Virtualization and cloud computing have become critical parts of modern enterprise computing infrastructure. One of the benefits of using cloud infrastructure over in-house computing infrastructure is the offloading of security responsibilities. By hosting one’s services on the cloud, the responsibility for the security of the infrastructure is transferred to a trusted third party. As such, security of customer data in cloud environments is of critical importance. Side channels and covert channels have proven to be dangerous avenues for the leakage of sensitive information from computing systems. In this work, we propose and perform two experiments to investigate side and covert channel possibilities in virtual, enterprise environments. The first experiment is centered around the use of sensor data available via Intelligent Platform Management Interface, an open standard for out-of-band management often shipped with enterprise-level servers. We show how power-related sensors available with minimal user privilege over IPMI can be correlated with the levels of CPU stress of a virtual machine on a server. This leads to our second experiment, in which we demonstrate a power analysis approach for establishing a covert channel for the exfiltration of data from a network-isolated virtual machine on a server rack. By applying the concept of power analysis more broadly to the power consumption of an entire server rack, rather than individual hardware components, we find that basic patterns in system load can be clearly identified using signal processing techniques, demonstrating the potential for establishing a covert channel.
Dr. Mitchell A. Thornton
Dr. Eric C. Larson
Dr. Michael A. Taylor
Number of Pages
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License
Wolf, Zechariah D.J., "Data Leakage in Isolated Virtualized Enterprise Computing Systems" (2023). Computer Science and Engineering Theses and Dissertations. 32.