Stalling Live Migrations on the Cloud

Live migration is commonly employed by cloud providers for performance reasons (e.g., ensuring load balancing). Recently, migration has been considered as a countermeasure against cloud-based side-channel attacks. In this paper, we discover an attack using which an adversary can effectively stall a live migration; this can not only hurt performance but also hurt the usage of virtual machine (VM) migration as a defense against cloudbased side channel attacks. Specifically, we discover a KVM vulnerability which, if exploited by a co-resident attacker, can suspend or stall the live migration time by up to 3x in some scenarios. The attacker can also delay her own VM migration, indefinitely to ensure sustained co-residency. The attacks that we propose are essentially based on increasing the volume of dirty pages and creating bus contention, leading to delaying the migration process. We show that this approach does not cause significant interference to side channel attacks such as the Flush+reload attack, which the attacker can continue to carry out in parallel. In fact, the success rates of the Flush+reload can increase by about 100 % (when the defender invokes migrations), if a stalling attack is simultaneously launched.