Presentation is loading. Please wait.

Presentation is loading. Please wait.

ConfMVM: A Hardware-Assisted Model to Confine Malicious VMs

Similar presentations


Presentation on theme: "ConfMVM: A Hardware-Assisted Model to Confine Malicious VMs"β€” Presentation transcript:

1 ConfMVM: A Hardware-Assisted Model to Confine Malicious VMs
Zirak Allaf

2 Contents What is Side Channel Attack? Background
Detection System Overview Methodology Rresults and Discussion Conclusion and Future works

3 1. What is Side Channel Attack
Is the action of stealing information by exploiting h/s vulnerabilities to provide unauthorised communication between two entities in shared systems The Attack Characteristics: Such attacks do not require any privileges CPU cycles were the original key factors in both attack and countermeasures There are two main attack techniques: Flush+Reload Prime+Probe

4 Flush+Reload Main Memory LLC Cache 𝒑𝒓𝒐𝒄𝒆𝒔𝒔𝒐𝒓 𝒄𝒐𝒓𝒆 π’Š 𝑳 𝟐 𝑳 𝟏 Attacker
π‘π‘Žπ‘”π‘’ 1 π‘π‘Žπ‘”π‘’ 2 π‘π‘Žπ‘”π‘’ 3 Shared area to store AES look-up table . π‘π‘Žπ‘”π‘’ 𝑛 LLC Cache 𝑠𝑒𝑑 1 𝑠𝑒𝑑 2 𝑠𝑒𝑑 3 . 𝑠𝑒𝑑 𝑛 𝒑𝒓𝒐𝒄𝒆𝒔𝒔𝒐𝒓 𝒄𝒐𝒓𝒆 π’Š 𝑳 𝟐 Attacker n=3000, threshold 𝑳 𝟏 Victm loop ( 1 to n) AESEncrypt() end loop (0= to 255, step 16) end loop 𝑠𝑒𝑑 3 21 a1 loop (add=start 𝑝 2 to end 𝑝 2 ) End loop access(add) 𝑠𝑒𝑑 3 flush(add) 𝑠𝑒𝑑 3 a1 wait() 𝑠𝑒𝑑 3 a1 if time(add)<threshold accessed by victim else not accessed accessed by victim

5 3. Detection System Overview

6 4. Methodology Standard Performance Evaluation Corporation (SPEC)
It is designed to provide performance measurement which can be used to compute sensitive workloads on different computer systems. SPEC benchmark suite includes 29 applications which are written in C,C++ and Fortran There two types: SPECint 2006: 12 applications (bzip2, gcc) SPECfp 2006: 17 applications (bwaves, dealII) Hardware Performance Counters (HPCs) Events Model Specific Registers (MSR) Kernel privilege There are two types of PMC: Three fixed function registers (core cycles, reference cycles and core instructions) four programmable events (e.g. L3 misses, branch predictions)

7 4. Methodology (cont’d) Hardware and Software Specifications
HP Proliant DL360 G7 Intel’s Xeon X GHz 16 GB RAM Ubuntu 14.04 K-Nearest Neighbors (k-NN) Instance-based algorithm Hamming measurements 𝐷 𝐻 = 𝑖=0 π‘˜ |π‘₯βˆ’π‘¦|

8 4. Methodology (cont’d) Data collection Processor core-based profiling
Preprocessing Window size = 0.2 Β΅p Data aggregation

9 5. Results The distribution of ROC curves in native system

10 5. Results (cont’d) The distribution of ROC curves in cloud system

11 6. Conclusion and Future works
The detection system of side channel attacks classification Hardware Performance Counter (HPCs) host system events relevant to a Flush+Reload attack 99% and 96% respectively under SPEC CPU2006 workloads Limitation and Future Work detect techniques such as Prime+Probe due to the behaviour of the malicious loop inside the program

12 Spinnaker Tower End slide

13 Questions


Download ppt "ConfMVM: A Hardware-Assisted Model to Confine Malicious VMs"

Similar presentations


Ads by Google