Yetian Xia,Xiaochao Zi,Lihong Yao,Li Pan,Jianhua Li

DOI: https://doi.org/10.1109/CIS.2012.133

2012-01-01

Abstract:Virtualization technology is the basis of cloud computing. Multiple virtual machines on a single physical host are isolated from each other. However, covert channel breaks the isolation and leaks sensitive information covertly. In this paper, we construct one type of classic covert timing channel, the on/off channel, on the Xen hyper visor using shared memory. And then we evaluate its bit rate and transmission accuracy. The results show that this type of covert channel is a threat to virtualization technology.

Yangwei Li,Qingni Shen,Cong Zhang,Pengfei Sun,Ying Chen,Sihan Qing

DOI: https://doi.org/10.1109/waina.2012.103

2012-01-01

Abstract:The improvement in performance gained by the use of multi-core processors led to security problem. In this paper, we present a new covert channel which we called the "core-alternative channel". This covert channel could exist in most operating systems and virtualization platforms with multi-core processors. We have developed CCCA (Covert Channels using Core-alternation), a prototype that creates a core-alternative channel and communicates data secretly. We discuss how to mitigate and eliminate this channel. We quantitatively evaluate the threat of core-alternative channel both between processes on Linux and between virtual machines on the Xen hyper visor. We also measured the bandwidth and communication accuracy of this covert channel.

JingZheng Wu,Liping Ding,Yongji Wang,Wei Han

DOI: https://doi.org/10.1109/CLOUD.2011.10

2011-01-01

Abstract:Virtualization technology is the basis of cloud computing, and the most important property of virtualization is isolation. Isolation guarantees security between virtual machines. However, covert channel breaks the isolation and leaks sensitive message covertly. In this paper, we formally model the isolation into noninterference, and define that all the transmission channels violating noninterference are covert channels. With this definition, we present an identification method based on information flow. This method first compiles the source code into a more structured equivalent code with LLVM. And then a search algorithm is proposed to obtain the shared resources and the operational processes in the equivalent code. A new covert channel termed sharing memory covert timing channel (SMCTC) is identified from Xen source code. We construct channel scenario for SMCTC, and evaluate its threat with the metrics of channel capacity and transmission accuracy. The results show that SMCTC is much more threatened than CPU load based and cache based covert channels etc.

LU Lianhao,PING Lingdi,PAN Xuezeng

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.21.054

2006-01-01

Abstract:The research of covert channel analysis on Tuling SecOS2.0/4 is reported.A new covert channel identification method--modified semantic information flow method is proposed.It has less workload,can directly analyze the source code and exclude the false result,also helps the covert channel handling.It uses this method to identify the cover channels of the Tuling SecOS,computes the bandwidths accurately,and handles the covert channels according to different security policies.The result shows conform to the requirement of Level 4 security operating system in relevant national standards.

Juchuan Zhang,Xiaoyu Ji,Wenyuan Xu,Yi-Chao Chen,Yuting Tang,Gang Qu

DOI: https://doi.org/10.1109/infocom41043.2020.9155386

2020-01-01

Abstract:Air-gapped networks achieve security by using the physical isolation to keep the computers and network from the Internet. However, magnetic covert channels based on CPU utilization have been proposed to help secret data to escape the Faraday-cage and the air-gap. Despite the success of such cover channels, they suffer from the high risk of being detected by the transmitter computer and the challenge of installing malware into such a computer. In this paper, we propose MagView, a distributed magnetic cover channel, where sensitive information is embedded in other data such as video and can be transmitted over the air-gapped internal network. When any computer uses the data such as playing the video, the sensitive information will leak through the magnetic covert channel. The "separation" of information embedding and leaking, combined with the fact that the covert channel can be created on any computer, overcomes these limitations. We demonstrate that CPU utilization for video decoding can be effectively controlled by changing the video frame type and reducing the quantization parameter without video quality degradation. We prototype MagView and achieve up to 8.9 bps throughput with BER as low as 0.0057. Experiments under different environment are conducted to show the robustness of MagView. Limitations and possible countermeasures are also discussed.

Ziye Yang,Ping Chen

DOI: https://doi.org/10.1109/CLOUDCOM-ASIA.2013.62

2013-01-01

Abstract:The weakness of performance isolation in system virtualization leaks a time window for various kinds of attacks which can be leveraged by malicious users to threaten the security of the virtual machines (VMs) atop or construct hidden information channel. In this paper, we propose vLeaker, a practical covert timing channel built on fine-grained VM I/O performance interference, by which VMs co-resident in storage aspect can exchange the information with relatively high transmission speed and low data error rate. We evaluate our vLeaker system on Xen and VMware hypervisor and show that the maximal transmission rate can arrive at 125 bps on our local testbed. Moreover, the effective transmission rate ranges from 72 to 124 bps with average error rate lower than 13% under different configurations.

Zhiming Wang,Jiangxing Wu,Zehua Guo,Guozhen Cheng,Hongchao Hu

DOI: https://doi.org/10.1109/INFCOMW.2016.7562061

2016-01-01

Abstract:Network virtualization is a double-edged sword that facilitates network innovation but may cause information leakage between virtual nodes coexisting on the same substrate node via covert channels. This paper represents the first attempt to consider risk-tolerant coexistence in virtual network embedding. We propose a secure virtual network embedding scheme to mitigate the risk of covert channel attacks. Simulation results show that our scheme improves the percentage of secure virtual nodes by 40%.

Xiaowei Li,Hongxiang Sun,Qiaoyan Wen

DOI: https://doi.org/10.1109/ccis.2012.6664413

2012-01-01

Abstract:Numerous virtual machines have been designed to make full use of the adequate resources and facilitate people's lives. In turn, it results in the necessity of communication between the virtual machines. As we know, the data of communication between the virtual machines which located on the different hosts, could potentially be altered or intercepted during transport. To solve the problem, we design and operation of the transparent encryption-decryption communication mechanism (TEDCM) in the privilege virtual machine, the result suggests that the TEDCM in our paper is a good choice to solve the problem of information leakage.

Rui Yang,Xiao Fu,Xiaojiang Du,Bin Luo

DOI: https://doi.org/10.4108/eai.18-6-2016.2264107

2016-01-01

Abstract:In IaaS (such as Amazon EC2 and Microsoft Azure), several VM (virtual-machine) instances usually run in one physical machine so as to improve resource utilization. However this also caused more attack opportunities. A typical example is a cross-VM timing channel. Recent studies show that this kind of covert channel can successfully steal private information (e.g. private key) from the co-resident VM instances. It brought great challenges to the security of the cloud and has absorbed more and more attention in recent years. But to our knowledge, there is still little work on detecting and investigating such covert channel. Therefore, we propose a behavior-based method to automatically detect and investigate the timing channel. First, in order to record the behavior of this covert channel, a page-level memory monitoring method is designed. Second, an automatic identification algorithm is proposed based on some memory activity signatures. Finally, in order to confirm the result, the memory dump will be obtained and the binary code of the suspicious process will be analyzed. We have implemented a prototype on Xen, and the experimental results show that all of these kinds of attacks can be detected even under the disturbance from normal processes.

Jawad Haj-Yahya,Jeremie S. Kim,A. Giray Yaglikci,Ivan Puddu,Lois Orosa,Juan Gómez Luna,Mohammed Alser,Onur Mutlu

DOI: https://doi.org/10.48550/arXiv.2106.05050

2021-06-09

Distributed, Parallel, and Cluster Computing

Abstract:To operate efficiently across a wide range of workloads with varying power requirements, a modern processor applies different current management mechanisms, which briefly throttle instruction execution while they adjust voltage and frequency to accommodate for power-hungry instructions (PHIs) in the instruction stream. Doing so 1) reduces the power consumption of non-PHI instructions in typical workloads and 2) optimizes system voltage regulators' cost and area for the common use case while limiting current consumption when executing PHIs. However, these mechanisms may compromise a system's confidentiality guarantees. In particular, we observe that multilevel side-effects of throttling mechanisms, due to PHI-related current management mechanisms, can be detected by two different software contexts (i.e., sender and receiver) running on 1) the same hardware thread, 2) co-located Simultaneous Multi-Threading (SMT) threads, and 3) different physical cores. Based on these new observations on current management mechanisms, we develop a new set of covert channels, IChannels, and demonstrate them in real modern Intel processors (which span more than 70% of the entire client and server processor market). Our analysis shows that IChannels provides more than 24x the channel capacity of state-of-the-art power management covert channels. We propose practical and effective mitigations to each covert channel in IChannels by leveraging the insights we gain through a rigorous characterization of real systems.

Xiaoshan Sun,Liang Cheng,Yang Zhang

DOI: https://doi.org/10.1109/icc.2011.5962718

2011-01-01

Abstract:A covert channel is a communication channel that bypasses the access controls of the system, and it is a threat to the system's security. In this paper, we propose a new covert timing channel which exploits the algorithmic complexity vulnerabilities in the name lookup algorithm of the kernel. This covert channel has a high capacity and it is practically exploitable. In our experiments, the data rate reaches 2256 bps under a very low error rate. This data rate is high enough for practical use. So our covert channel is dangerous. To our knowledge, no previous works propose this covert channel nor implement it. We describe our design and implementation of the covert channel on a SELinux system, discuss the subtle issues that arose in the design, present performance data of the covert channel and analyse its capacity.

Shariful Alam,Jidong Xiao,Nasir U. Eisty

2024-04-09

Abstract:Covert channel attacks represent a significant threat to system security, leveraging shared resources to clandestinely transmit information from highly secure systems, thereby violating the system's security policies. These attacks exploit shared resources as communication channels, necessitating resource partitioning and isolation techniques as countermeasures. However, mitigating attacks exploiting modern processors' hardware features to leak information is challenging because successful attacks can conceal the channel's existence. In this paper, we unveil a novel covert channel exploiting the duty cycle modulation feature of modern x86 processors. Specifically, we illustrate how two collaborating processes, a sender and a receiver can manipulate this feature to transmit sensitive information surreptitiously. Our live system implementation demonstrates that this covert channel can achieve a data transfer rate of up to 55.24 bits per second.

Cryptography and Security

Ivan Miketic,Krithika Dhananjay,Emre Salman

DOI: https://doi.org/10.3390/s23042081

IF: 3.9

2023-02-13

Sensors

Abstract:In this paper, first, a broad overview of existing covert channel communication-based security attacks is provided. Such covert channels establish a communication link between two entities that are not authorized to share data. The secret data is encoded into different forms of signals, such as delay, temperature, or hard drive location. These signals and information are then decoded by the receiver to retrieve the secret data, thereby mitigating some of the existing security measures. The important steps of covert channel attacks are described, such as data encoding, communication protocol, data decoding, and models to estimate communication bandwidth and bit error rate. Countermeasures against covert channels and existing covert channel detection techniques are also summarized. In the second part of the paper, the implications of such attacks for emerging packaging technologies, such as 2.5D/3D integration are discussed. Several covert channel threat models for 2.5D/3D ICs are also proposed.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Jiahao Cao,Kun Sun,Qi Li,Mingwei Xu,Zijie Yang,Kyung Joon Kwak,Jason Li

DOI: https://doi.org/10.1007/978-3-030-37228-6_21

2019-01-01

Abstract: Software-Defined Networking (SDN) enables diversified network functionalities with plentiful applications deployed on a logically-centralized controller. In order to work properly, applications are naturally provided with much information on SDN. However, this paper shows that malicious applications can exploit basic SDN mechanisms to build covert channels to stealthily leak out valuable information to end hosts, which can bypass network security policies and break physical network isolation. We design two types of covert channels with basic SDN mechanisms. The first type is a high-rate covert channel that exploits SDN proxy mechanisms to transmit covert messages to colluding hosts inside SDN. The second type is a low-rate covert channel that exploits SDN rule expiry mechanisms to transmit covert messages from SDN applications to any host on the Internet. We develop the prototypes of both covert channels in a real SDN testbed consisting of commercial hardware switches and an open source controller. Evaluations show that the covert channels successfully leak out a TLS private key from the controller to a host inside SDN at a rate of 200 bps with 0% bit error rate, or to a remote host on the Internet at a rate of 0.5 bps with less than 3% bit error rate. In addition, we discuss possible countermeasures to mitigate the covert channel attacks.

Dmitrii Ustiugov,Plamen Petrov,M.R. Siavash Katebzadeh,Boris Grot

DOI: https://doi.org/10.48550/arXiv.2006.03854

2020-08-04

Abstract:Recent years have seen a surge in the number of data leaks despite aggressive information-containment measures deployed by cloud providers. When attackers acquire sensitive data in a secure cloud environment, covert communication channels are a key tool to exfiltrate the data to the outside world. While the bulk of prior work focused on covert channels within a single CPU, they require the spy (transmitter) and the receiver to share the CPU, which might be difficult to achieve in a cloud environment with hundreds or thousands of machines. This work presents Bankrupt, a high-rate highly clandestine channel that enables covert communication between the spy and the receiver running on different nodes in an RDMA network. In Bankrupt, the spy communicates with the receiver by issuing RDMA network packets to a private memory region allocated to it on a different machine (an intermediary). The receiver similarly allocates a separate memory region on the same intermediary, also accessed via RDMA. By steering RDMA packets to a specific set of remote memory addresses, the spy causes deep queuing at one memory bank, which is the finest addressable internal unit of main memory. This exposes a timing channel that the receiver can listen on by issuing probe packets to addresses mapped to the same bank but in its own private memory region. Bankrupt channel delivers 74Kb/s throughput in CloudLab's public cloud while remaining undetectable to the existing monitoring capabilities, such as CPU and NIC performance counters.

Cryptography and Security

Aastha Mehta,Mohamed Alzayat,Roberta de Viti,Björn B. Brandenburg,Peter Druschel,Deepak Garg

DOI: https://doi.org/10.48550/arXiv.1908.11568

2022-02-18

Abstract:Network side channels (NSCs) leak secrets through packet timing and packet sizes. They are of particular concern in public IaaS Clouds, where any tenant may be able to colocate and indirectly observe a victim's traffic shape. We present Pacer, the first system that eliminates NSC leaks in public IaaS Clouds end-to-end. It builds on the principled technique of shaping guest traffic outside the guest to make the traffic shape independent of secrets by design. However, Pacer also addresses important concerns that have not been considered in prior work -- it prevents internal side-channel leaks from affecting reshaped traffic, and it respects network flow control, congestion control and loss recovery signals. Pacer is implemented as a paravirtualizing extension to the host hypervisor, requiring modest changes to the hypervisor and the guest kernel, and only optional, minimal changes to applications. We present Pacer's key abstraction of a cloaked tunnel, describe its design and implementation, prove the security of important design aspects through a formal model, and show through an experimental evaluation that Pacer imposes moderate overheads on bandwidth, client latency, and server throughput, while thwarting attacks based on state-of-the-art CNN classifiers.

Cryptography and Security

Mingyuan Xia,Miao Yu,Qian Lin,Zhengwei Qi,Haibing Guan

DOI: https://doi.org/10.1109/ICPADS.2010.96

2010-01-01

Abstract:Conventional privilege separation can effectively reduce the TCB size by granting privilege to only the privileged compartments. However, since they this approach relies on process isolation to ensure security assurance, malware exploiting against kernel components can easily compromise. Meanwhile, the frequent inter-process communications between separated processes inevitably incur notable overhead. To ameliorate these problems, we propose to perform privilege separation without partitioning application into two processes. Instead, we leverage virtualization to enforce the isolation of sensitive portions from other untrusted code. The virtual machine monitor intercepts all the code context switches transparently without requiring the application to explicitly use IPC as privilege context transition. We have implemented a prototype of our system, named Coir, based on commodity hypervisor Xen. Evaluation of our prototype includes a real-world remote control application, which is partitioned and protected in Coir-enabled hypervisor on unmodified Windows XP. We discuss the isolation strength as well as the performance penalty of our system based on the practical case.

Sebastian Zander,Grenville Armitage,Philip Branch

DOI: https://doi.org/10.1109/comst.2007.4317620

2007-01-01

Abstract:Covert channels are used for the secret transfer of information. Encryption only protects communication from being decoded by unauthorised parties, whereas covert channels aim to hide the very existence of the communication. Initially, covert channels were identified as a security threat on monolithic systems i.e. mainframes. More recently focus has shifted towards covert channels in computer network protocols. The huge amount of data and vast number of different protocols in the Internet seems ideal as a high-bandwidth vehicle for covert communication. This article is a survey of the existing techniques for creating covert channels in widely deployed network and application protocols. We also give an overview of common methods for their detection, elimination, and capacity limitation, required to improve security in future computer networks.

computer science, information systems,telecommunications

Jing Tian,Gang Xiong,Zhen Li,Gaopeng Gou

DOI: https://doi.org/10.1155/2020/8892896

IF: 1.968

2020-08-05

Security and Communication Networks

Abstract:In order to protect user privacy or guarantee free access to the Internet, the network covert channel has become a hot research topic. It refers to an information channel in which the messages are covertly transmitted under the network environment. In recent years, many new construction schemes of network covert channels are proposed. But at the same time, network covert channel has also received the attention of censors, leading to many attacks. The network covert channel refers to an information channel in which the messages are covertly transmitted under the network environment. Many users exploit the network covert channel to protect privacy or guarantee free access to the Internet. Previous construction schemes of the network covert channel are based on information steganography, which can be divided into CTCs and CSCs. In recent years, there are some covert channels constructed by changing the transmission network architecture. On the other side, some research work promises that the characteristics of emerging network may better fit the construction of the network covert channel. In addition, the covert channel can also be constructed by changing the transmission network architecture. The proxy and anonymity communication technology implement this construction scheme. In this paper, we divide the key technologies for constructing network covert channels into two aspects: communication content level (based on information steganography) and transmission network level (based on proxy and anonymity communication technology). We give an comprehensively summary about covert channels at each level. We also introduce work for the three new types of network covert channels (covert channels based on streaming media, covert channels based on blockchain, and covert channels based on IPv6). In addition, we present the attacks against the network covert channel, including elimination, limitation, and detection. Finally, the challenge and future research trend in this field are discussed.

computer science, information systems,telecommunications

胡文涛,薛质,陈楠

DOI: https://doi.org/10.3321/j.issn:1006-2467.2008.10.017

2008-01-01

Abstract:To avoid the limits of previous network storage covert channels which transmit covert information generally through packet head manipulation,a new idea was presented by using the plentiful,public Web counters for storage to construct a covert channel.Therefore,the encoder and the decoder do not need to establish a direct network connection,thus avoid the surveillances of many firewalls and intrusion detection system(IDS).A general noisy discrete memoryless channel(DMC) was modeled and the iteration algorithm of the DMC's capacity was realized by C program language to compute the channel capacity.Several methods such as using multiple counters to increase rate were presented.One technique using pseudo-random sequence to scramble the sending information was used to enhance the covertness and the anti-noise capability of the channel.The relationships between parameters and channel's performance were analyzed through experiment.The result shows that the covert channel is feasible.