Research On Virtual Cache Side Channel Attack And Defense In Cloud Environment

With the development of the digital economy,cloud computing services have brought serious security risks.In a cloud environment,virtual machines of different users may be built on the same physical host,causing the computing resources of the physical host to be shared and used among virtual machines,and relying on the allocation and scheduling of system resources by virtual machine monitors.The mode of shared resources brings risks to users.Malicious users can use the status information of shared resources to establish a threat model,which can steal the secret information of the same resident virtual machine and achieve side channel attacks in the cloud environment.Among them,the cache sharing mechanism has become the main attack point,using mode changes during cache access to extract information leaked by the cache during the operation of the cryptographic system,and analyzing the obtained information to trace the encryption system’s key,known as cache side channel attacks.This type of attack is fast,threatening,and highly secretive.In environments with attacks,it is very important to effectively protect encryption systems from cache side channel attacks.Therefore,the research on cache side channel attacks and defense in cloud environments is the focus of this article.Currently,both attack and defense techniques are continuously evolving,with significant room for improvement,such as transmission bit rate,scalability,and generality.In order to enhance the scalability of attacks and the applicability of defense,and to ensure user safety,the main work and results of this paper are as follows:(1)In this work,we propose a covert channel based on shared cache in virtual machines running on cloud servers,which provides a foundation for cache side-channel attacks.To overcome the limitations of previous attacks,we design an attack algorithm that uses a large shared array to transmit information and construct the cache covert channel attack.We propose a solution to ensure matching transmission rates between the sender and receiver,test suitable spacing to reduce error rates,and ensure proper channel operation.Through experimental analysis,we demonstrate that the channel achieves a transmission bit rate of1253 KB/s under different conditions,which represents a significant improvement compared to other classic covert channels and enables the construction of cache side-channel attacks.(2)A cache side-channel attack algorithm is proposed for cache covert channels.Based on the proposed cache covert channel,combined with the side-channel concept,the variation of cache access patterns is utilized to transform into a cache side-channel attack.On the basis of the threat model,100 attack iterations are performed on the RSA square-and-multiply algorithm,and the leaked information is identified and analyzed in terms of the password exponent.The effectiveness of the attack is verified.Instantaneous execution of the attack is achieved using the side-channel.Experiments are conducted and compared with other channels,showing that more information is leaked from the victim through the proposed side-channel attack.(3)Design and analysis of defense strategies against cache side-channel attacks are presented.A separate thread is designed to inject noise using prefetch instructions to interfere with attackers.The noise injection strategy is analyzed,and a case study is presented to protect the secrecy of the RSA square-and-multiply algorithm by confusing the victim’s cache access pattern.Experimental results demonstrate that the proposed strategy can effectively reduce information leakage and protect the secrecy of the algorithm’s looping process.The performance impact of the defense strategy is evaluated through experiments,and the results indicate that the proposed strategy can reduce information leakage and improve system performance by 7.4% compared to the scenario where an attacker is present.This paper aims to propose a cache side-channel attack in a cloud environment through the aforementioned work.Furthermore,defense strategies are designed and implemented to enhance the security of cryptographic systems and protect user information.