Skip to main content

Advances, Systems and Applications

Journal of Cloud Computing Cover Image

Table 4 A comparison of Host-based and Guest-based solutions against cache-based side channel attacks

From: Keep the PokerFace on! Thwarting cache side channel attacks by memory bus monitoring and cache obfuscation

Property Host-based (CAT, RPCache, etc.) Guest-based (PokerFace)
Detection Hardware counters Bus monitoring
Mitigation Cache partitioning, locked cache, VM migration Cache obfuscation, app migration
Can differentiate between attacks and legit accesses (free from false positives) No No
Underutilization of resources Yes No
Mitigation policies active even when attack is not in progress Yes No
Mitigation approaches can adapt to the workload on victim instance No Yes
Implementable in practice Subject to the SLAs and economics of provider Easily, by the subscriber
Performance overheads Subject to high drop in performance due to no resource sharing (up to 45%) Modest overhead of < 8%