{"title":"多租户环境中的侧通道","authors":"M. Reiter","doi":"10.1145/2808425.2808426","DOIUrl":null,"url":null,"abstract":"Due to the massive adoption of computing platforms that consolidate potentially distrustful tenants' applications on common hardware---both large (public clouds) and small (smartphones)---the security provided by these platforms to their tenants is increasingly being scrutinized. In this talk we review highlights from the last several years of research on a long-suspected but, until recently, largely hypothetical attack vector on such platforms, namely side-channel attacks. In these attacks, one tenant learns sensitive information about another tenant simply by running on the same hardware with it, but without violating the logical access control enforced by the platform's isolation software (virtual machine monitor or operating system). We will then summarize various strategies we have explored to defend against side-channel attacks in their various forms, both inexpensive defenses against specific attacks and more holistic but expensive protections.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Side Channels in Multi-Tenant Environments\",\"authors\":\"M. Reiter\",\"doi\":\"10.1145/2808425.2808426\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Due to the massive adoption of computing platforms that consolidate potentially distrustful tenants' applications on common hardware---both large (public clouds) and small (smartphones)---the security provided by these platforms to their tenants is increasingly being scrutinized. In this talk we review highlights from the last several years of research on a long-suspected but, until recently, largely hypothetical attack vector on such platforms, namely side-channel attacks. In these attacks, one tenant learns sensitive information about another tenant simply by running on the same hardware with it, but without violating the logical access control enforced by the platform's isolation software (virtual machine monitor or operating system). We will then summarize various strategies we have explored to defend against side-channel attacks in their various forms, both inexpensive defenses against specific attacks and more holistic but expensive protections.\",\"PeriodicalId\":300613,\"journal\":{\"name\":\"Cloud Computing Security Workshop\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-10-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Cloud Computing Security Workshop\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2808425.2808426\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cloud Computing Security Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2808425.2808426","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Due to the massive adoption of computing platforms that consolidate potentially distrustful tenants' applications on common hardware---both large (public clouds) and small (smartphones)---the security provided by these platforms to their tenants is increasingly being scrutinized. In this talk we review highlights from the last several years of research on a long-suspected but, until recently, largely hypothetical attack vector on such platforms, namely side-channel attacks. In these attacks, one tenant learns sensitive information about another tenant simply by running on the same hardware with it, but without violating the logical access control enforced by the platform's isolation software (virtual machine monitor or operating system). We will then summarize various strategies we have explored to defend against side-channel attacks in their various forms, both inexpensive defenses against specific attacks and more holistic but expensive protections.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
