Home > Research > Publications & Outputs > Protecting Cloud-Based CIs

Links

Text available via DOI:

View graph of relations

Protecting Cloud-Based CIs: Covert Channel Vulnerabilities at the Resource Level

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNChapter

Published
  • T. Vateva-Gurova
  • S. Manzoor
  • R. Trapero
  • Neeraj Suri
  • Marin Tordera E.
  • Fournaris A.P. (Editor)
  • Lampropoulos K.
Close
Publication date30/01/2019
Host publicationInformation and Operational Technology Security Systems: First International Workshop, IOSec 2018, CIPSEC Project, Heraklion, Crete, Greece, September 13, 2018, Revised Selected Papers
PublisherSpringer-Verlag
Pages27-38
Number of pages12
Volume11398 LNCS
ISBN (Print)9783030120849
<mark>Original language</mark>English

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11398 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Abstract

Critical Infrastructures (CIs) increasingly leverage Cloud computing given its benefits of on-demand scalability, high availability and cost efficiency. However, the Cloud is typically characterized by the co-location of users from varied security domains that also use shared computing resources. This introduces a number of resource/architecture-level vulnerabilities. For example, the usage of a basic shared storage component, such as a memory cache, can expose the entire Cloud system to security risks such as covert-channel attacks. The success of these exploits depends on various execution environment properties. Thus, providing means to assess the feasibility of these attacks in a specific execution environment and enabling postmortem analysis is needed. While attacks at the architectural level represent a potent vulnerability to exfiltrate information, the low-level often get neglected with techniques such as intrusion detection focused more on the high-level network/middleware threats. Interestingly, cache-based covert-channel attacks are typically not detectable by traditional intrusion detection systems as covert channels do not obey any access rights or other security policies. This paper focuses on the information provided at the low architectural level to cope with the cache-based covert-channel threat. We propose the usage of feasibility metrics collected at the low level to monitor the core-private cache covert channel and, infer information regarding the probability of a covert-channel exploit happening. We also illustrate the applicability of the proposed feasibility metrics in a use case.