More Web Proxy on the site http://driver.im/

tutorial

CC-Hunter: Uncovering Covert Timing Channels on Shared Processor Hardware

Authors:

Guru VenkataramaniAuthors Info & Claims

MICRO-47: Proceedings of the 47th Annual IEEE/ACM International Symposium on Microarchitecture

Pages 216 - 228

https://doi.org/10.1109/MICRO.2014.42

Published: 13 December 2014 Publication History

Abstract

As we increasingly rely on computers to process and manage our personal data, safeguarding sensitive information from malicious hackers is a fast growing concern. Among many forms of information leakage, covert timing channels operate by establishing an illegitimate communication channel between two processes and through transmitting information via timing modulation, thereby violating the underlying system's security policy. Recent studies have shown the vulnerability of popular computing environments, such as cloud computing, to these covert timing channels. In this work, we propose a new micro architecture-level framework, CC-Hunter, that detects the possible presence of covert timing channels on shared hardware. Our experiments demonstrate that Chanter is able to successfully detect different types of covert timing channels at varying bandwidths and message patterns.

References

[1]

NISI, "National Vulnerability Database," 2013.

[2]

J. Gray III, "On introducing noise into the bus-contention channel," in IEEE Computer Society Symposium on Security and Privacy, 1993.

Digital Library

[3]

W.-M. Hu, "Reducing timing channels with fuzzy time," Journal of Computer Security, vol. 1, no. 3, 1992.

Digital Library

[4]

K. Okamura and Y. Oyama, "Load-based covert channels between xen virtual machines," in ACM Symposium on Applied Computing, 2010.

Digital Library

[5]

C. Percival, "Cache missing for fun and profit," BSDCan, 2005.

[6]

T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, "Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds," in ACM conference on Computer and communications security, 2009.

Digital Library

[7]

Z. Wang and R. B. Lee, "Covert and side channels due to processor architecture," in IEEE Computer Security Applications Conference, 2006.

Digital Library

[8]

J. C. Wray, "An analysis of covert timing channels," Journal of Computer Security, vol. 1, no. 3, 1992.

Digital Library

[9]

Z. Wu, Z. Xu, and H. Wang, "Whispers in the hyper-space: high-speed covert channel attacks in the cloud," in USENIX conference on Security symposium, 2012.

Digital Library

[10]

Y. Xu, M. Bailey, F. Jahanian, K. Joshi, M. Hiltunen, and R. Schlichting, "An exploration of L2 cache covert channels in virtualized environments," in ACM workshop on Cloud computing security workshop, 2011.

Digital Library

[11]

B. Saltaformaggio, D. Xu, and X. Zhang, "Busmonitor: A hypervisor-based solution for memory bus covert channels," EUROSEC, 2013.

[12]

S. Cabuk, C. E. Brodley, and C. Shields, "Ip covert channel detection," ACM Transactions on Information and System Security, vol. 12, no. 4, 2009.

Digital Library

[13]

S. Gianvecchio and H. Wang, "Detecting covert timing channels: an entropy-based approach," in ACM conference on Computer and communications security, 2007.

Digital Library

[14]

R. A. Kemmerer, "Shared resource matrix methodology: An approach to identifying storage and timing channels," ACM Transactions on Computer Systems, vol. 1, no. 3, 1983.

Digital Library

[15]

J. Kong, O. Aciicmez, J.-P. Seifert, and H. Zhou, "Hardware software integrated approaches to defend against software cache-based side channel attacks," in IEEE Intl. Symp. on High Performance Computer Architecture, 2009.

[16]

Z. Wang and R. B. Lee, "New cache designs for thwarting software cache-based side channel attacks," in ACM International symposium on Computer architecture, 2007.

Digital Library

[17]

Department of Defense Standard, Trusted Computer System Evaluation Criteria. US Department of Defense, 1983.

[18]

H. Okhravi, S. Bak, and S. King, "Design, implementation and evaluation of covert channel attacks," in International Conference on Technologies for Homeland Security, 2010.

[19]

N. E. Proctor and P. G. Neumann, "Architectural implications of covert channels," in National Computer Security Conference, vol. 13, 1992.

[20]

Y. Kaneoke and J. Vitek, "Burst and oscillation as disparate neuronal properties," Journal of neuroscience methods, vol. 68, no. 2, 1996.

[21]

A. Patel, F. Afram, S. Chen, and K. Ghose, "MARSSx86: A Full System Simulator for x86 CPUs," in Design Automation Conference 2011, 2011.

Digital Library

[22]

Intel Corporation, "Intel 7500 chipset," Datasheet, 2010.

[23]

NIST Engineering Statistics Handbook, "Maximum Likelihood," 2013.

[24]

G. E. Box, G. M. Jenkins, and G. C. Reinsel, Time series analysis: forecasting and control. Wiley, 2011, vol. 734.

[25]

G. P. V. Venkataramani, "Low-cost and efficient architectural support for correctness and performance debugging," Ph.D. Dissertation, Georgia Institute of Technology, 2009.

[26]

HP Labs, "Cacti 5.1," quid.hpl.hp.com:9081/cacti/, 2008.

[27]

Intel Corporation, "Intel core i7-920 processor," http://ark.intel.com/Product.aspx?id=37147, 2010.

[28]

J. Demme and S. Sethumadhavan, "Rapid identification of architectural bottlenecks via precise event counting," in IEEE International Symposium on Computer Architecture, 2011.

Digital Library

[29]

B. W. Lampson, "A note on the confinement problem," Commun. ACM, vol. 16, no. 10, Oct. 1973.

Digital Library

[30]

S. Gianvecchio, H. Wang, D. Wijesekera, and S. Jajodia, "Model-based covert timing channels: Automated modeling and evasion," in Recent Advances in Intrusion Detection. Springer, 2008, pp. 211--230.

Digital Library

[31]

K. Kothari and M. Wright, "Mimic: An active covert channel that evades regularity-based detection," Comput. Netw., vol. 57, no. 3, Feb. 2013.

Digital Library

[32]

A. Shabtai, Y. Elovici, and L. Rokach, A survey of data leakage detection and prevention solutions. Springer, 2012.

Digital Library

[33]

E. Tromer, D. A. Osvik, and A. Shamir, "Efficient cache attacks on aes, and countermeasures," J. Cryptol., vol. 23, no. 2, Jan. 2010.

Digital Library

[34]

Z. Wang and R. B. Lee, "New constructive approach to covert channel modeling and channel capacity estimation," in International Conference on Information Security, 2005.

Digital Library

[35]

Z. Wang and R. Lee, "A novel cache architecture with enhanced performance and security," in IEEE/ACM International Symposium on Microarchitecture, 2008.

Digital Library

[36]

R. Martin, J. Demme, and S. Sethumadhavan, "Timewarp: rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks," in ACM International Symposium on Computer Architecture, 2012.

Digital Library

[37]

J. Demme, R. Martin, A. Waksman, and S. Sethumadhavan, "Side-channel vulnerability factor: A metric for measuring information leakage," in ACM International Symposium on Computer Architecture, 2012.

Digital Library

[38]

J. Demme, M. Maycock, J. Schmitz, A. Tang, A. Waksman, S. Sethumadhavan, and S. Stolfo, "On the feasibility of online malware detection with performance counters," in IEEE International Symposium on Computer Architecture, 2013.

Digital Library

[39]

File system and Storage Lab, "Filebench," http://sourceforge.net/apps/mediawiki/filebench, 2011.

[40]

Standard Performance Evaluation Corporation, "Spec 2006 benchmark suite," www.spec.org, 2006.

[41]

J. D. McCalpin, "Memory bandwidth and machine balance in current high performance computers," IEEE Technical Committee on Computer Architecture Newsletter, 1995.

Cited By

Peters MGaudin NThoma JLapôtre VCotret PGogniat GGüneysu TQuek TGao DZhou JCardenas A(2024)On The Effect of Replacement Policies on The Security of Randomized Cache ArchitecturesProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637677(483-497)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637677
Thoma JNiesler CFunke DLeander GMayr PPohl NDavi LGüneysu TCalandrino JTroncoso C(2023)CLEPSYDRACACHEProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620349(1991-2008)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620349
Naghibijouybari HKoruyeh EAbu-Ghazaleh N(2022)Microarchitectural Attacks in Heterogeneous Systems: A SurveyACM Computing Surveys10.1145/354410255:7(1-40)Online publication date: 15-Dec-2022
https://dl.acm.org/doi/10.1145/3544102
Show More Cited By

Index Terms

CC-Hunter: Uncovering Covert Timing Channels on Shared Processor Hardware

Recommendations

Detecting covert timing channels: an entropy-based approach
CCS '07: Proceedings of the 14th ACM conference on Computer and communications security

The detection of covert timing channels is of increasing interest in light of recent practice on the exploitation of covert timing channels over the Internet. However, due to the high variation in legitimate network traffic, detecting covert timing ...
IP covert timing channels: design and detection
CCS '04: Proceedings of the 11th ACM conference on Computer and communications security

A network covert channel is a mechanism that can be used to leak information across a network in violation of a security policy and in a manner that can be difficult to detect. In this paper, we describe our implementation of a covert network timing ...
An Entropy-Based Approach to Detecting Covert Timing Channels

The detection of covert timing channels is of increasing interest in light of recent exploits of covert timing channels over the Internet. However, due to the high variation in legitimate network traffic, detecting covert timing channels is a ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

MICRO-47: Proceedings of the 47th Annual IEEE/ACM International Symposium on Microarchitecture

December 2014

697 pages

ISBN:9781479969982

General Chair:
Krisztian Flautner
ARM
,
Program Chairs:
Thomas F. Wenisch
University of Michigan
,
Emre Ozer
ARM
,
Publications Chair:
Michael Ferdman
Stony Brook University

Sponsors

Publisher

IEEE Computer Society

United States

Publication History

Published: 13 December 2014

Check for updates

Author Tags

Qualifiers

Tutorial
Research
Refereed limited

Conference

MICRO-47

Sponsor:

SIGMICRO

MICRO-47: The 47th Annual IEEE/ACM International Symposium of Microarchitecture

December 13 - 17, 2014

Cambridge, United Kingdom

Acceptance Rates

MICRO-47 Paper Acceptance Rate 53 of 279 submissions, 19%;

Overall Acceptance Rate 484 of 2,242 submissions, 22%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

38
Total Citations
View Citations
251
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Peters MGaudin NThoma JLapôtre VCotret PGogniat GGüneysu TQuek TGao DZhou JCardenas A(2024)On The Effect of Replacement Policies on The Security of Randomized Cache ArchitecturesProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637677(483-497)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637677
Thoma JNiesler CFunke DLeander GMayr PPohl NDavi LGüneysu TCalandrino JTroncoso C(2023)CLEPSYDRACACHEProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620349(1991-2008)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620349
Naghibijouybari HKoruyeh EAbu-Ghazaleh N(2022)Microarchitectural Attacks in Heterogeneous Systems: A SurveyACM Computing Surveys10.1145/354410255:7(1-40)Online publication date: 15-Dec-2022
https://dl.acm.org/doi/10.1145/3544102
Pashrashid AHajiabadi ACarlson TMitra TYoung EXiong J(2022)Fast, Robust and Accurate Detection of Cache-Based Spectre Attack PhasesProceedings of the 41st IEEE/ACM International Conference on Computer-Aided Design10.1145/3508352.3549330(1-9)Online publication date: 30-Oct-2022
https://dl.acm.org/doi/10.1145/3508352.3549330
Saileshwar GFletcher CQureshi MSherwood TBerger EKozyrakis C(2021)Streamline: a fast, flushless cache covert-channel attack by enabling asynchronous collusionProceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3445814.3446742(1077-1090)Online publication date: 19-Apr-2021
https://dl.acm.org/doi/10.1145/3445814.3446742
Dutta SNaghibijouybari HAbu-Ghazaleh NMarquez ABarker KMartínez JDuato JJohn L(2021)Leaky buddiesProceedings of the 48th Annual International Symposium on Computer Architecture10.1109/ISCA52012.2021.00080(972-984)Online publication date: 14-Jun-2021
https://dl.acm.org/doi/10.1109/ISCA52012.2021.00080
Zhang TKoltermann KEvtyushkin DLarus JCeze LStrauss K(2020)Exploring Branch Predictors for Constructing Transient Execution TrojansProceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3373376.3378526(667-682)Online publication date: 9-Mar-2020
https://dl.acm.org/doi/10.1145/3373376.3378526
Harris AWei SSahu PKumar PAustin TTiwari M(2019)CycloneProceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3352460.3358273(57-72)Online publication date: 12-Oct-2019
https://dl.acm.org/doi/10.1145/3352460.3358273
Xu QNaghibijouybari HWang SAbu-Ghazaleh NAnnavaram MEigenmann RDing CMcKee S(2019)GPUGuardProceedings of the ACM International Conference on Supercomputing10.1145/3330345.3330389(497-509)Online publication date: 26-Jun-2019
https://dl.acm.org/doi/10.1145/3330345.3330389
Fang HDoroslovački MVenkataramani GHomayoun HTaskin BMohsenin TZhao W(2019)EraseMeProceedings of the 2019 Great Lakes Symposium on VLSI10.1145/3299874.3318027(319-322)Online publication date: 13-May-2019
https://dl.acm.org/doi/10.1145/3299874.3318027
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents