Protecting Cloud-based CIs: Covert Channel Vulnerabilities at the Resource Level

Author (ESR): 
Salman Manzoor (Technische Universitaet Darmstadt)
Tsvetoslava Vateva-Gurova
Ruben Trapero
Neeraj Suri

Core-private caches represent a convenient and practical way for exfiltrating secret information and endanger ICT systems, including CIs. Attacks abusing the caches as covert channels are hard to be detected, as the caches are easily accessible without any privileges. To address this threat and enhance the security in CIs and other ICT systems, we proposed the usage of feasibility metrics to assess the probability of a covert channel exploit happening in the system or, to conduct post mortem analysis. The proposed feasibility metrics can be derived using hardware performance counters, and represent a lightweight way to reason about the possible covert channel threat. To validate our proposal, we demonstrate the applicability of the proposed metrics by conducting experiments with a L1 CCA and considering varied scenarios. Our results discern that the busy waiting and the successive scheduling of the processes can reliably be correlated with the success of a covert-channel exploit using the L1 cache. The proposed metrics help systematically ascertain efficient ways to address such exploits, and to facilitate security enhancement in ICT systems, including CIs.