Cloudradar: A real-time side-channel attack detection system in clouds

Tianwei Zhang, Yinqian Zhang, Ruby B. Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

136 Scopus citations


We present CloudRadar, a system to detect, and hence mitigate, cache-based side-channel attacks in multi-tenant cloud systems. CloudRadar operates by correlating two events: first, it exploits signature-based detection to identify when the protected virtual machine (VM) executes a cryptographic application; at the same time, it uses anomaly-based detection techniques to monitor the co-located VMs to identify abnormal cache behaviors that are typical during cache-based side-channel attacks. We show that correlation in the occurrence of these two events offer strong evidence of side-channel attacks. Compared to other work on side-channel defenses, CloudRadar has the following advantages: first, CloudRadar focuses on the root causes of cachebased side-channel attacks and hence is hard to evade using metamorphic attack code, while maintaining a low false positive rate. Second, CloudRadar is designed as a lightweight patch to existing cloud systems, which does not require new hardware support, or any hypervisor, operating system, application modifications. Third, CloudRadar provides real-time protection and can detect side-channel attacks within the order of milliseconds. We demonstrate a prototype implementation of CloudRadar in the OpenStack cloud framework. Our evaluation suggests CloudRadar achieves negligible performance overhead with high detection accuracy.

Original languageEnglish (US)
Title of host publicationResearch in Attacks, Intrusions, and Defenses - 19th International Symposium, RAID 2016, Proceedings
EditorsMarc Dacier, Fabian Monrose, Gregory Blanc, Joaquin Garcia-Alfaro
PublisherSpringer Verlag
Number of pages23
ISBN (Print)9783319457185
StatePublished - 2016
Event19th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2016 - Paris, France
Duration: Sep 19 2016Sep 21 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9854 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other19th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2016

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science


  • Attack detection
  • Cloud computing
  • Mitigation
  • Performance counters
  • Side-channel attacks


Dive into the research topics of 'Cloudradar: A real-time side-channel attack detection system in clouds'. Together they form a unique fingerprint.

Cite this