Side-channel Attacks and Countermeasures in Cloud Services and Infrastructures

Cloud computing relies on the sharing of resources between users of the same physical machine, to reduce costs through optimizing and increasing utilization. However, sharing these resources may be with malicious users, which could lead to confidentiality violations through co-residency attacks. These attacks may exploit the sharing of resources such as cache memory to reveal a legitimate user's recent activities. Multiple techniques and factors can be exploited to perform side-channel attacks and other microarchitectural attacks successfully. Therefore, despite all its benefits, multi-tenancy remains a risk factor in cloud computing. Without appropriate mitigation, this security risk could become the primary concern hindering cloud adoption. This doctoral paper proposes the integrated use of three approaches to provide the necessary protection for shared virtualized systems. These approaches provide self-protection for the virtual machine (VM) on which they are used by monitoring activities within shared virtualized systems, determining the threat level of suspicious VMs, and providing periodic scanning of the virtualized system against microarchitectural attacks and viruses.