Advances, Systems and Applications
Table 4 A comparison of Host-based and Guest-based solutions against cache-based side channel attacks
Property | Host-based (CAT, RPCache, etc.) | Guest-based (PokerFace) |
|---|---|---|
Detection | Hardware counters | Bus monitoring |
Mitigation | Cache partitioning, locked cache, VM migration | Cache obfuscation, app migration |
Can differentiate between attacks and legit accesses (free from false positives) | No | No |
Underutilization of resources | Yes | No |
Mitigation policies active even when attack is not in progress | Yes | No |
Mitigation approaches can adapt to the workload on victim instance | No | Yes |
Implementable in practice | Subject to the SLAs and economics of provider | Easily, by the subscriber |
Performance overheads | Subject to high drop in performance due to no resource sharing (up to 45%) | Modest overhead of < 8% |