Research Article

Leveraging KVM Events to Detect Cache-Based Side Channel Attacks in a Virtualization Environment

Figure 2

A snapshot example of trace-cmd output for KVM events. The preprocessing procedure to transform the text format into a vector input is explained in Section 5.2. (a) Process name. (b) Process/thread ID. (c) CPU ID. (d) Timestamps. (e) KVM event name. (f) KVM event information. (g) An example of one KVM_exit event and its exit reason. In this case we log the reason attribute. (h) An example of one KVM exit session that we used as one data (sequence) type. (i) An example of two sequences that belong to one sequence type.