DETECTION AND MITIGATION OF SIDE-CHANNEL ATTACKS

US 20140059688A1
Filed: 08/21/2012
Published: 02/27/2014
Est. Priority Date: 08/21/2012
Status: Active Grant

First Claim

Patent Images

1. A system for preventing side-channel attacks, the system comprising:

a computing device;

a non-transitory storage medium configured to be in communication with the computing device,wherein the storage medium contains one or more programming instructions that, when executed, cause the computing device to;

retrieve information associated with one or more virtual machines operating on the computing device, the one or more virtual machines comprising one or more properties,execute one or more duplicate virtual machines comprising one or more duplicate properties, each duplicate virtual machine configured as a substantially identical instance of a counterpart virtual machine based on the information,provide each duplicate virtual machine with substantially identical operational data as the counterpart virtual machine,monitor the one or more duplicate properties of each duplicate virtual machine and the one or more properties of the counterpart virtual machine for a discrepancy, andanalyze counterpart virtual machines exhibiting a discrepancy for one or more security events.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer readable storage media for preventing side-channel attacks are disclosed. A computing resource, such as a virtual machine, operating on a computing device or within a computing environment may be duplicated. Properties associated with the computing resource and the duplicate computing resource may be monitored for discrepancies. The discrepancies may be indicative of a security event, such as a virus or side-channel attack. Detected security events may be handled by replacing a computing resource with a duplicate computing resource.

35 Citations

View as Search Results

65 Claims

1. A system for preventing side-channel attacks, the system comprising:
- a computing device;
  
  a non-transitory storage medium configured to be in communication with the computing device,wherein the storage medium contains one or more programming instructions that, when executed, cause the computing device to;
  
  retrieve information associated with one or more virtual machines operating on the computing device, the one or more virtual machines comprising one or more properties,execute one or more duplicate virtual machines comprising one or more duplicate properties, each duplicate virtual machine configured as a substantially identical instance of a counterpart virtual machine based on the information,provide each duplicate virtual machine with substantially identical operational data as the counterpart virtual machine,monitor the one or more duplicate properties of each duplicate virtual machine and the one or more properties of the counterpart virtual machine for a discrepancy, andanalyze counterpart virtual machines exhibiting a discrepancy for one or more security events.
- View Dependent Claims (2, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the information comprises virtual machine configuration information.
  - 4. The system of claim 1, wherein the storage medium contains one or more programming instructions that, when executed, cause the computing device to execute each duplicate virtual machine in a different computing environment than the counterpart virtual machine, wherein each duplicate virtual machine and the counterpart virtual machine operate using at least one separate computing resource.
  - 5. The system of claim 4, wherein the at least one separate computing resource comprises at least one of the following:
    - a processor, a processor core, an execution time, and an Internet Protocol (IP) address.
  - 6. The system of claim 1, wherein the one or more properties and the one or more duplicate properties each comprise one or more of the following:
    - number of processor cycles, processor steps, communication information, memory accesses, input/output usage, required power, input data, output data, and computing device hardware interaction data.
  - 7. The system of claim 1, wherein the security event comprises at least one of the following:
    - a Trojan horse, a virus, a worm, malicious code, unauthorized monitoring, hacking attempts, an unexpected virtual machine operation, a denial-of-service attack, and an external decryption attempt.
  - 8. The system of claim 1, wherein the discrepancy comprises a duplicate property of a duplicate virtual machine not substantially matching a counterpart property of a counterpart virtual machine.
  - 9. The system of claim 1, wherein the storage medium contains one or more programming instructions that, when executed, cause the computing device to initiate a security event reaction responsive to the security event.
  - 10. The system of claim 9, wherein the security event reaction comprises routing suspicious traffic addressed to a virtual machine to a duplicate virtual machine.

3. (canceled)

11-35. -35. (canceled)

36. A method for preventing side-channel attacks in a distributed computing system, the method comprising:
- retrieving information associated with one or more virtual machines operating on one or more computing devices arranged in a distributed computing system, the one or more virtual machines comprising one or more properties;
  
  executing, on the one or more computing devices, one or more duplicate virtual machines comprising one or more duplicate properties, each duplicate virtual machine configured as a substantially identical instance of a counterpart virtual machine based on the information;
  
  providing each duplicate virtual machine with substantially identical operational data as the counterpart virtual machine;
  
  monitoring the one or more duplicate properties of each duplicate virtual machine and the one or more properties of the counterpart virtual machine for a discrepancy; and
  
  analyzing counterpart virtual machines exhibiting a discrepancy for one or more security events.
- View Dependent Claims (38, 40, 41, 42, 43, 44, 45, 46)
- - 38. The method of claim 36, wherein the information comprises virtual machine configuration information.
  - 40. The method of claim 36, further comprising executing each duplicate virtual machine in a different computing environment than the counterpart virtual machine, wherein each duplicate virtual machine and the counterpart virtual machine operate using at least one separate computing resource.
  - 41. The method of claim 36, wherein the at least one separate computing resource comprises at least one of the following:
    - a processor, a processor core, an execution time, and an Internet Protocol (IP) address.
  - 42. The method of claim 36, wherein the one or more properties and the one or more duplicate properties each comprise one or more of the following:
    - a number of processor cycles, processor steps, communication information, memory accesses, input/output usage, required power, input data, output data, and computing device hardware interaction data.
  - 43. The method of claim 36, wherein the security event comprises at least one of the following:
    - a Trojan horse, a virus, a worm, malicious code, unauthorized monitoring, hacking attempts, unexpected virtual machine operation, denial-of-service attack, external decryption attempt, or a combination thereof.
  - 44. The method of claim 36, wherein the discrepancy comprises a duplicate property of a duplicate virtual machine not substantially matching a counterpart property of a counterpart virtual machine.
  - 45. The method of claim 36, further comprising initiating a security event reaction responsive to the security event.
  - 46. The method of claim 45, wherein the security event reaction comprises routing suspicious traffic addressed to a virtual machine to a duplicate virtual machine.

37. (canceled)

39. (canceled)

47-53. -53. (canceled)

54. A computer readable storage medium having computer readable program code configured to prevent side-channel attacks of a distributed computing system embodied therewith, the computer readable program code comprising:
- computer readable program code configured to retrieve information associated with one or more virtual machines operating on one or more computing devices arranged in a distributed computing system, the one or more virtual machines comprising one or more properties;
  
  computer readable program code configured to execute, on the one or more computing devices, one or more duplicate virtual machines comprising one or more duplicate properties, each duplicate virtual machine configured as a substantially identical instance of a counterpart virtual machine based on the information;
  
  computer readable program code configured to provide each duplicate virtual machine with substantially identical operational data as the counterpart virtual machine;
  
  computer readable program code configured to monitor the one or more duplicate properties of each duplicate virtual machine and the one or more properties of the counterpart virtual machine for a discrepancy; and
  
  computer readable program code configured to analyze counterpart virtual machines exhibiting a discrepancy for one or more security events.
- View Dependent Claims (56, 58, 62, 63, 64)
- - 56. The computer readable storage medium of claim 54, wherein the information comprises virtual machine configuration information.
  - 58. The computer readable storage medium of claim 54, further comprising computer readable program code configured to execute each duplicate virtual machine in a different computing environment than the counterpart virtual machine, wherein each duplicate virtual machine and the counterpart virtual machine operate using at least one separate computing resource.
  - 62. The computer readable storage medium of claim 54, wherein the discrepancy comprises a duplicate property of a duplicate virtual machine not substantially matching a counterpart property of a counterpart virtual machine.
  - 63. The computer readable storage medium of claim 54, further comprising computer readable program code configured to initiate a security event reaction responsive to the security event.
  - 64. The computer readable storage medium of claim 63, wherein the security event reaction comprises routing suspicious traffic addressed to a virtual machine to a duplicate virtual machine.

55. (canceled)

57. (canceled)

59-61. -61. (canceled)

65-71. -71. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Empire Technology Development LLC (Allied Inventors Management, LLC)
Original Assignee
Empire Technology Development LLC (Allied Inventors Management, LLC)
Inventors
Margalit, Mordehai

Granted Patent

US 9,697,356 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

G06F 21/561 Virus type analysis

DETECTION AND MITIGATION OF SIDE-CHANNEL ATTACKS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

65 Claims

Specification

Solutions

Use Cases

Quick Links

DETECTION AND MITIGATION OF SIDE-CHANNEL ATTACKS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

65 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links