| Since the concept of Cloud computing is proposed,it has been a decade.At present,the worldwide commercial cloud computing business has entered an important period of vigorous development.Meanwhile,cloud computing is gradually regarded as the IT in-frastructure for storing data and deploying services.However,due to the characteristics of multi-tenant dynamic aggregation and boundary decentralization,cloud computing platform is inherently hard to resist the security threats brought by sharing computing resources between virtual machines(VM).Among them,cross-virtual machines side channel threats are the first to bear the brunt of a co-located attacker.Because of"virtual isolation but physical coexistence" characteristics in cloud which allows virtual machines to share most of the resources in the same physical host,malicious virtual machines will destroy data confidentiality and resource availability,causing serious se-curity problems,which will do great harm to large-scale business users and ordinary cloud tenants.This thesis focuses on protecting the virtual machine from timing-based side channel attacks on the cloud platform,and elaborates the related research back-ground and basic knowledge.Aiming on cross-virtual machine side-channel attacks,the thesis studies the virtual machine co-resident solution in commercial cloud platform to guide the later avoidance;makes use of hardware-assited virtualization technology and event correlation algorithm to detect the presence of the timing covert channel;takes advantage of virtual machine introspection and CPU hardware features to locate side-channel threats;Finally,leverages CPU hardware features to build a dynamic time blurring system to support side channel defense.The specific contents include:(1)Construction and optimization schemes for side channel attacks in cloud have been proposed.Side channel based on microprocessor architecture is very common in multi-user computer systems.However,in a noisy production cloud environment,only one branch of side channels exists—the timing-based side channel.Virtual machine migration,vCPU scheduling and Hypervisor activities adds a lot of noise to this“only”timing-based side channel and poses challenges to channel construction and precise synchronization.This thesis studies two typical cross-VM timing channels:the Last Level Cache-based channel and the memory bus contention-based channel,and gives a series of construction and optimization schemes.These schemes can overcome the difficulties of channel construction in virtualization environments,making full use of the characteris-tics of the channel carrier,greatly enhancing the accuracy of channel transmission,and can be adopted for attacks in the real cloud environment.(2)A comprehensive virtual machine co-residency scheme has been proposed."For workers to be good,must first sharpen." If an attacker intends to implement an attack on a cloud computing platform,he/she must first make the attacker virtual machine co-located with the target virtual machine.Through in-depth study of a commercial cloud business strategy and service agree-ments and a series of experiments,the thesis probes the internal deployment structure of it and proposes a automatic VM flooding scheme based on posterior probability is proposed.Through this scheme,the probability that the target virtual machine dis-tributed to each physical host can be acquired,which reduces the experimental costs and overheads of the same attack and provides theoretical guidance for the next attack of the attacker.The co-residency method combined with covert detection method and automated virtual machine flooding strategy successfully conducted in the commercial cloud.As a typical malicious behavior against the cloud platform,the error rate of thefalse positive is no more than 0.5%,with strong robustness and low cost,so it is urgent for the major cloud service providers to pay attention to and prevent them.(3)A universal covert channel detection method has been proposed from the idea of resource sharing.Covert channel is an important threat information security system,and it is common in operating systems.The ones in cloud computing environment are more diverse and difficult to be found.Therefore,this thesis builds a general detection model for covert channel detection,which can detect hidden side channels in system level and process level.From the two-way relationships between the clock,the event,and the covert chan-nel,it is clear that the event possesses the ability to transmit a secret information.Therefore,event correlation analysis will be an intrinsically effective solution to covert channel detection.Therefore,the proposed scheme mainly aims at the potential threat of covert channel in cloud environment,fully consider the difference between virtualized architecture and ordinary computing environment,explores the characteristics of covert channel by event recording mechanism,and traverses for possible results using resource matrix method.An analysis based on event logs and security profiles is presented,fitting the features of today's cloud computing and data center environments.At the same time,the designed scheme uses a penetrating physical security configuration scan-ning method to collect the necessary event log and security policy in the information collection stage,which makes that the cloud provider does not need to worry about the state space explosion.It also improves the original shared resource matrix method,pre-processes the event log and security configuration file,and reduces the cost of building a shared resource matrix.Furthermore,according to the actual application scenario,the experiments are designed and compared with results of existing methods to verify the advantages of the proposed scheme.(4)A side channel threat location scheme has been proposed.In order to overcome.the shortage of current cross-VM side channel localization methods and the inaccuracy of existing threat location technologies,this thesis designs a framework based on hard-ware features and VM introspection to detect and locate the cross-virtual machine side channel attacks.Modern CPUs contain many hardware features for performance analysis,which we use to learn about a number of side channel threats.By measuring their performance in terms of overheads(such as Cache hit,branch transfer,and run time),different side channels are analyzed multi-dimensionally and different strategies are customized for signature-based detection.At the mean time,by introducing the accurate address in-formation of LBR,and by introducing virtual machine introspection technology,the scheme can obtain and semantically translate the meta-data of side channel threats.On this basis,combined with binary memory analysis technology,it restores the trace-ability with the smallest priori knowledge and the accurate address of the side channel threat.The scheme combines detection and localization,and uses the existing informa-tion transmission mechanism of Hypervisor to construct a fast channel for information analysis and distribution,which solves the challenge of gathering information of virtual machines in a cloud environment.As much as possible,the prototype system inte-grates virtual machine introspection tools and memory analysis tools with the existing architecture to quickly and transparently find the key malicious code in memory.The solution takes the lead in solving the problem of positioning the side channel attack in virtual machines and helps the virtual machine audit.(5)A side channel defense scheme has been proposed.With the advent of new cross-VM side channels,researchers have come up with some targeted methods to mitigate side channels.It may be a good idea to populate the sensitive operation's runtimes ran-domly,or at fixed,or multiple times.However,existing mitigation methods introduce a lot of deliberate time delays and require cloud tenants to always suffer this performance loss.One type of research includes ways to eliminate fine-grained clock sources in the Hypervisor layer.These methods,on the one hand,tamper with the clock and affect the operation of many time-sensitive applications.On the other hand,changing the system clock for a long time would have a huge impact on system performance.This thesis proposes a side channel protection approach that allows virtual ma-chines to request fuzzy clock sources dynamically.It uses hardware virtualization ex-tension technologies to devise a lightweight and effective method to achieve the overall side channel protection.The RDTSC instruction interception provided by the Intel VT-X emulates a virtual clock source and provides it to the user.Moreover,it overloads the VMFUNC instruction interface in a novel way that allows applications on virtual machines to send on-demand requests to the Hypervisor,to "just enough" obscure the lowest n bits of the TSC,which prevent other malicious virtual machines from accurate time measurement.The approach also has versatility and extremely high availability.This thesis demonstrates the defense effect of this scheme on multiple covert channels.Meanwhile,it gives the extent that the TSC values of guest VMs should be obscured in these attack scenarios.In terms of performance analysis,experiments on three dif-ferent workloads show that the proposed scheme has tiny overhead in cryptographic applications.In the most common Web-server application among cloud environment,this scheme has lower performance overhead than existing defensive methods.In summary,this paper systematically studies new threats in cloud environment from multiple aspects such as attacks,detections,and defenses,and makes innovative contributions to both offensive and defensive ends.Combining CPU hardware features and virtualization technology,taking commonality and transparency as the starting point,several cross-VM side channel detection,location and defense schemes are pro-posed,which provides new ideas for the solution of this problem.This article is a further enrichment and innovation of researches on cloud computing security and virtualization security,and a great significance for enhancing the security of the cloud platform. |
PDF Full Text Request