{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T13:02:55Z","timestamp":1772542975233,"version":"3.50.1"},"reference-count":58,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2013,10,2]],"date-time":"2013-10-02T00:00:00Z","timestamp":1380672000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2014,4]]},"DOI":"10.1007\/s10207-013-0210-0","type":"journal-article","created":{"date-parts":[[2013,10,1]],"date-time":"2013-10-01T09:35:27Z","timestamp":1380620127000},"page":"171-189","source":"Crossref","is-referenced-by-count":58,"title":["On detecting co-resident cloud instances using network flow watermarking techniques"],"prefix":"10.1007","volume":"13","author":[{"given":"Adam","family":"Bates","sequence":"first","affiliation":[]},{"given":"Benjamin","family":"Mood","sequence":"additional","affiliation":[]},{"given":"Joe","family":"Pletcher","sequence":"additional","affiliation":[]},{"given":"Hannah","family":"Pruse","sequence":"additional","affiliation":[]},{"given":"Masoud","family":"Valafar","sequence":"additional","affiliation":[]},{"given":"Kevin","family":"Butler","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2013,10,2]]},"reference":[{"key":"210_CR1","unstructured":"Amazon EC2 Service Level Agreement. http:\/\/aws.amazon.com\/ec2-sla\/"},{"key":"210_CR2","unstructured":"Amazon. Amazon Elastic Compute Cloud (EC2). http:\/\/aws.amazon.com\/ec2\/"},{"key":"210_CR3","unstructured":"Armbrust, M., Fox, A., Griffith, R., Joseph, A., Katz, R., et al.: Above the Clouds: A Berkeley View of Cloud Computing. Technical Report UCB\/EECS-2009-28, University of California, Berkeley (2009)"},{"key":"210_CR4","doi-asserted-by":"crossref","unstructured":"Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield A.: Xen and the art of virtualization. In: Proceedings of 19th ACM Symposium on Operating Systems Principles, SOSP \u201903, New York, pp. 164\u2013177. ACM (2003)","DOI":"10.1145\/945445.945462"},{"key":"210_CR5","doi-asserted-by":"crossref","unstructured":"Barker, S., Shenoy P.: Empirical evaluation of latency-sensitive application performance in the cloud In: Proceedings of 1st SCM SIGMM Conference on Multimedia Systems, MMSys \u201910, New York, pp. 34\u201346. ACM (2010)","DOI":"10.1145\/1730836.1730842"},{"key":"210_CR6","unstructured":"Bernstein D.J.: Cache-timing attacks on AES. Compute (2005)"},{"key":"210_CR7","doi-asserted-by":"crossref","unstructured":"Blum, A., Song, D., Venkataraman, S.: Detection of interactive stepping stones: algorithms and confidence bounds. In: Proceedings of Recent Advances in Intrusion Detection (RAID) (2004)","DOI":"10.1007\/978-3-540-30143-1_14"},{"key":"210_CR8","doi-asserted-by":"crossref","unstructured":"Bowers, K.D., van Dijk, M., Juels, A., Oprea, A., Rivest R.L.: How to tell if your cloud files are vulnerable to drive crashes. In: CCS \u201911: Proceedings of 18th ACM Conference on Computer and Communications Security, Chicago, pp. 501\u2013514 (2011)","DOI":"10.1145\/2046707.2046766"},{"key":"210_CR9","unstructured":"Brodkin J.: VMware confirms source code leak, LulzSec -affiliated hacker claims credit. http:\/\/arstechnica.com\/business\/news\/2012\/04\/vmware-confirms-source-code-leak-lulzsec-affiliated-hacker-claims-credit.ars"},{"key":"210_CR10","doi-asserted-by":"crossref","unstructured":"Butt, S., Lagar-Cavilla, H.A., Srivastava, A., Ganapathy V.: Self-service cloud computing. In: Proceedings of 2012 ACM Conference on Computer and Communications Security, Raleigh (2012)","DOI":"10.1145\/2382196.2382226"},{"key":"210_CR11","doi-asserted-by":"crossref","unstructured":"Cabuk, S., Brodley, C.E., Shields C.: Ip covert timing channels: design and detection. In: Proceedings of 11th ACM Conference on Computer and Communications Security, CCS \u201904, New York, pp. 178\u2013187. ACM (2004)","DOI":"10.1145\/1030083.1030108"},{"key":"210_CR12","doi-asserted-by":"crossref","unstructured":"Cabuk, S., Brodley, C.E., Shields C.: IP Covert Channel Detection. ACM Trans. Inf. Syst. Secur. (TISSEC) 12(4): 1\u201329 (2009)","DOI":"10.1145\/1513601.1513604"},{"key":"210_CR13","unstructured":"Chinni, S., Hiremane, R.: Virtual machine device queues. White paper, Intel Corporation (2007)"},{"key":"210_CR14","doi-asserted-by":"crossref","unstructured":"Coskun, B., Memon, N.: Online sketching of network flows for real-time stepping-stone detection. In: Proceedings of 2009 Annual Computer Security Applications Conference, ACSAC \u201909, Washington, pp. 473\u2013483. IEEE Computer Society (2009)","DOI":"10.1109\/ACSAC.2009.51"},{"key":"210_CR15","unstructured":"CVE-2007-4993. pygrub (tools\/pygrub\/src\/grubconf.py) in xen 3.0.3. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2007-4993"},{"key":"210_CR16","unstructured":"CVE-2007-5497. Multiple integer overflows in libext2fs. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2007-5497"},{"key":"210_CR17","unstructured":"CVE-2010-2240. The do\\_anonymous\\_page function in mm\/ memory.c. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2010-2240"},{"key":"210_CR18","unstructured":"Dong, Y., Yu, Z., Rose, G.: SR-IOV networking in Xen: architecture, design and implementation. In: Proceedings of First Conference on I\/O Virtualization, WIOV\u201908, Berkeley, p. 10. USENIX Association (2008)"},{"key":"210_CR19","doi-asserted-by":"crossref","unstructured":"Gamage, S., Kangarlou, A., Kompella, R.R., Xu, D.: Opportunistic flooding to improve TCP transmit performance in virtualized clouds. In: Proceedings of 2nd ACM Symposium on Cloud Computing, SOCC \u201911, New York, pp. 1\u201314. ACM (2011)","DOI":"10.1145\/2038916.2038940"},{"key":"210_CR20","doi-asserted-by":"crossref","unstructured":"Gianvecchio, S., Wang, H.: Detecting covert timing channels: an entropy-based approach. In: Proceedings of 14th ACM Conference on Computer and Communications Security (CCS\u201907), Alexandria (2007)","DOI":"10.1145\/1315245.1315284"},{"key":"210_CR21","doi-asserted-by":"crossref","unstructured":"Gupta, D., Cherkasova, L., Gardner, R., Vahdat, A.: Enforcing performance isolation across virtual machines in Xen. In: Middleware (2006)","DOI":"10.1007\/11925071_18"},{"key":"210_CR22","unstructured":"Habib, I.: Virtualization with KVM. Linux J. 166: 8(2008)"},{"key":"210_CR23","unstructured":"Houmansadr, A., Borisov, N.: SWIRL: a scalable watermark to detect correlated network flows. In: Proceedings of 18th ISOC Symposium on Network and Distributed Systems Security (NDSS \u201911), San Diego (2011)"},{"key":"210_CR24","unstructured":"Houmansadr, A., Kiyavash, N., Borisov, N.: RAINBOW: a robust and invisible non-blind watermark for network flows. In: Proceedings of 16th Network and Distributed System Security Symposium (NDSS\u201909) (2009)"},{"key":"210_CR25","doi-asserted-by":"crossref","unstructured":"Keller, E., Szefer, J., Rexford, J., Lee, R.B.: Eliminating the hypervisor attack surface for a more secure cloud. In: Proceedings of ACM Conference on Computer and Communications, Security (CCS\u201911) (2011)","DOI":"10.1145\/2046707.2046754"},{"key":"210_CR26","doi-asserted-by":"crossref","unstructured":"Keramidas, G., Antonopoulos, A., Serpanos, D., Kaxiras, S.: Non deterministic caches: a simple and effective defense against side channel attacks. Design Autom. Embed. Syst. 12: 221\u2013230 (2008)","DOI":"10.1007\/s10617-008-9018-y"},{"key":"210_CR27","unstructured":"Kiyavash, N., Houmansadr, A., Borisov, N.: Multi-flow attacks against network flow watermarking schemes. In: Proceedings of 17th USENIX Security Symposium, San Jose (2008)"},{"key":"210_CR28","doi-asserted-by":"crossref","unstructured":"Kocher, P.C.: Timing attacks on implementations of Diffie\u2013Hellman, RSA, DSS, and other systems. In: CRYPTO, pp. 104\u2013113 (1996)","DOI":"10.1007\/3-540-68697-5_9"},{"key":"210_CR29","doi-asserted-by":"crossref","unstructured":"Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: CRYPTO, pp. 388\u2013397 (1999)","DOI":"10.1007\/3-540-48405-1_25"},{"key":"210_CR30","unstructured":"Kutch, P.: PCI-SIG SR-IOV Primer. Technical report, Intel Corporation (2011)"},{"key":"210_CR31","volume-title":"Simulation Modeling and Analysis","author":"AM Law","year":"2000","unstructured":"Law, A.M., Kelton, D.W.: Simulation Modeling and Analysis. McGraw-Hill, Boston (2000)"},{"key":"210_CR32","doi-asserted-by":"crossref","unstructured":"Luo, X., Chan, E., Chang, R.: Cloak: A ten-fold way for reliable covert communications. In: Proceedings of European Symposium on Research in Computer Security ESORICS (2007)","DOI":"10.1007\/978-3-540-74835-9_19"},{"key":"210_CR33","doi-asserted-by":"crossref","unstructured":"Luo, X., Zhang, J., Perdisci, R., Lee, W.: On the secrecy of spread-spectrum flow watermarks. In: Proceedings of European Symposium on Research in Computer Security ESORICS (2010)","DOI":"10.1007\/978-3-642-15497-3_15"},{"key":"210_CR34","doi-asserted-by":"crossref","unstructured":"Luo, X., Zhou, P., Zhang, J., Perdisci, R., Lee, W., Chang, R.K.C.: Exposing invisible timing-based traffic watermarks with BACKLIT. In: Proceedings of 27th Annual Computer Security Applications Conference, ACSAC \u201911, Orlando (2011)","DOI":"10.1145\/2076732.2076760"},{"key":"210_CR35","doi-asserted-by":"crossref","unstructured":"McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: efficient TCB reduction and attestation. In: Proceedings of 2010 IEEE Symposium on Security and Privacy, Oakland (2010)","DOI":"10.1109\/SP.2010.17"},{"key":"210_CR36","doi-asserted-by":"crossref","unstructured":"Murdoch, S., Danezis, G.: Low-cost traffic analysis of Tor. In: Proceedings of 2005 IEEE Symposium on Security and Privacy. Oakland (2005)","DOI":"10.1109\/SP.2005.12"},{"key":"210_CR37","doi-asserted-by":"crossref","unstructured":"Okamura, K., Oyama, Y.: Load-based covert channels between Xen virtual machines. In: Proceedings of 2010 ACM Symposium on Applied Computing, SAC \u201910, Sierre (2010)","DOI":"10.1145\/1774088.1774125"},{"key":"210_CR38","doi-asserted-by":"crossref","unstructured":"Peng, P., Ning, P., Reeves, D.S.: On the secrecy of timing-based active watermarking trace-back techniques. In: Proceedings of 2006 IEEE Symposium on Security and Privacy, Oakland (2006)","DOI":"10.1109\/SP.2006.28"},{"key":"210_CR39","unstructured":"Percival, C.: Cache missing for fun and profit. In: BSDCan (2005)"},{"issue":"2","key":"210_CR40","doi-asserted-by":"crossref","first-page":"205","DOI":"10.1080\/00401706.1977.10489529","volume":"19","author":"AN Pettitt","year":"1977","unstructured":"Pettitt, A.N., Stephens, M.A.: The Kolmogorov\u2013Smirnov goodness-of-fit statistic with discrete and grouped data. Technometrics 19(2), 205\u2013210 (1977)","journal-title":"Technometrics"},{"key":"210_CR41","doi-asserted-by":"crossref","unstructured":"Raj, H., Nathuji, R., Singh, A., England, P.: Resource management for isolation enhanced cloud services. In: Proceedings of 2009 ACM Workshop on Cloud Computing Security, CCSW \u201909, Chicago (2009)","DOI":"10.1145\/1655008.1655019"},{"key":"210_CR42","unstructured":"Ram, K.K., Santos, J.R., Turner, Y., Cox, A.L., Cox, A.L., Rixner, S.: Achieving 10 GB\/s using Xen para-virtualized network drivers. Xen Summit (2009)"},{"key":"210_CR43","doi-asserted-by":"crossref","unstructured":"Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, You, Get off of my cloud: exploring information leakage in third-party compute clouds. In: CCS\u201909: Proceedings of 16th ACM Conference on Computer and Communications Security, Chicago (2009)","DOI":"10.1145\/1653662.1653687"},{"issue":"1\u20132","key":"210_CR44","doi-asserted-by":"crossref","first-page":"460","DOI":"10.14778\/1920841.1920902","volume":"3","author":"J Schad","year":"2010","unstructured":"Schad, J., Dittrich, J., Quian\u00e9-Ruiz, J.-A.: Runtime measurements in the cloud: observing, analyzing, and reducing variance. Proc. VLDB Endow. 3(1\u20132), 460\u2013471 (2010)","journal-title":"Proc. VLDB Endow."},{"key":"210_CR45","doi-asserted-by":"crossref","unstructured":"Seshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In: SOSP\u201907: Proceedings of 21st ACM Symposium on Operating Systems Principles, Stevenson (2007)","DOI":"10.1145\/1294261.1294294"},{"key":"210_CR46","doi-asserted-by":"crossref","unstructured":"Singh, A., Korupolu, Aameek M., Mohapatra, D.: Server-storage virtualization: integration and load balancing in data centers. In: Proceedings of 2008 ACM\/IEEE Conference on Supercomputing, Austin (2008)","DOI":"10.1109\/SC.2008.5222625"},{"key":"210_CR47","volume-title":"TCP\/IP Illustrated: The Protocols","author":"WR Stevens","year":"1993","unstructured":"Stevens, W.R.: TCP\/IP Illustrated: The Protocols, vol. 1. Addison-Wesley Longman Publishing Co. Inc., Boston (1993)"},{"key":"210_CR48","doi-asserted-by":"crossref","unstructured":"Varadarajan, V., Kooburat, T., Farley, B., Ristenpart, T., Swift, M.M.: Resource-freeing attacks: improve your cloud performance (at Your Neighbor\u2019s Expense). In: Proceedings of 2012 ACM Conference on Computer and Communications Security, Raleigh (2012)","DOI":"10.1145\/2382196.2382228"},{"key":"210_CR49","unstructured":"VMSA-2008-0008. Updates to VMware workstation, VMware player, VMware ACE, VMware fusion resolve critical security issues. http:\/\/www.vmware.com\/security\/advisories\/VMSA-2008-0008.html"},{"key":"210_CR50","doi-asserted-by":"crossref","unstructured":"Wang, X., Chen, S., Jajodia, S.: Network flow watermarking attack on low-latency anonymous communication systems. In: Proceedings of 2007 IEEE Symposium on Security and Privacy, Oakland (2007)","DOI":"10.1109\/SP.2007.30"},{"key":"210_CR51","doi-asserted-by":"crossref","unstructured":"Wang, X., Reeves, D.S.: Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays. In: Proceedings of 10th ACM Conference on Computer and Communications Security, CCS \u201903, New York, pp. 20\u201329. ACM (2003)","DOI":"10.1145\/948109.948115"},{"key":"210_CR52","doi-asserted-by":"crossref","unstructured":"Whiteaker, J., Schneider, F., Teixeira, R.: Explaining packet delays under virtualization. SIGCOMM Comput. Commun. Rev. 41: 38\u201344 (2011)","DOI":"10.1145\/1925861.1925867"},{"key":"210_CR53","unstructured":"Wood, T., Shenoy, P., Venkataramani, A., Yousif, M.: Black-box and gray-box strategies for virtual machine migration In: Proceedings of 4th USENIX Conference on Networked Systems Design and Implementation, Cambridge (2007)"},{"key":"210_CR54","doi-asserted-by":"crossref","unstructured":"Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., Schlichting R.: An exploration of L2 cache covert channels in virtualized environments. In: Proceedings of 3rd ACM Workshop on Cloud Computing, Security (CCSW\u201911) (2011)","DOI":"10.1145\/2046660.2046670"},{"key":"210_CR55","unstructured":"Yao, Y.: Network speed test (IPerf) in KVM (Virtio-net, emulated, vt-d). http:\/\/vmstudy.blogspot.com\/2010\/04\/network-speed-test-iperf-in-kvm-virtio.html (2004)"},{"key":"210_CR56","doi-asserted-by":"crossref","unstructured":"Yu, W., Fu, X., Graham, S., Xuan, D., Zhao, W.: DSSS-based flow marking technique for invisible traceback. In: Proceedings of 2007 IEEE Symposium on Security and Privacy (2007)","DOI":"10.1109\/SP.2007.14"},{"key":"210_CR57","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Juels, A., Oprea, A., Reiter, M.K.: HomeAlone: Co-Residency Detection in the Cloud via Side-Channel Analysis. In: Proceedings of 2011 IEEE Symposium on Security and Privacy, Berkeley (2011)","DOI":"10.1109\/SP.2011.31"},{"key":"210_CR58","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Juels, A., Reiter, M.K., Reiter, M., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: Proceedings of 2012 ACM Conference on Computer and Communications Security, Raleigh (2012)","DOI":"10.1145\/2382196.2382230"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-013-0210-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10207-013-0210-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-013-0210-0","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,7,27]],"date-time":"2019-07-27T18:38:35Z","timestamp":1564252715000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10207-013-0210-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,10,2]]},"references-count":58,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2014,4]]}},"alternative-id":["210"],"URL":"https:\/\/doi.org\/10.1007\/s10207-013-0210-0","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,10,2]]}}}