Chapter 37. Side Channels and Covert Communications in Cloud Environments
Side-channel attacks abuse information leaked by the processing system, rather than directly attacking the system itself. Attackable side channels include analysis of power, electromagnetic emissions, acoustics, heat, and timing. Historically, side-channel attacks were predominantly focused on cryptographic systems. With the adoption of hypervisors and cloud computing, recent research has focused on cross–virtual machine side channels, mostly using CPU cache timing techniques. Even though side-channel attacks are typically slow and often provide only partial data recovery, sophisticated attacks have been demonstrated in public clouds, including stealing encryption keys and creating covert channels between cooperating non-networked systems.
In 2009, researchers from the University of California and the Massachusetts Institute of Technology published a paper demonstrating techniques for coresiding an attacker’s virtual machine on the same physical host as a victim in Amazon EC2.1 They also demonstrated some basic side-channel attacks, including low-bandwidth covert channels between cooperating coresident hosts using both hard disk and memory bus contention timing. By 2017, researchers from Graz University of Technology in Austria had developed a practical covert channel ...