Open Access  Subscription Access

Information leakage introduced by side channel attacks (SCA) has become a serious threat to the cloud. Using SCA, malicious users can steal private information from other virtual machines by analyzing third party distinct resource-contention responses. To the best of our knowledge, the investigation in detecting SCA in the cloud is very limited. In this paper, we introduce a novel approach for detecting cache-based side channel attacks, named SideDetector, based on the observation that the creation of a side channel has certain effects on the resource utilization in both the host machines and virtual machines. First, exploring this observation, we analyze the attack features from both the hosts and guests and propose four detection metrics. Second, we investigate the use of cascade detection mode, which consists of the stage of host detection and guest detection. Third, shape tests and regularity tests are used to calculate the detection metrics, and pattern recognition techniques are used to indicate the attacks. Finally, we conduct a series of experiments to evaluate the SideDetector. The experimental results show that SideDetector is capable of detecting the cache-based side channel attacks in the cloud effectively.

Cloud computing; Virtualization; Information security; Side channel attacks; Attack detection