ConfMVM: a hardware-assisted model to confine malicious VMs

Zirak Allaf; Mo Adda; Alexander Gegov

doi:10.1109/UKSim.2018.00021

ConfMVM: a hardware-assisted model to confine malicious VMs

Zirak Allaf, Mo Adda, Alexander Gegov

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

201 Downloads (Pure)

Abstract

Vulnerabilities in both hardware and software have exposed them to the lack of managing programs securely in the computational environment, giving hackers the means to conduct side channel attacks with intention to steal sensitive information, including secret encryption keys. Current techniques enable attackers to exploit vulnerabilities at the micro-architecture level to build side channels. A typical example is the use of the Flush+Reload technique in the Meltdown attack [1]. This paper proposes the detection of malicious loop activities within the Flush+Reload programs through the introduction of a new classification technique. Most current detection models, approach the side channel attacks, by relying on the correlation between attacker and victim programs through the use of machine learning algorithms. This paper differs from such models. It solely analyse the malicious loop activities inside the Flush+Reload attack program and does not seek to synchronise victim and attacker programs. The model proposed has the ability to classify Flush+Reload attacks with a level of accuracy approaching 99% for native and 96% for cloud systems without increasing the cost of detection in a cloud systems above that in native systems.

Original language	English
Title of host publication	2018 UKSim-AMSS 20th International Conference on Modelling & Simulation
Editors	David Al-Dabass, Alessandra Orsoni, Richard Cant, Glenn Jenkins
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	49-54
Number of pages	6
ISBN (Electronic)	978-0-7695-6405-0
DOIs	https://doi.org/10.1109/UKSim.2018.00021
Publication status	Published - 27 Dec 2018
Event	UKSim2018: UKSim-AMSS 20th International Conference on Modelling & Simulation - Cambridge, United Kingdom Duration: 27 Mar 2018 → 29 Mar 2018

Publication series

Name	IEEE UKSim Proceedings Series
Publisher	IEEE
ISSN (Print)	2158-1657

Conference

Conference	UKSim2018
Country/Territory	United Kingdom
City	Cambridge
Period	27/03/18 → 29/03/18

Keywords

Side-Channel
Flush+Reload
Prime+Probe
HPC
Machine Learning
Cloud Computing
Cryptography

Access to Document

10.1109/UKSim.2018.00021

UKSIM_2018
© © 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Accepted author manuscript (Post-print), 237 KB

http://uksim.info/uksim2018/uksim2018.htm

Cite this

Allaf, Z., Adda, M., & Gegov, A. (2018). ConfMVM: a hardware-assisted model to confine malicious VMs. In D. Al-Dabass, A. Orsoni, R. Cant, & G. Jenkins (Eds.), 2018 UKSim-AMSS 20th International Conference on Modelling & Simulation (pp. 49-54). (IEEE UKSim Proceedings Series). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/UKSim.2018.00021

@inproceedings{4e6c4d6a42724b6ba393f6e5a8a8cc7d,

title = "ConfMVM: a hardware-assisted model to confine malicious VMs",

abstract = "Vulnerabilities in both hardware and software have exposed them to the lack of managing programs securely in the computational environment, giving hackers the means to conduct side channel attacks with intention to steal sensitive information, including secret encryption keys. Current techniques enable attackers to exploit vulnerabilities at the micro-architecture level to build side channels. A typical example is the use of the Flush+Reload technique in the Meltdown attack [1]. This paper proposes the detection of malicious loop activities within the Flush+Reload programs through the introduction of a new classification technique. Most current detection models, approach the side channel attacks, by relying on the correlation between attacker and victim programs through the use of machine learning algorithms. This paper differs from such models. It solely analyse the malicious loop activities inside the Flush+Reload attack program and does not seek to synchronise victim and attacker programs. The model proposed has the ability to classify Flush+Reload attacks with a level of accuracy approaching 99% for native and 96% for cloud systems without increasing the cost of detection in a cloud systems above that in native systems.",

keywords = "Side-Channel, Flush+Reload, Prime+Probe, HPC, Machine Learning, Cloud Computing, Cryptography",

author = "Zirak Allaf and Mo Adda and Alexander Gegov",

note = "Expected doi: 10.1109/UKSim.2018.0002; UKSim2018 : UKSim-AMSS 20th International Conference on Modelling & Simulation ; Conference date: 27-03-2018 Through 29-03-2018",

year = "2018",

month = dec,

day = "27",

doi = "10.1109/UKSim.2018.00021",

language = "English",

series = "IEEE UKSim Proceedings Series",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "49--54",

editor = "David Al-Dabass and Orsoni, {Alessandra } and Richard Cant and Glenn Jenkins",

booktitle = "2018 UKSim-AMSS 20th International Conference on Modelling & Simulation",

address = "United States",

}

Allaf, Z, Adda, M & Gegov, A 2018, ConfMVM: a hardware-assisted model to confine malicious VMs. in D Al-Dabass, A Orsoni, R Cant & G Jenkins (eds), 2018 UKSim-AMSS 20th International Conference on Modelling & Simulation. IEEE UKSim Proceedings Series, Institute of Electrical and Electronics Engineers Inc., pp. 49-54, UKSim2018, Cambridge, United Kingdom, 27/03/18. https://doi.org/10.1109/UKSim.2018.00021

ConfMVM: a hardware-assisted model to confine malicious VMs. / Allaf, Zirak; Adda, Mo ; Gegov, Alexander.
2018 UKSim-AMSS 20th International Conference on Modelling & Simulation. ed. / David Al-Dabass; Alessandra Orsoni; Richard Cant; Glenn Jenkins. Institute of Electrical and Electronics Engineers Inc., 2018. p. 49-54 (IEEE UKSim Proceedings Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - ConfMVM: a hardware-assisted model to confine malicious VMs

AU - Allaf, Zirak

AU - Adda, Mo

AU - Gegov, Alexander

N1 - Expected doi: 10.1109/UKSim.2018.0002

PY - 2018/12/27

Y1 - 2018/12/27

N2 - Vulnerabilities in both hardware and software have exposed them to the lack of managing programs securely in the computational environment, giving hackers the means to conduct side channel attacks with intention to steal sensitive information, including secret encryption keys. Current techniques enable attackers to exploit vulnerabilities at the micro-architecture level to build side channels. A typical example is the use of the Flush+Reload technique in the Meltdown attack [1]. This paper proposes the detection of malicious loop activities within the Flush+Reload programs through the introduction of a new classification technique. Most current detection models, approach the side channel attacks, by relying on the correlation between attacker and victim programs through the use of machine learning algorithms. This paper differs from such models. It solely analyse the malicious loop activities inside the Flush+Reload attack program and does not seek to synchronise victim and attacker programs. The model proposed has the ability to classify Flush+Reload attacks with a level of accuracy approaching 99% for native and 96% for cloud systems without increasing the cost of detection in a cloud systems above that in native systems.

AB - Vulnerabilities in both hardware and software have exposed them to the lack of managing programs securely in the computational environment, giving hackers the means to conduct side channel attacks with intention to steal sensitive information, including secret encryption keys. Current techniques enable attackers to exploit vulnerabilities at the micro-architecture level to build side channels. A typical example is the use of the Flush+Reload technique in the Meltdown attack [1]. This paper proposes the detection of malicious loop activities within the Flush+Reload programs through the introduction of a new classification technique. Most current detection models, approach the side channel attacks, by relying on the correlation between attacker and victim programs through the use of machine learning algorithms. This paper differs from such models. It solely analyse the malicious loop activities inside the Flush+Reload attack program and does not seek to synchronise victim and attacker programs. The model proposed has the ability to classify Flush+Reload attacks with a level of accuracy approaching 99% for native and 96% for cloud systems without increasing the cost of detection in a cloud systems above that in native systems.

KW - Side-Channel

KW - Flush+Reload

KW - Prime+Probe

KW - HPC

KW - Machine Learning

KW - Cloud Computing

KW - Cryptography

U2 - 10.1109/UKSim.2018.00021

DO - 10.1109/UKSim.2018.00021

M3 - Conference contribution

T3 - IEEE UKSim Proceedings Series

SP - 49

EP - 54

BT - 2018 UKSim-AMSS 20th International Conference on Modelling & Simulation

A2 - Al-Dabass, David

A2 - Orsoni, Alessandra

A2 - Cant, Richard

A2 - Jenkins, Glenn

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - UKSim2018

Y2 - 27 March 2018 through 29 March 2018

ER -

ConfMVM: a hardware-assisted model to confine malicious VMs

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this