A New Prime and Probe Cache Side-Channel Attack for Cloud Computing

Cloud computing is considered one of the most dominant paradigms in the Information Technology (IT) industry nowadays. It supports multi-tenancy to fulfil future increasing demands for accessing and using resources provisioned over the Internet. However, multi-tenancy in cloud computing has unique vulnerabilities such as clients' co-residence and virtual machine physical co-residency. Physical co-residency of virtual machines can facilitate attackers with an ability to interfere with another virtual machine running on the same physical machine due to an insufficient logical isolation. In the worst scenario, attackers can exfiltrate sensitive information of victims on the same physical machine by using hardware side-channels. There are various types of side-channels attacks, which are classified according to hardware medium they target and exploit, for instance, cache side-channel attacks. CPU caches are one of the most hardware devices targeted by adversaries because it has high-rate interactions and sharing between processes. This paper presents a new Prime and Probe cache side-channel attack, which can prime physical addresses. These addresses are translated form virtual addresses used by a virtual machine. Then, time is measured to access these addresses and it will be varied according to where the data is located. If it is in the CPU cache, the time will be less than in the main memory. The attack was implemented in a server machine comparable to cloud environment servers. The results show that the attack needs less effort and time than other types and is easy to be launched.