This talk will describe first the landscape of side channel vulnerabilities, the types which are possible given different virtualization circumstances, and the basic primitives of an side-channel attack. This survey will contrast against the specific exploitation of a cloud based environment. We then look closely at the attack surface of common, cloud-based, hardware side channels. This includes the full hardware stack shared between supposedly isolated hosts and the similarities and differences in exploiting each hardware resource. Following this, demonstrations of two separate attacks, one in the cache and a novel side channel across the pipeline, will be made to show the theory behind what is being discussed. To conclude, we review possible mitigations at the hardware, hypervisor, and client software level, as well as give our thoughts on the future of side channels in the cloud.
Presented at
Resources
Author
- Sophia D'Antoine