Saved in:
Bibliographic Details
Main Authors: Kim, Daewoo, Liu, Sihang
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2601.15632
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866909997760249856
author Kim, Daewoo
Liu, Sihang
author_facet Kim, Daewoo
Liu, Sihang
contents Virtualization is widely adopted in cloud systems to manage resource sharing among users. A virtualized environment usually deploys a virtual switch within the host system to enable virtual machines to communicate with each other and with the physical network. The Open vSwitch (OVS) is one of the most popular software-based virtual switches. It maintains a cache hierarchy to accelerate packet forwarding from the host to virtual machines. We characterize the caching system inside OVS from a security perspective and identify three attack primitives. Based on the attack primitives, we present three remote attacks via OVS, breaking the isolation in virtualized environments. First, we identify remote covert channels using different caches. Second, we present a novel header recovery attack that leaks a remote user's packet header fields, breaking the confidentiality guarantees from the system. Third, we demonstrate a remote packet rate monitoring attack that recovers the packet rate of a remote victim. To defend against these attacks, we also discuss and evaluate mitigation solutions.
format Preprint
id arxiv_https___arxiv_org_abs_2601_15632
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Side-Channel Attacks on Open vSwitch
Kim, Daewoo
Liu, Sihang
Cryptography and Security
Virtualization is widely adopted in cloud systems to manage resource sharing among users. A virtualized environment usually deploys a virtual switch within the host system to enable virtual machines to communicate with each other and with the physical network. The Open vSwitch (OVS) is one of the most popular software-based virtual switches. It maintains a cache hierarchy to accelerate packet forwarding from the host to virtual machines. We characterize the caching system inside OVS from a security perspective and identify three attack primitives. Based on the attack primitives, we present three remote attacks via OVS, breaking the isolation in virtualized environments. First, we identify remote covert channels using different caches. Second, we present a novel header recovery attack that leaks a remote user's packet header fields, breaking the confidentiality guarantees from the system. Third, we demonstrate a remote packet rate monitoring attack that recovers the packet rate of a remote victim. To defend against these attacks, we also discuss and evaluate mitigation solutions.
title Side-Channel Attacks on Open vSwitch
topic Cryptography and Security
url https://arxiv.org/abs/2601.15632