Paper Info
Title
Understanding contention-based channels and using them for defense
Abstract
Microarchitectural resources such as caches and predictors can be used to leak information across security domains. Significant prior work has demonstrated attacks and defenses for specific types of such microarchitectural side and covert channels. In this paper, we introduce a general mathematical study of microarchitectural channels using information theory. Our conceptual contribution is a simple mathematical abstraction that captures the common characteristics of all microarchitectural channels. We call this the Bucket model and it reveals that microarchitectural channels are fundamentally different from side and covert channels in networking. We then quantify the communication capacity of several microarchitectural covert channels (including channels that rely on performance counters, AES hardware and memory buses) and measure bandwidths across both KVM based heavy-weight virtualization and light-weight operating-system level isolation. We demonstrate channel capacities that are orders of magnitude higher compared to what was previously considered possible. Finally, we introduce a novel way of detecting intelligent adversaries that try to hide while running covert channel eavesdropping attacks. Our method generalizes a prior detection scheme (that modeled static adversaries) by introducing noise that hides the detection process from an intelligent eavesdropper.
Year
DOI
Venue
2015
10.1109/HPCA.2015.7056069
HPCA
Field
DocType
ISSN
Virtualization,Information theory,Eavesdropping,Computer science,Covert channel,Parallel computing,Communication channel,Computer network,Real-time computing
Conference
1530-0897
Citations 
PageRank 
References 
28
0.79
35
Authors
6
Name
Order
Citations
PageRank
Casen Hunger1281.47
Mikhail Kazdagli2372.96
Ankit Singh Rawat346533.94
Alexandros G. Dimakis43575206.71
Sriram Vishwanath54185445.45
Mohit Tiwari644523.94