Side-Channel Attacks on Open vSwitch
Daewoo Kim, Sihang Liu
TL;DR
The paper demonstrates that Open vSwitch, a common software-based virtual switch, exhibits exploitable side channels via its two-tier caching (microflow and megaflow caches). By characterizing cache latencies and eviction behaviors, the authors extract three attack primitives and implement remote attacks: covert channels, remote header recovery, and remote packet-rate monitoring. They quantify attack performance, showing high microflow-based covert-channel bandwidth and substantial recovery/monitoring capabilities, and propose defenses including instance isolation and cache-hashing/ordering randomization that mitigate the threats. The work highlights security risks in cloud virtualization stacks and provides practical mitigation guidance for OVS deployments. Overall, the findings underscore the need for careful isolation and randomized cache policies to preserve tenant isolation in virtual networks.
Abstract
Virtualization is widely adopted in cloud systems to manage resource sharing among users. A virtualized environment usually deploys a virtual switch within the host system to enable virtual machines to communicate with each other and with the physical network. The Open vSwitch (OVS) is one of the most popular software-based virtual switches. It maintains a cache hierarchy to accelerate packet forwarding from the host to virtual machines. We characterize the caching system inside OVS from a security perspective and identify three attack primitives. Based on the attack primitives, we present three remote attacks via OVS, breaking the isolation in virtualized environments. First, we identify remote covert channels using different caches. Second, we present a novel header recovery attack that leaks a remote user's packet header fields, breaking the confidentiality guarantees from the system. Third, we demonstrate a remote packet rate monitoring attack that recovers the packet rate of a remote victim. To defend against these attacks, we also discuss and evaluate mitigation solutions.
