Abstract
Data centers provides both the applications, systems software and the hardware as services over the Internet, which is named cloud computing [1–3]. It is core infrastructure of cloud computing, supporting dynamic deployment and elastic resource management. With the powerful computing and storing capabilities, cloud computing has become increasingly popular [4, 5]. The fundamental mechanism of cloud is virtualization which allows virtual machines (VM) instantiate stand-alone operating systems on demand based on a software layer called virtual machine monitor (VMM) or hypervisor [6]. Although the virtualization technology provides strong isolation for the cloud, security and privacy are always the open problems [7]. Some of the problems are essentially traditional web application and data-hosting ones, e.g., phishing, downtime, data loss, and password weakness. One of the new problems introduced by the shared environment to cloud computing is the covert channel attack [8]. By this way, information is leaked from the data centers and meanwhile the security provided by isolation is breaken down [9, 10].
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz, A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “A view of cloud computing,” Commun. ACM, vol. 53, no. 4, pp. 50–58, 2010.
A. Greenberg, J. Hamilton, D. A. Maltz, and P. Patel, “The cost of a cloud: research problems in data center networks,” SIGCOMM Comput. Commun. Rev., vol. 39, no. 1, pp. 68–73, Dec. 2008.
G. L. Valentini, W. Lassonde, S. U. Khan, N. Min-Allah, S. A. Madani, J. Li, L. Zhang, L. Wang, N. Ghani, J. Kolodziej, H. Li, A. Y. Zomaya, C.-Z. Xu, P. Balaji, A. Vishnu, F. Pinel, J. E. Pecero, D. Kliazovich, and P. Bouvry, “An overview of energy efficiency techniques in cluster computing systems,” Cluster Computing, vol. 16, no. 1, pp. 3–15, 2013.
L. M. Vaquero, L. Rodero-Merino, J. Caceres, and M. Lindner, “A break in the clouds: towards a cloud definition,” SIGCOMM Comput. Commun. Rev., vol. 39, pp. 50–55, December 2008.
R. Buyya, C. S. Yeo, S. Venugopal, J. Broberg, and I. Brandic, “Cloud computing and emerging it platforms: Vision, hype, and reality for delivering computing as the 5th utility,” Future Gener. Comput. Syst., vol. 25, pp. 599–616, June 2009.
P. Barham, B. Dragovic, K. Fraser, S. Hand, T. L. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield, “Xen and the art of virtualization,” in SOSP, 2003, pp. 164–177.
H. Takabi, J. B. D. Joshi, and G.-J. Ahn, “Security and privacy challenges in cloud computing environments,” IEEE Security & Privacy, vol. 8, no. 6, pp. 24–31, 2010.
Y. Chen, V. Paxson, and R. H. Katz, “What’ s new about cloud computing security?” EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2010-5, Jan 2010.
T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, “Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds,” in ACM Conference on Computer and Communications Security, 2009, pp. 199–212.
J. Wu, L. Ding, and Y. Wang, “Research on key problems of covert channel in cloud computing,” Journal of Communications, vol. 32, no. 9A, pp. 184–203, 2011.
Z. Wang and X. Jiang, “Hypersafe: A lightweight approach to provide lifetime hypervisor control-flow integrity,” in IEEE Symposium on Security and Privacy, 2010, pp. 380–395.
B. D. Payne, R. Sailer, R. Cáceres, R. Perez, and W. Lee, “A layered approach to simplified access control in virtualized systems,” Operating Systems Review, vol. 41, no. 4, pp. 12–19, 2007.
R. Sailer, T. Jaeger, E. Valdez, R. Cáceres, R. Perez, S. Berger, J. L. Griffin, and L. van Doorn, “Building a mac-based security architecture for the XenXen open-source hypervisor,” in ACSAC, 2005, pp. 276–285.
B. D. Payne, M. Carbone, M. I. Sharif, and W. Lee, “Lares: An architecture for secure active monitoring using virtualization,” in IEEE Symposium on Security and Privacy, 2008, pp. 233–247.
A. M. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. C. Skalsky, “Hypersentry: enabling stealthy in-context measurement of hypervisor integrity,” in ACM Conference on Computer and Communications Security, 2010, pp. 38–49.
S. T. Jones, A. C. Arpaci-Dusseau, and R. H. Arpaci-Dusseau, “Antfarm: Tracking processes in a virtual machine environment,” in USENIX Annual Technical Conference, General Track, 2006, pp. 1–14.
A. M. Azab, P. Ning, E. C. Sezer, and X. Zhang, “Hima: A hypervisor-based integrity measurement agent,” in ACSAC, 2009, pp. 461–470.
J. Wu, Y. Wu, Z. Wu, M. Yang, and Y. Wang, “Vulcloud: Scalable and hybrid vulnerability detection in cloud computing,” in Software Security and Reliability-Companion (SERE-C), 2013 IEEE 7th International Conference on, 2013, pp. 225–226.
J. Wu, Y. Wu, M. Yang, Z. Wu, and Y. Wang, “Vulnerability detection of android system in fuzzing cloud,” in Proceedings of the 2013 IEEE Sixth International Conference on Cloud Computing, ser. CLOUD '13. Washington, DC, USA: IEEE Computer Society, 2013, pp. 954–955.
A. Aviram, S. Hu, B. Ford, and R. Gummadi, “Determinating timing channels in compute clouds,” in CCSW ’10: Proceedings of the 2010 ACM workshop on Cloud computing security workshop. New York, NY, USA: ACM, 2010, pp. 103–108.
NCSC, “Trusted computer system evaluation criteria (orange book),” 1985.
B. W. Lampson, “A note on the confinement problem,” Commun. ACM, vol. 16, no. 10, pp. 613–615, 1973.
J. Wu, L. Ding, Y. Wang, and W. Han, “A practical covert channel identification approach in source code based on directed information flow graph,” in IEEE SSIRI, Jeju Island, Korea, 2011, pp. 98–107.
C.-R. Tsai, V. D. Gligor, and C. S. Chandersekaran, “A formal method for the identification of covert storage channels in source code,” in IEEE Symposium on Security and Privacy, 1987, pp. 74–87.
T. F. Keefe, W.-T. Tsai, and J. Srivastava, “Database concurrency control in multilevel secure database management systems,” IEEE Trans. Knowl. Data Eng., vol. 5, no. 6, pp. 1039–1055, 1993.
S. Zander, G. J. Armitage, and P. Branch, “A survey of covert channels and countermeasures in computer network protocols,” IEEE Communications Surveys and Tutorials, vol. 9, no. 1–4, pp. 44–57, 2007.
J. Wu, Y. Wang, L. Ding, and X. Liao, “Improving performance of network covert timing channel through huffman coding,” Mathematical and Computer Modelling, vol. 55, no. 1–2, pp. 69–79, 2012.
ISO/IEC, “Common criteria for information technology security evaluation,” 2005.
Y. Wang, J. Wu, H. Zeng, L. Ding, and X. Liao, “Covert channel research,” Journal of Software, vol. 21, no. 9, pp. 2262–2288, 2010.
J. Wu, Y. Wang, L. Ding, and Y. Zhang, “Constructing scenario of event-flag covert channel in secure operating system,” in ICIMT, Hongkong, 2010, pp. 371–375.
C.-R. Tsai and V. D. Gligor, “A bandwidth computation model for covert storage channels and its applications,” in IEEE conference on Security and privacy, Oakland, California, 1988, pp. 108–121.
S. Cabuk, C. E. Brodley, and C. Shields, “IP covert timing channels: design and detection,” in ACM Conference on Computer and Communications Security, 2004, pp. 178–187.
——, “IP covert channel detection,” ACM Trans. Inf. Syst. Secur., vol. 12, no. 4, pp. 1–29, 2009.
V. Berk, A. Giani, G. Cybenko, and N. Hanover, “Detection of covert channel encoding in network packet delays,” Rapport technique TR536, de lUniversité de Dartmouth. Novembre, 2005.
N. Nagatou and T. Watanabe, “Run-time detection of covert channels,” in ARES, 2006, pp. 577–584.
L. Hélouët and A. Roumy, “Covert channel detection using information theory,” in SecCo, 2010, pp. 34–51.
J. K. Millen, “20 years of covert channel modeling and analysis,” in IEEE Symposium on Security and Privacy, 1999, pp. 113–114.
C. G. Girling, “Covert channels in LAN’s,” IEEE Trans. Software Eng., vol. 13, no. 2, pp. 292–296, 1987.
L. Yao, X. Zi, L. Pan, and J. Li, “A study of on/off timing channel based on packet delay distribution,” Computers & Security, vol. 28, no. 8, pp. 785–794, 2009.
T. G. Handel and M. T. S. II, “Hiding data in the osi network model,” in Information Hiding, 1996, pp. 23–38.
K. Ahsan and D. Kundur, “Practical data hiding in TCP/IP,” in Proc. Workshop on Multimedia Security at ACM Multimedia. Citeseer, 2002.
C. Rowland, “Covert channels in the TCP/IP protocol suite,” First Monday, vol. 2, no. 5–5, 1997.
S. Gianvecchio and H. Wang, “Detecting covert timing channels: an entropy-based approach,” in CCS '07: Proceedings of the 14th ACM conference on Computer and communications security. New York, NY, USA: ACM, 2007, pp. 307–316.
A. O. Yinqian Zhang, Ari Juels and M. K. Reiter, “Homealone: Co-residency detection in the cloud via side-channel analysis,” in IEEE Symposium on Security and Privacy, Oakland, California, 2011, pp. 313–328.
K. Okamura and Y. Oyama, “Load-based covert channels between Xen virtual machines,” in SAC, 2010, pp. 173–180.
H. Zeng, Y. Wang, L. Ruan, W. Zu, and J. Cai, “Covert channel mitigation method. for secure real-time database using capacity metric,” Journal on Communications, vol. 29, no. 8, pp. 46–56, 2008.
Y. Wang, J. Wu, L. Ding, and H. Zeng, “Detecion approach for covert channel based concurrency conflict interval time,” Journal of Computer Research and Development, vol. 48, no. 8, pp. 1542–1553, 2011.
J. Wu, L. Ding, Y. Wang, and W. Han, “Identification and evaluation of sharing memory covert timing channel in Xen virtual machines,” in IEEE CLOUD, Washington DC, USA, 2011, pp. 283–291.
J. Wu, L. Ding, Y. Lin, N. Min-Allah, and Y. Wang, “Xenpump: A new method to mitigate timing channel in cloud computing,” in IEEE CLOUD, Hawaii, USA, 2012, pp. 678–685.
D. Chisnall, The definitive guide to the xen hypervisor. Prentice Hall Press, 2007.
J. K. Millen, “Finite-state noiseless covert channels,” in CSFW, 1989, pp. 81–86.
R. Lanotte, A. Maggiolo-Schettini, and A. Troina, “Time and probability-based information flow analysis,” Software Engineering, IEEE Transactions on, vol. 36, no. 5, pp. 719–734, 2010.
J. Wu, L. Ding, Y. Wu, N. Min-Allah, S. U. Khan, and Y. Wang, “C2detector: A covert channel detection framework in cloud computing,” Security and Communication Networks, 2013.
L. R. Rabiner, “A tutorial on hidden markov models and selected applications in speech recognition,” Proceedings of the IEEE, vol. 77, no. 2, pp. 257–286, feb 1989.
J. Hu, X. Yu, D. Qiu, and H.-H. Chen, “A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection,” IEEE Network, vol. 23, no. 1, pp. 42–47, 2009.
T. M. Mitchell, Machine learning. McGraw-Hill, 1997.
A. W. Moore and D. Zuev, “Internet traffic classification using Bayesian analysis techniques,” in SIGMETRICS, 2005, pp. 50–60.
T. Auld, A. W. Moore, and S. F. Gull, “Bayesian neural networks for internet traffic classification,” IEEE Transactions on Neural Networks, vol. 18, no. 1, pp. 223–239, 2007.
E. S. Ristad and P. N. Yianilos, “Learning string-edit distance,” IEEE Trans. Pattern Anal. Mach. Intell., vol. 20, no. 5, pp. 522–532, 1998.
M. H. Kang and I. S. Moskowitz, “A pump for rapid, reliable, secure communication,” in ACM Conference on Computer and Communications Security, 1993, pp. 119–129.
M. H. Kang, I. S. Moskowitz, and D. C. Lee, “A network pump,” IEEE Trans. Software Eng., vol. 22, no. 5, pp. 329–338, 1996.
J. Son and J. Alves-Foss, “A formal framework for real-time information flow analysis,” Comput. Secur., vol. 28, no. 6, pp. 421–432, 2009.
D. A. Osvik, A. Shamir, and E. Tromer, “Cache attacks and countermeasures: The case of aes,” in CT-RSA, 2006, pp. 1–20.
E. Tromer, D. A. Osvik, and A. Shamir, “Efficient cache attacks on aes, and countermeasures,” J. Cryptology, vol. 23, no. 1, pp. 37–71, 2010.
S. Chen, R. Wang, X. Wang, and K. Zhang, “Side-channel leaks in web applications: A reality today, a challenge tomorrow,” in IEEE Symposium on Security and Privacy, 2010, pp. 191–206.
K. Kourai and S. Chiba, “Hyperspector: virtual distributed monitoring environments for secure intrusion detection,” in VEE, 2005, pp. 197–207.
T. Garfinkel and M. Rosenblum, “A virtual machine introspection based architecture for intrusion detection,” in NDSS, 2003.
X. Jiang and X. Wang, “"out-of-the-box" monitoring of vm-based high-interaction honeypots,” in RAID, 2007, pp. 198–218.
J. Li, B. Li, T. Wo, C. Hu, J. Huai, L. Liu, and K. Lam, “Cyberguarder: A virtualization security assurance architecture for green cloud computing,” Future Generation Computer Systems, vol. 28, no. 2, pp. 379–390, 2012.
M. Kang, I. Moskowitz, and D. Lee, “A network version of the pump,” in Security and Privacy, 1995. Proceedings., 1995 IEEE Symposium on, 1995, pp. 144–154.
M. Kang, I. Moskowitz, and S. Chincheck, “The pump: a decade of covert fun,” in Computer Security Applications Conference, 21st Annual, 2005, pp. 352–360.
W.-M. Hu, “Reducing timing channels with fuzzy time,” in IEEE Symposium on Security and Privacy, 1991, pp. 8–20.
D. Zhang, A. Askarov, and A. C. Myers, “Predictive mitigation of timing channels in interactive systems,” in Proceedings of the 18th ACM conference on Computer and communications security, ser. CCS ’11. New York, NY, USA: ACM, 2011, pp. 563–574.
A. Askarov, D. Zhang, and A. C. Myers, “Predictive black-box mitigation of timing channels,” in ACM Conference on Computer and Communications Security, 2010, pp. 297–307.
Acknowledgements
This work is supported by the National Science and Technology Major Project No.2012ZX01039-004, No.2010ZX01036-001-002, the National Natural Science Foundation of China No.61303057, No.61170072 and the Major Program of the National Natural Science Foundation of China No.91124014. Samee U. Khan’s work was partly supported by the Young International Scientist Fellowship of the Chinese Academy of Sciences, (Grant No. 2011Y2GA01).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer Science+Business Media New York
About this chapter
Cite this chapter
Wu, J. et al. (2015). C2Hunter: Detection and Mitigation of Covert Channels in Data Centers. In: Khan, S., Zomaya, A. (eds) Handbook on Data Centers. Springer, New York, NY. https://doi.org/10.1007/978-1-4939-2092-1_32
Download citation
DOI: https://doi.org/10.1007/978-1-4939-2092-1_32
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4939-2091-4
Online ISBN: 978-1-4939-2092-1
eBook Packages: Computer ScienceComputer Science (R0)