A LLC-based DoS Attack Technique on Virtualization System with Detection and Prevention Model

Businesses have observed a paradigm shift from traditional computing models to "pay as you use" Cloud Computing model. Major Cloud Service Providers(CSPs) like Amazon AWS and Microsoft Azure use virtualization technologies to provide users with Virtual Machines(VM) as they require for the computations. Many VMs unknown to each other are co-located on the same physical machine to maximize resource utilization. However, this poses a serious threat to the security of cloud users. Recent research has shown the evidence of reconstructing secret keys from co-located target VM via creation of side-channels. In this paper, an LLC DoS attack technique named as Continuous Flush is presented which aims to degrade processor performance. A significant increase in CPU cycles and cache misses are observed which results in under-utilization of CPU. This attack can be a threat to the cloud infrastructure. Moreover, such attack may also violate the cloud Service Level Agreement(SLA) present between CSPs and its customers which may further affect the reputation of the CSPs in turn affecting the businesses. A generalized Hypervisor-based Intrusion Detection and Prevention System model is proposed wherein the detection model is focusing on cache attacks in the cloud environment combining several strategies and prevention model will isolate the malicious VM which will be charged significantly higher by CSP.