Bazm et al., 2019 - Google Patents
Isolation in cloud computing infrastructures: new security challengesBazm et al., 2019
- Document ID
- 10040996022126640826
- Author
- Bazm M
- Lacoste M
- Südholt M
- Menaud J
- Publication year
- Publication venue
- Annals of Telecommunications
External Links
Snippet
Cloud computing infrastructures share hardware resources among different clients, leveraging virtualization to multiplex physical resources among several self-contained execution environments such as virtual machines or Linux containers. Isolation is a core …
- 238000002955 isolation 0 title abstract description 42
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/44—Arrangements for executing specific programmes
- G06F9/455—Emulation; Software simulation, i.e. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5061—Partitioning or combining of resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/08—Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
- G06F12/1491—Protection against unauthorised use of memory or access to memory by checking the subject access rights in a hierarchical protection system, e.g. privilege levels, memory rings
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Ge et al. | A survey of microarchitectural timing attacks and countermeasures on contemporary hardware | |
| Lyu et al. | A survey of side-channel attacks on caches and countermeasures | |
| Schwarz et al. | Malware guard extension: Using SGX to conceal cache attacks | |
| Costan et al. | Sanctum: Minimal hardware extensions for strong software isolation | |
| Dinh Ngoc et al. | Everything you should know about Intel SGX performance on virtualized systems | |
| Bazm et al. | Isolation in cloud computing infrastructures: new security challenges | |
| US9813445B2 (en) | Taint injection and tracking | |
| Anwar et al. | Cross-VM cache-based side channel attacks and proposed prevention mechanisms: A survey | |
| Shi et al. | Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring | |
| US9460290B2 (en) | Conditional security response using taint vector monitoring | |
| US8955111B2 (en) | Instruction set adapted for security risk monitoring | |
| US20190108332A1 (en) | Taint injection and tracking | |
| US20150128262A1 (en) | Taint vector locations and granularity | |
| Bazm et al. | Side-channels beyond the cloud edge: New isolation threats and solutions | |
| Mushtaq et al. | Winter is here! A decade of cache-based side-channel attacks, detection & mitigation for RSA | |
| Mittal et al. | A survey of techniques for improving security of gpus | |
| Semal et al. | Leaky controller: Cross-VM memory controller covert channel on multi-core systems | |
| Shahzad et al. | Virtualization technology: Cross-VM cache side channel attacks make it vulnerable | |
| Sangeetha et al. | An optimistic technique to detect cache based side channel attacks in cloud | |
| Saxena et al. | Preventing from cross-VM side-channel attack using new replacement method | |
| Raj et al. | Keep the PokerFace on! Thwarting cache side channel attacks by memory bus monitoring and cache obfuscation | |
| Han et al. | Secure and dynamic core and cache partitioning for safe and efficient server consolidation | |
| Ainapure et al. | Understanding perception of cache-based side-channel attack on cloud environment | |
| Bazm et al. | Side channels in the cloud: Isolation challenges, attacks, and countermeasures | |
| Younis et al. | Preventing and detecting cache side-channel attacks in cloud computing |