You share, you leak: Practical side-channel attacks and defenses in modern clouds

Zhao, Zirui

Permalink

https://hdl.handle.net/2142/125550 Copy

Description

Title

You share, you leak: Practical side-channel attacks and defenses in modern clouds

Author(s)

Zhao, Zirui

Issue Date

2024-07-02

Director of Research (if dissertation) or Advisor (if thesis)

Torrellas, Josep

Doctoral Committee Chair(s)

Torrellas, Josep

Committee Member(s)

• Fletcher, Christopher W.
• Marinov, Darko
• Morrison, Adam
• Qureshi, Moinuddin K.
• Tiwari, Mohit

Department of Study

Computer Science

Discipline

Computer Science

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

Ph.D.

Degree Level

Dissertation

Keyword(s)

• Microarchitectural side-channel attacks and defenses
• Cloud computing

Abstract

Over the past few decades, the pursuit of higher computational density and resource sharing has resulted in substantially improved performance and efficiency of modern computer systems. However, this shift has also introduced serious security concerns, notably side-channel attacks. Public cloud computing, with its ever-growing market size and extensive hardware resource sharing among mutually-distrusting tenants, stands out as a prime target for these attacks. Recognizing these threats, this thesis delves deeply into both side-channel vulnerabilities and defenses in public cloud environments. On the attack front, this thesis examines the intricacies of conducting end-to-end side-channel attacks in modern public clouds, including how to co-locate with the victim program and set up side channels to extract information in a noisy, dynamic production cloud environment. This thesis introduces methods to increase the likelihood of an attacker co-locating with a target victim, filling a critical gap for side-channel attacks in public clouds. Additionally, the thesis presents novel techniques for setting up and monitoring cache-based side channels in a noisy public cloud environment. The result of both works is the first demonstration of cross-tenant information leakage in the Google Cloud. On the defense front, this thesis introduces Untangle, a framework to quantify information leakage in schemes that perform dynamic partitioning of hardware resources, which are promising side-channel defenses. Using Untangle, the thesis proposes design principles and defense mechanisms to tightly bound and reduce the leakage, resulting in low-leakage high-performance dynamic partitioning schemes. Besides defending against conventional side-channel attacks, this thesis also develops both hardware-only and hardware-software co-design mechanisms to substantially reduce the execution overhead of transient execution defenses. Finally, this thesis also explores new side channels in modern Intel processors and develops defenses for microarchitectural replay attacks, an emerging type of attack.

Graduation Semester

2024-08

Type of Resource

Thesis

Handle URL

https://hdl.handle.net/2142/125550

Copyright and License Information

Copyright 2024, Zirui Zhao

Owning Collections