Final published version
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Chapter
Publication date | 30/01/2019 |
---|---|
Host publication | Information and Operational Technology Security Systems: First International Workshop, IOSec 2018, CIPSEC Project, Heraklion, Crete, Greece, September 13, 2018, Revised Selected Papers |
Publisher | Springer-Verlag |
Pages | 27-38 |
Number of pages | 12 |
Volume | 11398 LNCS |
ISBN (print) | 9783030120849 |
<mark>Original language</mark> | English |
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 11398 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (electronic) | 1611-3349 |
Critical Infrastructures (CIs) increasingly leverage Cloud computing given its benefits of on-demand scalability, high availability and cost efficiency. However, the Cloud is typically characterized by the co-location of users from varied security domains that also use shared computing resources. This introduces a number of resource/architecture-level vulnerabilities. For example, the usage of a basic shared storage component, such as a memory cache, can expose the entire Cloud system to security risks such as covert-channel attacks. The success of these exploits depends on various execution environment properties. Thus, providing means to assess the feasibility of these attacks in a specific execution environment and enabling postmortem analysis is needed. While attacks at the architectural level represent a potent vulnerability to exfiltrate information, the low-level often get neglected with techniques such as intrusion detection focused more on the high-level network/middleware threats. Interestingly, cache-based covert-channel attacks are typically not detectable by traditional intrusion detection systems as covert channels do not obey any access rights or other security policies. This paper focuses on the information provided at the low architectural level to cope with the cache-based covert-channel threat. We propose the usage of feasibility metrics collected at the low level to monitor the core-private cache covert channel and, infer information regarding the probability of a covert-channel exploit happening. We also illustrate the applicability of the proposed feasibility metrics in a use case.