target
estimates
Interaction
Estimate
Range of data
Side channel attack

All Science Journal Classification (ASJC) codes

  • Information Systems and Management
  • Renewable Energy, Sustainability and the Environment
  • Safety, Risk, Reliability and Quality
  • Signal Processing
  • Modeling and Simulation
  • Instrumentation
  • Computer Networks and Communications

Cite this

Alhulayyil, H., Khalil, K., Krishnamurthy, S. V., Cansever, D., La Porta, T. F., & Swami, A. (2018). On the Detection of Adaptive Side-Channel Attackers in Cloud Environments. In 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings [8647868] (2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/GLOCOM.2018.8647868
Alhulayyil, Hisham ; Khalil, Karim ; Krishnamurthy, Srikanth V. ; Cansever, Derya ; La Porta, Thomas F. ; Swami, Ananthram. / On the Detection of Adaptive Side-Channel Attackers in Cloud Environments. 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2018. (2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings).
@inproceedings{2cf3603d04af4d4aa12b711553234b5b,
title = "On the Detection of Adaptive Side-Channel Attackers in Cloud Environments",
abstract = "Malicious coresidency is a precursor to side-channel attacks that target information leakage. In this paper, we seek to understand the interactions between a defender (the cloud service provider) who tries to detect malicious coresidency by an attacker, who in turn attempts to co-reside its VM with a victim VM on the same physical machine by exploiting the VM allocation policy employed by the cloud service provider while at the same time, trying to evade detection. The problem is modeled as a two-player game. Specifically, the attacker chooses how long to keep its VM operational before terminating and relaunching it to increase its odds of success. On the other hand, the defender attempts to detect and penalize malicious VMs based on their activity in a given time window. The defender estimates a maliciousness measure for all active VMs which then modulates the likelihood of a specific VM being migrated to a different physical machine. We study the equilibrium strategies for both players for different ranges of environment parameters and show the non-existence of equilibrium with pure strategies. Subsequently, we characterize the equilibrium of the game with mixed strategies.",
author = "Hisham Alhulayyil and Karim Khalil and Krishnamurthy, {Srikanth V.} and Derya Cansever and {La Porta}, {Thomas F.} and Ananthram Swami",
year = "2018",
month = "1",
day = "1",
doi = "10.1109/GLOCOM.2018.8647868",
language = "English (US)",
series = "2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
booktitle = "2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings",
address = "United States",

}

Alhulayyil, H, Khalil, K, Krishnamurthy, SV, Cansever, D, La Porta, TF & Swami, A 2018, On the Detection of Adaptive Side-Channel Attackers in Cloud Environments. in 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings., 8647868, 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings, Institute of Electrical and Electronics Engineers Inc., 2018 IEEE Global Communications Conference, GLOBECOM 2018, Abu Dhabi, United Arab Emirates, 12/9/18. https://doi.org/10.1109/GLOCOM.2018.8647868

On the Detection of Adaptive Side-Channel Attackers in Cloud Environments. / Alhulayyil, Hisham; Khalil, Karim; Krishnamurthy, Srikanth V.; Cansever, Derya; La Porta, Thomas F.; Swami, Ananthram.

2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2018. 8647868 (2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - On the Detection of Adaptive Side-Channel Attackers in Cloud Environments

AU - Alhulayyil, Hisham

AU - Khalil, Karim

AU - Krishnamurthy, Srikanth V.

AU - Cansever, Derya

AU - La Porta, Thomas F.

AU - Swami, Ananthram

PY - 2018/1/1

Y1 - 2018/1/1

N2 - Malicious coresidency is a precursor to side-channel attacks that target information leakage. In this paper, we seek to understand the interactions between a defender (the cloud service provider) who tries to detect malicious coresidency by an attacker, who in turn attempts to co-reside its VM with a victim VM on the same physical machine by exploiting the VM allocation policy employed by the cloud service provider while at the same time, trying to evade detection. The problem is modeled as a two-player game. Specifically, the attacker chooses how long to keep its VM operational before terminating and relaunching it to increase its odds of success. On the other hand, the defender attempts to detect and penalize malicious VMs based on their activity in a given time window. The defender estimates a maliciousness measure for all active VMs which then modulates the likelihood of a specific VM being migrated to a different physical machine. We study the equilibrium strategies for both players for different ranges of environment parameters and show the non-existence of equilibrium with pure strategies. Subsequently, we characterize the equilibrium of the game with mixed strategies.

AB - Malicious coresidency is a precursor to side-channel attacks that target information leakage. In this paper, we seek to understand the interactions between a defender (the cloud service provider) who tries to detect malicious coresidency by an attacker, who in turn attempts to co-reside its VM with a victim VM on the same physical machine by exploiting the VM allocation policy employed by the cloud service provider while at the same time, trying to evade detection. The problem is modeled as a two-player game. Specifically, the attacker chooses how long to keep its VM operational before terminating and relaunching it to increase its odds of success. On the other hand, the defender attempts to detect and penalize malicious VMs based on their activity in a given time window. The defender estimates a maliciousness measure for all active VMs which then modulates the likelihood of a specific VM being migrated to a different physical machine. We study the equilibrium strategies for both players for different ranges of environment parameters and show the non-existence of equilibrium with pure strategies. Subsequently, we characterize the equilibrium of the game with mixed strategies.

UR - http://www.scopus.com/inward/record.url?scp=85063447195&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85063447195&partnerID=8YFLogxK

U2 - 10.1109/GLOCOM.2018.8647868

DO - 10.1109/GLOCOM.2018.8647868

M3 - Conference contribution

AN - SCOPUS:85063447195

T3 - 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings

BT - 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Alhulayyil H, Khalil K, Krishnamurthy SV, Cansever D, La Porta TF, Swami A. On the Detection of Adaptive Side-Channel Attackers in Cloud Environments. In 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2018. 8647868. (2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings). https://doi.org/10.1109/GLOCOM.2018.8647868