A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit <a rel="external noopener" href="http://www.jcomputers.us/vol9/jcp0904-30.pdf">the original URL</a>. The file type is <code>application/pdf</code>.
<i title="International Academy Publishing (IAP)">
<a target="_blank" rel="noopener" href="https://fatcat.wiki/container/3uo3zcmrgvgspdzqe6w6sjoezq" style="color: black;">Journal of Computers</a>
Virtualization is a key enabling technology in cloud computing. Multiple tenants can share computing resource of cloud provider on demand. While sharing can reduce the expenses of computing, it brings security vulnerability as well since the isolation between different VMs could be violated through side-channel attacks. Recent researches point out that by leveraging memory bus contention, two colluded malware within different VMs (but on the same host) may use diversity of memory access latency<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.4304/jcp.9.4.1005-1013">doi:10.4304/jcp.9.4.1005-1013</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/3we7r7vi3vbu3h3umwr3krlawm">fatcat:3we7r7vi3vbu3h3umwr3krlawm</a> </span>
more »... as a covert channel to deliver security critical information, such as user passwords or credit card numbers, which can bypass access control policies enforced by the guest OS or even the hypervisor. The bandwidth of such covert channel could be up to hundreds of kilobytes per second, which is fast enough to transfer large data objects. In this paper we propose a covert channel aware scheduler that considers security as first class to mitigate such sidechannel attack. The scheduler is able to control the execution time overlapping of different VMs, and can also inject noise periodically to mitigate the threat of potential side channels. We have built a prototype of the proposed scheduler that enables overlapping control and noise injection. The performance evaluations show that the overhead introduced is acceptable. Meanwhile, the new scheduler offers the user to dynamically configure scheduling parameters to adapt to diverse circumstances, in order to make a balance between performance and security.
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20170810151243/http://www.jcomputers.us/vol9/jcp0904-30.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/47/7c/477c42b30f6a4c442ae0514c792d774a4e5f41dc.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.4304/jcp.9.4.1005-1013"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="unlock alternate icon" style="background-color: #fb971f;"></i> Publisher / doi.org </button> </a>