{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,4]],"date-time":"2026-03-04T08:39:24Z","timestamp":1772613564395,"version":"3.50.1"},"reference-count":54,"publisher":"Springer Science and Business Media LLC","issue":"3-4","license":[{"start":{"date-parts":[[2019,2,14]],"date-time":"2019-02-14T00:00:00Z","timestamp":1550102400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Ann. Telecommun."],"published-print":{"date-parts":[[2019,4]]},"DOI":"10.1007\/s12243-019-00703-z","type":"journal-article","created":{"date-parts":[[2019,2,14]],"date-time":"2019-02-14T03:44:49Z","timestamp":1550115889000},"page":"197-209","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":27,"title":["Isolation in cloud computing infrastructures: new security challenges"],"prefix":"10.1007","volume":"74","author":[{"given":"Mohammad-Mahdi","family":"Bazm","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Marc","family":"Lacoste","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mario","family":"S\u00fcdholt","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jean-Marc","family":"Menaud","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,2,14]]},"reference":[{"issue":"239","key":"703_CR1","first-page":"2","volume":"2014","author":"D Merkel","year":"2014","unstructured":"Merkel D (2014) Docker: lightweight Linux containers for consistent development and deployment. Linux Journal 2014(239):2","journal-title":"Linux Journal"},{"issue":"4","key":"703_CR2","doi-asserted-by":"publisher","first-page":"461","DOI":"10.1145\/2499368.2451167","volume":"48","author":"A Madhavapeddy","year":"2013","unstructured":"Madhavapeddy A, Mortier R, Rotsos C, Scott D, Singh B, Gazagnaire T, Smith S, Hand S, Crowcroft J (2013) Unikernels: library operating systems for the cloud. ACM SIGPLAN Not 48(4):461\u2013472","journal-title":"ACM SIGPLAN Not"},{"key":"703_CR3","doi-asserted-by":"crossref","unstructured":"Bazm MM, Lacoste M, S\u00fcdholt M, Menaud JM (2017) Side-channels beyond the cloud edge: new isolation threats and solutions. In Cyber Security in Networking Conference (CSNet), 2017 1st (pp. 1\u20138). IEEE","DOI":"10.1109\/CSNET.2017.8241986"},{"key":"703_CR4","unstructured":"Costan V, Devadas S (2016) Intel SGX explained. IACR Cryptology ePrint Archive 2016(086):1\u2013118"},{"key":"703_CR5","doi-asserted-by":"crossref","unstructured":"Schwarz M, Weiser S, Gruss D, Maurice C, Mangard S (2017) Malware guard extension: Using SGX to conceal cache attacks. In international conference on detection of intrusions and malware, and vulnerability assessment. Springer, Cham, pp 3\u201324","DOI":"10.1007\/978-3-319-60876-1_1"},{"key":"703_CR6","doi-asserted-by":"crossref","unstructured":"Kocher Paul et al (J2018), \u201cSpectre attacks: exploiting speculative execution\u201d, ArXiv e-prints","DOI":"10.1109\/SP.2019.00002"},{"key":"703_CR7","volume-title":"\u201cPrime+ abort: a timer-free high-precision l3 cache attack using intel TSX.\u201d 26th USENIX Security Symposium","author":"C Disselkoen","year":"2017","unstructured":"Disselkoen C et al (2017) \u201cPrime+ abort: a timer-free high-precision l3 cache attack using intel TSX.\u201d 26th USENIX Security Symposium. USENIX Security 17, Vancouver"},{"issue":"3","key":"703_CR8","doi-asserted-by":"publisher","first-page":"106","DOI":"10.1145\/2366231.2337172","volume":"40","author":"J Demme","year":"2012","unstructured":"Demme J, Martin R, Waksman A, Sethumadhavan S (2012) SideChannel vulnerability factor: a metric for measuring information leakage. ACM SIGARCH Computer Architecture News 40(3):106\u2013117","journal-title":"ACM SIGARCH Computer Architecture News"},{"key":"703_CR9","unstructured":"Arcangeli A, Eidus I, Wright C (2009) Increasing memory density by using KSM. In Proceedings of the linux symposium (pp. 19\u201328)"},{"key":"703_CR10","doi-asserted-by":"crossref","unstructured":"Suzaki K, Iijima K, Yagi T, Artho C (2011) Memory deduplication as a threat to the guest OS. In Proceedings of the Fourth European Workshop on System Security (p. 1). ACM","DOI":"10.1145\/1972551.1972552"},{"key":"703_CR11","unstructured":"Apecechea GI, Eisenbarth T, Sunar B (2014) Jackpot stealing information from large caches via huge pages, Cryptology ePrint Archive 2014\/970"},{"key":"703_CR12","doi-asserted-by":"crossref","unstructured":"Wei\u00df M, Heinz B, Stumpf F (2012) A cache timing attack on AES in virtualization environments. In: in International Conference on Financial Cryptography and Data Security. Springer, pp 314\u2013328","DOI":"10.1007\/978-3-642-32946-3_23"},{"key":"703_CR13","doi-asserted-by":"crossref","unstructured":"Ac\u0131i\u00e7mez O, Schindler W, Ko\u00e7 \u00c7K (2007) Cache based remote timing attack on the AES. In Cryptographers\u2019 Track at the RSA Conference (pp. 271-286). Springer, Berlin","DOI":"10.1007\/11967668_18"},{"key":"703_CR14","doi-asserted-by":"crossref","unstructured":"Tsunoo Y, Saito T, Suzaki T, Shigeri M, Miyauchi H (2003) Cryptanalysis of DES implemented on computers with cache. In: International Workshop on Cryptographic Hardware and Embedded Systems. Springer, pp 62\u201376","DOI":"10.1007\/978-3-540-45238-6_6"},{"key":"703_CR15","doi-asserted-by":"crossref","unstructured":"Gruss D, Maurice C, Wagner K, & Mangard S (2016) Flush+ Flush: a fast and stealthy cache attack. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 279-299). Springer, Cham","DOI":"10.1007\/978-3-319-40667-1_14"},{"key":"703_CR16","unstructured":"Yarom Y, Falkner K (2014) FLUSH+ RELOAD: a high resolution, low noise, L3 cache sidechannel Attack. In USENIX Security Symposium (Vol. 1, pp. 22\u201325)"},{"key":"703_CR17","doi-asserted-by":"crossref","unstructured":"Acii\u00e7mez O, Ko\u00e7 \u00c7K (2006) Trace-driven cache attacks on AES (short paper). In : International Conference on Information and Communications Security. Springer, Berlin, p 112\u2013121","DOI":"10.1007\/11935308_9"},{"key":"703_CR18","unstructured":"Gallais J-F, Kizhvatov I, Tunstall M (2010) Improved trace-driven cachecollision attacks against embedded AES implementations. In : International Workshop on Information Security Applications. Springer, Berlin, p 243\u2013257"},{"key":"703_CR19","doi-asserted-by":"crossref","unstructured":"Ristenpart T, Tromer E, Shacham H et al (2009) Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In : Proceedings of the 16th ACM conference on Computer and communications security. ACM, p 199\u2013212","DOI":"10.1145\/1653662.1653687"},{"key":"703_CR20","doi-asserted-by":"crossref","unstructured":"Spreitzer R, Plos T (2013) Cache-access pattern attack on disaligned aes t-tables. In: International Workshop on Constructive Side-Channel Analysis and Secure Design. Springer, Berlin, p 200\u2013214","DOI":"10.1007\/978-3-642-40026-1_13"},{"key":"703_CR21","unstructured":"Lipp M, Schwarz M, Gruss D et al (2018) Meltdown: reading kernel memory from user space. In : 27th {USENIX} Security Symposium ({USENIX} Security 18). p 973\u2013990"},{"key":"703_CR22","doi-asserted-by":"crossref","unstructured":"Zhang W, Jia X, Wang C, Zhang S, Huang Q, Wang M, Liu P (2016) A comprehensive study of co-residence threat in multi-tenant public paas clouds. In International Conference on Information and Communications Security (pp. 361\u2013375). Springer, Cham","DOI":"10.1007\/978-3-319-50011-9_28"},{"key":"703_CR23","doi-asserted-by":"crossref","unstructured":"Delimitrou C, Kozyrakis C (2017) Bolt: I know what you did last summer... in the cloud. In: ACM SIGARCH Computer Architecture News. ACM, p 599\u2013613","DOI":"10.1145\/3037697.3037703"},{"key":"703_CR24","unstructured":"Varadarajan V, Zhang Y, Ristenpart T, Swift MM (2015) A placement vulnerability study in multi-tenant public clouds. In USENIX Security Symposium (pp. 913\u2013928)"},{"key":"703_CR25","doi-asserted-by":"crossref","unstructured":"Payer M (2016) HexPADS: a platform to detect \u201cstealth\u201d attacks. In : International Symposium on Engineering Secure Software and Systems. Springer, Cham, p 138\u2013154","DOI":"10.1007\/978-3-319-30806-7_9"},{"key":"703_CR26","doi-asserted-by":"crossref","unstructured":"Zhang T, Zhang Y, Lee RB (2016) Cloudradar: a real-time side-channel attack detection system in clouds. In : International Symposium on Research in Attacks, Intrusions, and Defenses. Springer, Cham, p 118\u2013140","DOI":"10.1007\/978-3-319-45719-2_6"},{"key":"703_CR27","doi-asserted-by":"publisher","first-page":"1162","DOI":"10.1016\/j.asoc.2016.09.014","volume":"49","author":"M Chiappetta","year":"2016","unstructured":"Chiappetta M, Savas E, Yilmaz C (2016) Real time detection of cache-based side-channel attacks using hardware performance counters. Appl Soft Comput 49:1162\u20131174","journal-title":"Appl Soft Comput"},{"key":"703_CR28","doi-asserted-by":"publisher","DOI":"10.1109\/FMEC.2018.8364038","volume-title":"Cache-based side-channel attacks detection through Intel Cache Monitoring Technology and Hardware Performance Counters","author":"M-M Bazm","year":"2018","unstructured":"Bazm M-M, Sautereau T, Lacoste M, S\u00fcdholt M, Menaud J-M (2018) Cache-based side-channel attacks detection through Intel Cache Monitoring Technology and Hardware Performance Counters. 3rd IEEE International Conference on Fog and Mobile Edge Computing (FMEC), Barcelona"},{"key":"703_CR29","unstructured":"Intel\u2019s Cache Monitoring Technology: Use models and data, \n                    https:\/\/software.intel.com\/enus\/blogs\/2014\/12\/11\/intels-cache-monitoring-technology-use-models-and-data\n                    \n                  , 2014"},{"key":"703_CR30","unstructured":"Gopal V, Guilford J, Ozturk E, Feghali W, Wolrich G, Dixon M (2009) Fast and constant-time implementation of modular exponentiation. Embedded Systems and Communications Security, Niagara Falls, NY, US"},{"key":"703_CR31","doi-asserted-by":"crossref","unstructured":"Rivain M, Prouff E (2010) Provably secure higher-order masking of AES. In: International Workshop on Cryptographic Hardware and Embedded Systems. Springer, pp 413\u2013427","DOI":"10.1007\/978-3-642-15031-9_28"},{"key":"703_CR32","volume-title":"Topics in cryptology \u2013 CT-RSA 2006. CT-RSA 2006. Lecture notes in computer science","author":"DA Osvik","year":"2006","unstructured":"Osvik DA, Shamir A, Tromer E (2006) Cache attacks and countermeasures: the case of AES. In: Pointcheval D (ed) Topics in cryptology \u2013 CT-RSA 2006. CT-RSA 2006. Lecture notes in computer science, vol 3860. Springer, Berlin"},{"issue":"2","key":"703_CR33","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1016\/j.entcs.2005.10.031","volume":"153","author":"G Barthe","year":"2006","unstructured":"Barthe G, Rezk T, Warnier M (2006) Preventing timing leaks through transactional branching instructions. Electronic Notes in Theoretical Computer Science 153(2):33\u201355","journal-title":"Electronic Notes in Theoretical Computer Science"},{"issue":"4","key":"703_CR34","first-page":"23","volume":"8","author":"JV Cleemput","year":"2012","unstructured":"Cleemput JV, Coppens B, De Sutter B (2012) Compiler mitigations for time attacks on modern x86 processors. ACM Transactions on Architecture and Code Optimization (TACO) 8(4):23","journal-title":"ACM Transactions on Architecture and Code Optimization (TACO)"},{"key":"703_CR35","doi-asserted-by":"crossref","unstructured":"Coppens B, Verbauwhede I, De Bosschere K, De Sutter B (2009) Practical mitigations for timing-based side-channel attacks on modern x86 processors. In: 30th IEEE Symposium on Security and Privacy. IEEE, pp 45\u201360","DOI":"10.1109\/SP.2009.19"},{"key":"703_CR36","doi-asserted-by":"crossref","unstructured":"Zhang Y, Reiter MK (2013) D\u00fcppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud. In : Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM, p 827\u2013838","DOI":"10.1145\/2508859.2516741"},{"key":"703_CR37","unstructured":"Kim T, Peinado M, Mainar-Ruiz G (2012) STEALTHMEM: system-level protection against cache-based side channel attacks in the cloud. In : Proceedings of the 21st USENIX conference on Security symposium. USENIX Association, p 11\u201311"},{"key":"703_CR38","doi-asserted-by":"crossref","unstructured":"Gens D, Arias O, Sullivan D, Liebchen C, Jin Y, Sadeghi AR (2017) LAZARUS: practical side-channel resilient kernel-space randomization. In International Symposium on Research in Attacks, Intrusions, and Defenses (pp. 238\u2013258). Springer, Cham","DOI":"10.1007\/978-3-319-66332-6_11"},{"key":"703_CR39","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/978-3-319-62105-0_11","volume-title":"International Symposium on Engineering Secure Software and Systems","author":"D Gruss","year":"2017","unstructured":"Gruss D, Lipp M, Schwarz M, Fellner R, Maurice C, Mangard S (2017) KASLR is dead: long live KASLR. In: International Symposium on Engineering Secure Software and Systems. Springer, Cham, pp 161\u2013176"},{"key":"703_CR40","doi-asserted-by":"crossref","unstructured":"Zhang Y, Li M, Bai K, Yu M, Zang W (2012) Incentive compatible moving target defense against VM-colocation attacks in clouds. In: IFIP International Information Security Conference. Springer, pp 388\u2013399","DOI":"10.1007\/978-3-642-30436-1_32"},{"key":"703_CR41","unstructured":"Varadarajan V, Ristenpart T, Swift MM (2014) Scheduler-based defenses against cross-vM side-channels. In : USENIX Security Symposium, p 687\u2013702"},{"key":"703_CR42","doi-asserted-by":"crossref","unstructured":"Jin X, Chen H, Wang X, Wang Z, Wen X, Luo Y, Li X (2009) A simple cache partitioning approach in a virtualized environment. In Parallel and Distributed Processing with Applications, 2009 IEEE International Symposium on (pp. 519-524). IEEE","DOI":"10.1109\/ISPA.2009.47"},{"key":"703_CR43","doi-asserted-by":"crossref","unstructured":"Shi J, Song X, Chen H, Zang B (2011) Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring. In Dependable Systems and Networks Workshops (DSN-W), 2011 IEEE\/IFIP 41st International Conference on (pp. 194-199). IEEE","DOI":"10.1109\/DSNW.2011.5958812"},{"key":"703_CR44","doi-asserted-by":"crossref","unstructured":"Vattikonda BC, Das S, Shacham H (2011) Eliminating fine grained timers in Xen. In : Proceedings of the 3rd ACM workshop on Cloud computing security workshop. ACM, p 41\u201346","DOI":"10.1145\/2046660.2046671"},{"key":"703_CR45","doi-asserted-by":"crossref","unstructured":"Zhuang R, Deloach SA, Ou X (2014) Towards a theory of moving target defense. In : Proceedings of the First ACM Workshop on Moving Target Defense. ACM, p 31\u201340","DOI":"10.1145\/2663474.2663479"},{"key":"703_CR46","doi-asserted-by":"crossref","unstructured":"Kong J, Aciicmez O, Seifert JP, Zhou H (2008) Deconstructing new cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 2nd ACM workshop on Computer security architectures (pp. 25\u201334). ACM","DOI":"10.1145\/1456508.1456514"},{"key":"703_CR47","doi-asserted-by":"crossref","unstructured":"Liu F, Ge Q, Yarom Y, Mckeen F, Rozas C, Heiser G, Lee RB (2016) Catalyst: Defeating last-level cache side channel attacks in cloud computing. In High Performance Computer Architecture (HPCA), 2016 IEEE International Symposium on (pp. 406-418). IEEE","DOI":"10.1109\/HPCA.2016.7446082"},{"key":"703_CR48","unstructured":"INTEL, C. A. T (2015) Improving real-time performance by utilizing cache allocation technology. Intel Corporation"},{"key":"703_CR49","doi-asserted-by":"crossref","unstructured":"Wright M, Venkatesan S, Albanese M, Wellman MP (2016) Moving target defense against ddos attacks: An empirical game-theoretic analysis. In Proceedings of the 2016 ACM Workshop on Moving Target Defense (pp. 93\u2013104). ACM","DOI":"10.1145\/2995272.2995279"},{"key":"703_CR50","unstructured":"Moon S-J, Sekar V, Reiter MK (2015) Nomad: mitigating arbitrary cloud side channels via provider-assisted migration. In : Proceedings of the 22nd acm sigsac conference on computer and communications security. ACM, p 1595\u20131606"},{"key":"703_CR51","doi-asserted-by":"crossref","unstructured":"Hermenier F, Lorca X, Menaud JM, Muller G, Lawall J (2009). Entropy: a consolidation manager for clusters. In Proceedings of the 2009 ACM SIGPLAN\/SIGOPS international conference on Virtual execution environments (pp. 41-50). ACM","DOI":"10.1145\/1508293.1508300"},{"issue":"12","key":"703_CR52","doi-asserted-by":"publisher","first-page":"1643","DOI":"10.1002\/cpe.2848","volume":"25","author":"F Quesnel","year":"2013","unstructured":"Quesnel F, Lebre A, S\u00fcdholt M (2013) Cooperative and reactive scheduling in large-scale virtualized platforms with DVMS. Concurrency and Computation: Practice and Experience 25(12):1643\u20131655","journal-title":"Concurrency and Computation: Practice and Experience"},{"key":"703_CR53","doi-asserted-by":"crossref","unstructured":"Mills K, Filliben J, Dabrowski C (2011) Comparing vm-placement algorithms for on-demand clouds. In : Cloud Computing Technology and Science (CloudCom), 2011 IEEE Third International Conference on. IEEE, p 91\u201398","DOI":"10.1109\/CloudCom.2011.22"},{"key":"703_CR54","unstructured":"Denneman F (2016) NUMA deep dive part 5: ESXi VMkernel NUMA constructs, \n                    http:\/\/frankdenneman.nl\/tag\/numa"}],"container-title":["Annals of Telecommunications"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s12243-019-00703-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s12243-019-00703-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s12243-019-00703-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,2,13]],"date-time":"2020-02-13T19:25:06Z","timestamp":1581621906000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s12243-019-00703-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,2,14]]},"references-count":54,"journal-issue":{"issue":"3-4","published-print":{"date-parts":[[2019,4]]}},"alternative-id":["703"],"URL":"https:\/\/doi.org\/10.1007\/s12243-019-00703-z","relation":{},"ISSN":["0003-4347","1958-9395"],"issn-type":[{"value":"0003-4347","type":"print"},{"value":"1958-9395","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,2,14]]},"assertion":[{"value":"20 March 2018","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"8 January 2019","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 February 2019","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}