What problem does this paper attempt to address?

The problem that this paper attempts to solve is the security threats posed by software - driven covert channels in modern computing systems. Specifically, the author proposes a new software - driven covert channel based on memory usage - MeMoir, and explores its implementation, detection, and mitigation methods. ### Main problems 1. **Security threats of covert channels**: A covert channel is a hidden communication method that can secretly send data between different modules in a computer system or network. Such attacks take advantage of vulnerabilities in hardware and software to create communication media that are difficult for ordinary users to detect. 2. **Limitations of existing covert channels**: Most existing covert channels rely on physical resources (such as CPU/GPU temperature, FPGA power, etc.). Although these resources are effective, they are easy to be detected and mitigated. In contrast, covert channels based on virtual resources (such as memory usage) are more difficult to detect. ### Specific problems of MeMoir - **Covert channel based on memory usage**: MeMoir transmits information by adjusting memory usage, creating periodic memory allocation and release patterns to encode messages. This method does not have an obvious physical impact on the system, so it is difficult to detect. - **Cross - platform implementation**: This covert channel has been implemented on platforms with different architectures, including Intel x86 - 64 desktop computers and ARM64 embedded systems, demonstrating its architecture - independence and hardware - independence. - **Practical application scenarios**: The author shows how to pass information from a virtual machine to a host system through the Hyper - V virtualization environment, verifying the feasibility of this covert channel in practical applications. - **Detection and mitigation**: To deal with this new type of covert channel, the author has developed a detection technique based on machine learning and proposed mitigation measures based on noise generation to effectively prevent attacks. ### Formula presentation When describing the working principle of the covert channel, some formulas are involved, for example: - **Signal representation**: \[ t_p=t_h + t_l \] where \(t_p\) is the time required to send a pulse, \(t_h\) is the signal rise time (i.e., the time when the total system memory usage increases), and \(t_l\) is the time when the signal returns to a low value. - **Memory usage calculation**: \[ \text{mem_used}=\text{mem_total}-\text{mem_free}-\text{buffers}-\text{cache} \] - **Binary classification**: \[ S_i = \begin{cases} 1, & \text{if } A_i\geq A_0(f_t) \\ 0, & \text{if } A_i < A_0(f_t) \end{cases} \] where \(A_i\) is the amplitude of the \(i\) - th sample, and \(A_0(f_t)\) is a predefined threshold. By solving these problems, this paper not only reveals a new type of covert - channel attack method, but also provides effective solutions for detecting and mitigating such attacks.