Refine
Document Type
Conference Type
- Konferenzartikel (2)
Has Fulltext
- no (3) (remove)
Is part of the Bibliography
- yes (3) (remove)
Keywords
- Cloud Computing (3) (remove)
Institute
Open Access
- Closed Access (2)
- Open Access (1)
Covert channels have been known for a long time because of their versatile forms of appearance. For nearly every technical improvement or change in technology, such channels have been (re-)created or known methods have been adapted. For example, the introduction of hyperthreading technology has introduced new possibilities for covert communication between malicious processes because they can now share the arithmetic logical unit as well as the L1 and L2 caches, which enable establishing multiple covert channels. Even virtualization, which is known for its isolation of multiple machines, is prone to covert- and side-channel attacks because of the sharing of resources. Therefore, it is not surprising that cloud computing is not immune to this kind of attacks. Moreover, cloud computing with multiple, possibly competing users or customers using the same shared resources may elevate the risk of illegitimate communication. In such a setting, the “air gap” between physical servers and networks disappears, and only the means of isolation and virtual separation serve as a barrier between adversary and victim. In the work at hand, we will provide a survey on vulnerable spots that an adversary could exploit trying to exfiltrate private data from target virtual machines through covert channels in a cloud environment. We will evaluate the feasibility of example attacks and point out proposed mitigation solutions in case they exist.
Ein besonderes Merkmal mobiler Dienste ist die Möglichkeit, kontextuelle Gegebenheiten, wie etwa die individuelle Benutzungssituation, bei der Diensterbringung zu berücksichtigen. Mit der Entkoppelung von Lernort und -zeit lässt sich eine Flexibilisierung des Lernprozesses und zugleich eine Integration in reale Arbeitsprozesse, wie z.B. Fertigungsprozesse, erreichen. Durch dieVerwendung mobiler Geräte sind Lernmaterialien direkt am Ort des Geschehens verfügbar. Ziel des kontextbezogenen Lernens ist es daher einen unmittelbaren Zusammenhang zwischen den angebotenen Lernmedien und der Situation, in der sich der Lernende befindet, herzustellen. Existierende Kategorie-Systeme zurKlassifizierung von Kontext genügen dieser Anforderung in der Regel nicht. In diesem Beitrag beschreiben wir Szenarien für kontextbezogenes mobile Learning am Beispiel von Fertigungsprozessen sowie Lösungsansätze für kontextbezogene mobile Dienste.
Several cloud schedulers have been proposed in the literature with different optimization goals such as reducing power consumption, reducing the overall operational costs or decreasing response times. A less common goal is to enhance the system security by applying specific scheduling decisions. The security risk of covert channels is known for quite some time, but is now back in the focus of research because of the multitenant nature of cloud computing and the co-residency of several per-tenant virtual machines on the same physical machine. Especially several cache covert channels have been identified that aim to bypass a cloud infrastructure's sandboxing mechanism. For instance, cache covert channels like the one proposed by Xu et. al. use the idealistic scenario with two alternately running colluding processes in different VMs accessing the cache to transfer bits by measuring cache access time. Therefore, in this paper we present a cascaded cloud scheduler coined C 3 -Sched aiming at mitigating the threat of a leakage of customers data via cache covert channels by preventing processes to access cache lines alternately. At the same time we aim at maintaining the cloud performance and minimizing the global scheduling overhead.