Detecting VMs Co-residency in Cloud: Using Cache-based Side Channel Attacks

Virtual machine technology enables the cloud to offer large scale and flexible computing ability. However, it also introduces a range of new vulnerabilities. Malicious users can extract sensitive information from other users covertly via side channel attacks, which breaks the isolation between the co-resident virtual machines (VMs). In this paper, we investigate such a security threat and propose the VMs Co-residency Detection Scheme via cache-based side channel attacks (VCDS) to get the location of the specified VM. Using load preprocessor based on cubic spline interpolation, VCDS makes the raw measurements more smoothing and relevant. With the load predictor based on linear regression model, VCDS probe cache load changes produced by the victim VM more accurately and effectively. Based on the normal cloud model, VCDS computes the co-residency probability to describe VMs co-residency quantitatively. The experimental results show that VCDS improves the true detection rate effectively even with an interference of the co-resident noisy VM compared to the existing schemes. DOI: http://dx.doi.org/10.5755/j01.eee.19.5.2422