Security Aware Virtual Machine Allocation Policy to Improve QoS

Cloud service providers find managing the energy consumption for datacentres as a critical operation. Significant energy is being used by a rising spike in the number of data centres. To overcome this challenge datacentres, attempt to reduce the number of active physical servers by carrying out virtual machine consolidation process. However, due to inadequate security measures to verify hostile cloud users, the security threats on cloud multitenancy platform have escalated.  In this paper we propose energy efficient virtual machine consolidation using priority-based security aware virtual machine allocation policy to improve datacentre security. The proposed security solution considers the host threat score before virtual machine placement, which has reduced the security threats for co-residency attacks without impacting datacentre energy consumption

Optimising Security, Power Consumption and Performance of Embedded Systems

Increased interest in multicore systems has led to significant advancements in computing power, but it has also introduced new security risks due to covert channel communication. These covert channels enable the unauthorized leakage of sensitive information, posing a grave threat to system security. Traditional examples of covert channel attacks involve exploiting subtle variations such as temperature changes and timing differences to clandestinely transmit data through thermal and timing channels, respectively. These methods are particularly alarming because they demand minimal resources for implementation, thus presenting a formidable challenge to system security. Therefore, understanding the different classes of covert channel attacks and their characteristics is imperative for devising effective countermeasures. This thesis proposes two novel countermeasures to mitigate Thermal Covert Channel (TCC) attacks, which are among the most prevalent threats. In the first approach, we introduce the Selective Noise-Based Countermeasure. This novel technique disrupts covert communication by strategically adding a selective noise (extra thread) to the temperature signal to generate more heat and change its pattern. This intervention significantly increases the Bit Error Rate (BER) to 94%, thereby impeding data transmission effectively. Building upon this, the second strategy, termed Fan Speed Control Countermeasure, dynamically adjusts fan speed to reduce system temperature further, consequently decreasing the thermal signal frequency and shutting down any meaningful transmission. This methodology achieves a high BER (98%), thereby enhancing system security. Furthermore, the thesis introduces a new threat scenario termed Multi-Covert Channel Attacks, which demands advanced detection and mitigation techniques. To confront this emerging threat, we propose a comprehensive two-step approach that emphasizes both detection and tailored countermeasures. This approach leverages two distinct methodologies for implementation, with the primary goal of achieving optimal performance characterized by high BER and low power consumption. In the first method, referred to as the double multi-covert channel, we employ two distinct frequency ranges for the timing and thermal covert channels. Through extensive experimentation, we demonstrate that this approach yields a high BER, providing a formidable challenge to various defense strategies. However, it is noteworthy that this method may potentially lead to overheating issues due to the increased operational load. Alternatively, our second method, the single multi-covert channel, employs a single frequency range for data transmission. Notably, this approach addresses the overheating concerns associated with the double multi-covert channel, thereby reducing power consumption and minimizing the risk of system overheating. The experimental results presented in this thesis demonstrate the efficacy of the proposed strategies. By adopting a two-different approach, we not only enhance detection capabilities but also mitigate potential risks such as overheating. Our findings contribute significantly to the ongoing discourse on covert channel attacks and offer valuable insights for developing robust defense mechanisms against evolving threats. By providing insights into both traditional and emerging covert channel threats in multicore systems, this thesis significantly contributes to the field of multi-embedded system security. The proposed countermeasures demonstrate tangible security improvements, while the exploration of multi-covert channel attacks sets the stage for detection and defense strategies

Survey on covert channels in virtual machines and cloud computing

Covert channels have been known for a long time because of their versatile forms of appearance. For nearly every technical improvement or change in technology, such channels have been (re-)created or known methods have been adapted. For example, the introduction of hyperthreading technology has introduced new possibilities for covert communication between malicious processes because they can now share the arithmetic logical unit as well as the L1 and L2 caches, which enable establishing multiple covert channels. Even virtualization, which is known for its isolation of multiple machines, is prone to covert- and side-channel attacks because of the sharing of resources. Therefore, it is not surprising that cloud computing is not immune to this kind of attacks. Moreover, cloud computing with multiple, possibly competing users or customers using the same shared resources may elevate the risk of illegitimate communication. In such a setting, the “air gap” between physical servers and networks disappears, and only the means of isolation and virtual separation serve as a barrier between adversary and victim. In the work at hand, we will provide a survey on vulnerable spots that an adversary could exploit trying to exfiltrate private data from target virtual machines through covert channels in a cloud environment. We will evaluate the feasibility of example attacks and point out proposed mitigation solutions in case they exist

Data Hiding and Its Applications

Data hiding techniques have been widely used to provide copyright protection, data integrity, covert communication, non-repudiation, and authentication, among other applications. In the context of the increased dissemination and distribution of multimedia content over the internet, data hiding methods, such as digital watermarking and steganography, are becoming increasingly relevant in providing multimedia security. The goal of this book is to focus on the improvement of data hiding algorithms and their different applications (both traditional and emerging), bringing together researchers and practitioners from different research fields, including data hiding, signal processing, cryptography, and information theory, among others